跳转至

证书相关的命令

查看证书过期时间

# 查看证书时间
kubeadm certs check-expiration

或者使用命令

openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '

自签证书

openssl genrsa -out ca.key 2048
openssl req -new -x509 -days 365 -key ca.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=Acme Root CA" -out ca.crt
openssl req -newkey rsa:2048 -nodes -keyout server.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=*.example.com" -out server.csr
openssl x509 -req -extfile <(printf "subjectAltName=DNS:example.com,DNS:www.example.com") -days 365 -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt

重新生成证书

重新生成证书

kubeadm certs renew all

重新生成配置文件

kubeadm init phase kubeconfig all

更新 kubectl

cp /etc/kubernetes/admin.conf ~/.kube/config

重启服务

 systemctl restart kubelet