今天和往常一样,打开服务器看下各服务状态是否有异常。输入kubectl get pods命令后,居然报错了!
报错信息: x509:certificate has expired or is not yet valid
看提示挺明显的,是指证书过期了,所以这边记录下kubeadm证书过期后如何重新配置证书,只需要简单的5步就搞定!
1.看看哪些证书过期了
kubeadm alpha certs check-expiration
2.重新生成证书
kubeadm alpha certs renew all
3.检查下证书是否刷新
kubeadm alpha certs check-expiration
4.等待一段时间后查看下 kubectl get nodes 此时会报新的错误
error: You must be logged in to the server (Unauthorized)
这时需要复制新的授权文件
cp /etc/kubernetes/admin.conf ~/.kube/config
5.重启kube-apiserver,kube-controller,kube-scheduler,etcd这4个容器
docker ps | grep -v pause | grep -E "etcd|scheduler|controller|apiserver" | awk '{print $1}' | awk '{print "docker","restart",$1}' | bash
搞定!