下载:
kubeadm-x86 md5: 7951a9348655b4f508b84ced66fcf371
kubeadm-arm md5: b11c4ce93722b07f96c2acdeaaa07e74
cd /etc/kubernetes
cp kubeadm .
mkdir bak
# 备份
cp -a pki/ *.conf bak/
# 更新证书
./kubeadm alpha certs renew apiserver
./kubeadm alpha certs renew apiserver-kubelet-client
./kubeadm alpha certs renew front-proxy-client
# 更新 conf 文件内的证书
./kubeadm alpha certs renew admin.conf
./kubeadm alpha certs renew controller-manager.conf
./kubeadm alpha certs renew scheduler.conf
# 更新 kubeconfig
cp admin.conf ~/.kube/config
# 更新 kubelet 配置, 会报超时,但最后会更新 kubelet.conf
mv kubelet.conf kubelet.conf.old
./kubeadm init phase kubeconfig kubelet
# 重启 apiserver, controller-manager 和 scheduler
kill $(ps -ef | grep -E 'apiserver|controll|schedu' | grep -v grep | awk '{print $2}')
# 检查
openssl x509 -noout -in /etc/kubernetes/pki/apiserver.crt -enddate
openssl s_client -connect 127.0.0.1:6443 -showcerts < /dev/null 2>&1 | openssl x509 x509 -enddate -noout
kubectl get nodes
cp /etc/kubernetes/admin.conf ~/.kube/config
---
# 拷贝 pki 下的证书到其他 master 机器
cd /etc/kubernetes/
tar zcvf pki.tar.gz pki
scp pki.tar.gz ...
# 在其他master机器上,同样先备份
cd /etc/kubernetes/
mkdir bak
cp -a *.conf pki bak
# 更新配置和重启服务即可
# 更新 conf 文件内的证书
./kubeadm alpha certs renew admin.conf
./kubeadm alpha certs renew controller-manager.conf
./kubeadm alpha certs renew scheduler.conf
# 更新 kubeconfig
cp admin.conf ~/.kube/config
# 更新 kubelet 配置, 会报超时,但最后会更新 kubelet.conf
mv kubelet.conf kubelet.conf.old
./kubeadm init phase kubeconfig kubelet
# 重启 apiserver, controller-manager 和 scheduler
openssl s_client -connect 127.0.0.1:6443 -showcerts < /dev/null 2>&1 | openssl x509 -noout -text | headkill $(ps -ef | grep -E 'apiserver|controll|schedu' | grep -v grep | awk '{print $2}')
# 检查
openssl s_client -connect 127.0.0.1:6443 -showcerts < /dev/null 2>&1 | openssl x509 x509 -enddate -noout
# 更新 kubectl 配置
cp /etc/kubernetes/admin.conf ~/.kube/config