k8s集群证书过期问题

问题现象：x509: certificate has expired or is not yet valid.

其它现象：数据库相关的很多容器在证书过期的时间点挂掉了。

处理方法: https://www.cnblogs.com/xuliang666/p/12221973.html

处理完证书现状：

[root@k8s-master mysql]# kubeadm alpha certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Dec 31, 2021 01:16 UTC   360d                                    no      
apiserver                  Dec 31, 2021 01:16 UTC   360d            ca                      no      
apiserver-etcd-client      Dec 31, 2021 01:16 UTC   360d            etcd-ca                 no      
apiserver-kubelet-client   Dec 31, 2021 01:16 UTC   360d            ca                      no      
controller-manager.conf    Dec 31, 2021 01:16 UTC   360d                                    no      
etcd-healthcheck-client    Dec 31, 2021 01:16 UTC   360d            etcd-ca                 no      
etcd-peer                  Dec 31, 2021 01:16 UTC   360d            etcd-ca                 no      
etcd-server                Dec 31, 2021 01:16 UTC   360d            etcd-ca                 no      
front-proxy-client         Dec 31, 2021 01:16 UTC   360d            front-proxy-ca          no      
scheduler.conf             Dec 31, 2021 01:16 UTC   360d                                    no      

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Dec 31, 2029 09:43 UTC   8y              no      
etcd-ca                 Dec 31, 2029 09:43 UTC   8y              no      
front-proxy-ca          Dec 31, 2029 09:43 UTC   8y              no      
[root@k8s-master mysql]# 

其它参考文档：

https://blog.csdn.net/weixin_39836585/article/details/102519156
https://www.cnblogs.com/xuliang666/p/12221973.html