1.查看k8s证书是否过期
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '2.若过期了则执行更新,手动更新所有证书命令
kubeadm alpha certs renew all3.更新用户配置,需要执行下面多个命令
kubeadm alpha kubeconfig user --client-name=admin
kubeadm alpha kubeconfig user --org system:masters --client-name kubernetes-admin > /etc/kubernetes/admin.conf
kubeadm alpha kubeconfig user --client-name system:kube-controller-manager > /etc/kubernetes/controller-manager.conf
kubeadm alpha kubeconfig user --org system:nodes --client-name system:node:$(hostname) > /etc/kubernetes/kubelet.conf
kubeadm alpha kubeconfig user --client-name system:kube-scheduler > /etc/kubernetes/scheduler.conf4. 用更新后的admin.conf替换/root/.kube/config文件
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config一般执行完这四部,证书就更新了,k8s证书一般一年一更新