本文介绍了如何获取kubeadm的版本信息,并展示了查看apiserver证书的方法。接着,详细说明了使用kubeadm进行证书更新的步骤,包括备份现有证书、执行更新命令及验证证书的有效性。通过这个过程,确保了Kubernetes集群的安全运行。
获取kubeadm 版本号
kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.15", GitCommit:"8f1e5bf0b9729a899b8df86249b56e2c74aebc55", GitTreeState:"clean", BuildDate:"2022-01-19T17:26:37Z", GoVersion:"go1.15.15", Compiler:"gc", Platform:"linux/amd64"}查看apiserver证书
cd /etc/kubernetes/pki && openssl x509 -in apiserver.crt -text -noout
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 2741309662955592628 (0x260b169d47d05bb4)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: Mar 8 12:25:05 2022 GMT
Not After : Mar 8 12:25:05 2023 GMT
2022/3/8 到 2023/3/8 一年有效
更新证书: 找到安装的kubeadm-config.yaml文件
备份证书:cp -r /etc/kubernetes/pki/ /etc/kubernetes/pki.old
执行证书更新命令
kubeadm alpha certs renew all --config=/root/kubeadm-config.yaml
Command "all" is deprecated, please use the same command under "kubeadm certs"
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed
再次查看证书
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 8420588759439972080 (0x74dbf0dcce1116f0)
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=kubernetes
Validity
Not Before: Mar 8 12:25:05 2022 GMT
Not After : Mar 10 02:26:13 2023 GMT
证书失效日期为当前日加一年
扫一扫
503
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
