过期后更新 kubernetes pki [英] Renew kubernetes pki after expired
问题描述
我的 kubernetes PKI 已过期(确切地说是 API 服务器),我找不到更新它的方法.我得到的错误是
My kubernetes PKI expired (API server to be exact) and I can't find a way to renew it. The error I get is
May 27 08:43:51 node1 kubelet[8751]: I0527 08:43:51.922595 8751 server.go:417] Version: v1.14.2
May 27 08:43:51 node1 kubelet[8751]: I0527 08:43:51.922784 8751 plugins.go:103] No cloud provider specified.
May 27 08:43:51 node1 kubelet[8751]: I0527 08:43:51.922800 8751 server.go:754] Client rotation is on, will bootstrap in background
May 27 08:43:51 node1 kubelet[8751]: E0527 08:43:51.925859 8751 bootstrap.go:264] Part of the existing bootstrap client certificate is expired: 2019-05-24 13:24:42 +0000 UTC
May 27 08:43:51 node1 kubelet[8751]: F0527 08:43:51.925894 8751 server.go:265] failed to run Kubelet: unable to load bootstrap
kubeconfig: stat /etc/kubernetes/bootstrap-kubelet.conf: no such file or directory
https://kubernetes.io/docs/上的文档tasks/administer-cluster/kubeadm/kubeadm-certs/ 描述了如何续订,但仅在 API 服务器未过期时才有效.我试图做一个
The documentation on https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/ describes how to renew but it only works if the API server is not expired. I have tried to do a
kubeadm alpha cert renew all
然后重新启动,但这只会导致整个集群失败,所以我回滚到快照(我的集群在 VMware 上运行).
and do a reboot but that just made the entire cluster fail so I did a rollback to a snapshot (my cluster is running on VMware).
集群正在运行,所有容器似乎都可以工作,但我无法通过 kubectl 访问它,因此我无法真正部署或查询.
The cluster is running and all containers seem to work but I can't access it via kubectl so I can't really deploy or query.
我的 kubernetes 版本是 1.14.2.
My kubernetes version is 1.14.2.
推荐答案
所以解决方案是(先备份)
So the solution was to (first a backup)
$ cd /etc/kubernetes/pki/
$ mv {apiserver.crt,apiserver-etcd-client.key,apiserver-kubelet-client.crt,front-proxy-ca.crt,front-proxy-client.crt,front-proxy-client.key,front-proxy-ca.key,apiserver-kubelet-client.key,apiserver.key,apiserver-etcd-client.crt} ~/
$ kubeadm init phase certs all --apiserver-advertise-address <IP>
$ cd /etc/kubernetes/
$ mv {admin.conf,controller-manager.conf,kubelet.conf,scheduler.conf} ~/
$ kubeadm init phase kubeconfig all
$ reboot
然后
$ cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
这为我完成了工作,感谢您的提示:)
that did the job for me and thanks for your hints :)
这篇关于过期后更新 kubernetes pki的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
