集群版本 v1.18.8
检查证书过期时间
for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo ======================$item===============;done
1,生成集群的配置文件及查看
kubeadm config view > /tmp/cluster.yaml
2,备份原有证书
cp -rp /etc/kubernetes /etc/kubernetes.bak
3,备份etcd数据目录
cp -r /var/lib/etcd /var/lib/etcd.bak
4,更新证书
kubeadm alpha certs renew all --config=/tmp/cluster.yaml
5,使其生效,Master上执行重启kube-apiserver,kube-controller,kube-scheduler,etcd这4个容器,使证书生效
docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' |xargs docker restart
