k8s kubeadm 1.20.15 证书更新

本文介绍了如何获取kubeadm的版本信息,并展示了查看apiserver证书的方法。接着,详细说明了使用kubeadm进行证书更新的步骤,包括备份现有证书、执行更新命令及验证证书的有效性。通过这个过程,确保了Kubernetes集群的安全运行。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

获取kubeadm 版本号

kubeadm version

kubeadm version: &version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.15", GitCommit:"8f1e5bf0b9729a899b8df86249b56e2c74aebc55", GitTreeState:"clean", BuildDate:"2022-01-19T17:26:37Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}

查看apiserver证书

cd /etc/kubernetes/pki && openssl x509 -in apiserver.crt -text -noout

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2741309662955592628 (0x260b169d47d05bb4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=kubernetes
        Validity
            Not Before: Mar  8 12:25:05 2022 GMT
            Not After : Mar  8 12:25:05 2023 GMT

2022/3/8 到 2023/3/8 一年有效

更新证书: 找到安装的kubeadm-config.yaml文件

备份证书:cp -r /etc/kubernetes/pki/ /etc/kubernetes/pki.old

执行证书更新命令

kubeadm alpha certs renew all --config=/root/kubeadm-config.yaml

Command "all" is deprecated, please use the same command under "kubeadm certs"
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed

再次查看证书

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8420588759439972080 (0x74dbf0dcce1116f0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=kubernetes
        Validity
            Not Before: Mar  8 12:25:05 2022 GMT
            Not After : Mar 10 02:26:13 2023 GMT

证书失效日期为当前日加一年

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

恒云客

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值