1、打开kube-apiserver的配置文件查看证书所在路径
kube-apiserver.conf
2、使用cfssl-certinfo查看
[root@k8s-node1 ssl]# cfssl-certinfo -cert server.pem { "subject": { "common_name": "kubernetes", "country": "CN", "organization": "k8s", "organizational_unit": "System", "locality": "BeiJing", "province": "BeiJing", "names": [ "CN", "BeiJing", "BeiJing", "k8s", "System", "kubernetes" ] }, "issuer": { "common_name": "kubernetes", "country": "CN", "organization": "k8s", "organizational_unit": "System", "locality": "Beijing", "province": "Beijing", "names": [ "CN", "Beijing", "Beijing", "k8s", "System", "kubernetes" ] }, "serial_number": "624327459644422284005575554556871372314308893395", "sans": [ "kubernetes", "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local", "10.0.0.1", "127.0.0.1", "10.0.0.1", "192.168.56.11", "192.168.56.12", "192.168.56.13" ], "not_before": "2020-03-30T08:42:00Z", "not_after": "2030-03-28T08:42:00Z",此处便是证书到期时间2030年3月28日
3、查看CA证书
[root@k8s-node1 ssl]# cfssl-certinfo -cert ca.pem { "subject": { "common_name": "kubernetes", "country": "CN", "organization": "k8s", "organizational_unit": "System", "locality": "Beijing", "province": "Beijing", "names": [ "CN", "Beijing", "Beijing", "k8s", "System", "kubernetes" ] }, "issuer": { "common_name": "kubernetes", "country": "CN", "organization": "k8s", "organizational_unit": "System", "locality": "Beijing", "province": "Beijing", "names": [ "CN", "Beijing", "Beijing", "k8s", "System", "kubernetes" ] }, "serial_number": "259013161977081759746876367274801379630605153819", "not_before": "2020-03-30T08:42:00Z", "not_after": "2025-03-29T08:42:00Z",
当集群证书已过期时,通过kubectl或api接口调用的方式与集群apiserver的通讯都将被禁止,集群中的服务进程会不可用。