Unable to connect to the server: x509: certificate has expired or is not yet

1.备份pki目录证书

cd /etc/kubernetes
tar -zcvf pki_bk.tar.gz pki

2.更新所有的证书

kubeadm alpha certs renew all

3.检查证书的更新时间

[root@master kubernetes]# kubeadm alpha certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Mar 25, 2023 05:17 UTC   364d                                    no      
apiserver                  Mar 25, 2023 05:17 UTC   364d            ca                      no      
apiserver-etcd-client      Mar 25, 2023 05:17 UTC   364d            etcd-ca                 no      
apiserver-kubelet-client   Mar 25, 2023 05:17 UTC   364d            ca                      no      
controller-manager.conf    Mar 25, 2023 05:17 UTC   364d                                    no      
etcd-healthcheck-client    Mar 25, 2023 05:17 UTC   364d            etcd-ca                 no      
etcd-peer                  Mar 25, 2023 05:17 UTC   364d            etcd-ca                 no      
etcd-server                Mar 25, 2023 05:17 UTC   364d            etcd-ca                 no      
front-proxy-client         Mar 25, 2023 05:17 UTC   364d            front-proxy-ca          no      
scheduler.conf             Mar 25, 2023 05:17 UTC   364d                                    no      

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Mar 20, 2031 08:20 UTC   8y              no      
etcd-ca                 Mar 20, 2031 08:20 UTC   8y              no      
front-proxy-ca          Mar 20, 2031 08:20 UTC   8y              no      

4.更新config认证

cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

5.检查命令是否正常

[root@master .kube]# kubectl get node
NAME      STATUS   ROLES    AGE    VERSION
master    Ready    master   367d   v1.18.6
master2   Ready    master   367d   v1.18.6
master3   Ready    master   58d    v1.18.6
node1     Ready    <none>   200d   v1.18.6
node5     Ready    <none>   273d   v1.18.6
node7     Ready    <none>   308d   v1.18.6
node8     Ready    <none>   272d   v1.18.6

6.其他master 更新也是如此。config文件从master1 拷贝到master2,master3。

scp  /etc/kubernetes/admin.conf root@master2:/root/.kube/ 
scp  /etc/kubernetes/admin.conf root@master3:/root/.kube/