kubeadm 初始化的 k8s 集群,证书默认是 1 年的延期
1.kubeadm 初始化 k8s 集群默认的证书时间查看: 检查证书过期时间 ca 证书有效期是 10 年,apiserver 证书有效期是 1 年
[root@k8s-master1 ~]# for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo
======================$item===============;done
Not Before: Mar 29 03:19:43 2022 GMT
Not After : Mar 26 03:19:43 2032 GMT
======================/etc/kubernetes/pki/ca.crt===============
Not Before: Mar 29 03:19:43 2022 GMT
Not After : Mar 29 03:19:43 2023 GMT
======================/etc/kubernetes/pki/apiserver.crt===============
Not Before: Mar 29 03:19:43 2022 GMT
Not After : Mar 29 03:19:43 2023 GMT
======================/etc/kubernetes/pki/apiserver-kubelet-client.crt===============
Not Before: Mar 29 03:19:44 2022 GMT
Not After : Mar 26 03:19:44 2032 GMT
======================/etc/kubernetes/pki/front-proxy-ca.crt===============
Not Before: Mar 29 03:19:44 2022 GMT
Not After : Mar 29 03:19:44 2023 GMT
======================/etc/kubernetes/pki/front-proxy-client.crt===============
Not Before: Mar 29 03:19:44 2022 GMT
Not After : Mar 26 03:19:44 2032 GMT
======================/etc/kubernetes/pki/etcd/ca.crt===============
Not Before: Mar 29 03:19:44 2022 GMT
Not After : Mar 29 03:19:44 2023 GMT
======================/etc/kubernetes/pki/etcd/server.crt===============
Not Before: Mar 29 03:19:44 2022 GMT
Not After : Mar 29 03:19:45 2023 GMT
======================/etc/kubernetes/pki/etcd/peer.crt===============
Not Before: Mar 29 03:19:44 2022 GMT
Not After : Mar 29 03:19:45 2023 GMT
======================/etc/kubernetes/pki/etcd/healthcheck-client.crt===============
Not Before: Mar 29 03:19:44 2022 GMT
Not After : Mar 29 03:19:45 2023 GMT
======================/etc/kubernetes/pki/apiserver-etcd-client.crt===============
2.延长证书时间:(默认延长 10 年)
[root@k8s-master1 ~]# rz 上传延期证书脚本,或: 脚本下载地址:https://github.com/yuyicai/update-kube-cert
[root@k8s-master1 ~]# ls update-kube-cert.tar.gz
update-kube-cert.tar.gz
[root@k8s-master1 ~]# tar -zxf update-kube-cert.tar.gz
[root@k8s-master1 ~]# cd update-kube-cert/
[root@k8s-master1 update-kube-cert]# ls
LICENSE other.md other-zh_CN.md README.md README-zh_CN.md update-kubeadm-cert-crictl.sh update-kubeadm-cert.sh
[root@k8s-master1 update-kube-cert]# chmod +x update-kubeadm-cert-crictl.sh update-kubeadm-cert.sh
[root@k8s-master1 update-kube-cert]# ./update-kubeadm-cert.sh all
[root@k8s-master1 update-kube-cert]# kubectl get pod -n kube-system #查看 pod 都处于正常状态即可
NAME READY STATUS RESTARTS AGE
coredns-54d67798b7-2mfrx 1/1 Running 1 35d
coredns-54d67798b7-xqlqk 1/1 Running 1 35d
etcd-k8s-master1 0/1 Running 5 119d
etcd-k8s-master2 1/1 Running 5 119d
etcd-k8s-master3 1/1 Running 5 119d
kube-apiserver-k8s-master1 1/1 Running 3 114d
kube-apiserver-k8s-master2 1/1 Running 6 119d
kube-apiserver-k8s-master3 1/1 Running 7 119d
kube-controller-manager-k8s-master1 0/1 Running 6 118d
kube-controller-manager-k8s-master2 1/1 Running 6 118d
kube-controller-manager-k8s-master3 1/1 Running 5 118d
kube-flannel-ds-4f44l 1/1 Running 1 35d
kube-flannel-ds-5h2hx 1/1 Running 1 35d
kube-flannel-ds-6xg4l 1/1 Running 2 35d
kube-flannel-ds-br5ds 1/1 Running 2 35d
kube-flannel-ds-l576f 1/1 Running 3 35d
kube-flannel-ds-mklf7 1/1 Running 1 35d
kube-flannel-ds-nwqxd 1/1 Running 2 35d
kube-flannel-ds-ttnmp 1/1 Running 1 35d
kube-flannel-ds-xkl56 1/1 Running 3 35d
kube-proxy-kj9pw 1/1 Running 1 41d
kube-proxy-m556j 1/1 Running 5 119d
kube-proxy-nx8sz 1/1 Running 10 119d
kube-proxy-pd6zn 1/1 Running 6 119d
kube-proxy-q5sqn 1/1 Running 1 41d
kube-proxy-qgzh7 1/1 Running 5 119d
kube-proxy-rt47j 1/1 Running 9 119d
kube-proxy-s6gbv 1/1 Running 7 119d
kube-proxy-t5mkt 1/1 Running 5 119d
kube-scheduler-k8s-master1 0/1 Running 6 118d
kube-scheduler-k8s-master2 1/1 Running 8 118d
kube-scheduler-k8s-master3 1/1 Running 3 118d
log-pilot-64vdg 1/1 Running 4 80d
log-pilot-8dc28 1/1 Running 4 80d
log-pilot-bhtwg 1/1 Running 3 80d
log-pilot-chvxl 1/1 Running 1 41d
log-pilot-dvttn 1/1 Running 1 41d
log-pilot-l2pv7 1/1 Running 2 80d
log-pilot-lblfk 1/1 Running 2 80d
log-pilot-p7mtb 1/1 Running 2 80d
log-pilot-vpjvv 1/1 Running 2 80d
