导出当前集群的配置文件
kubectl -n kube-system get configmap kubeadm-config -o jsonpath='{.data.ClusterConfiguration}' > kubeadm.yaml
将导出的集群配置文件备份
cp kubeadm.yaml kubeadm.yaml.bak
修改集群配置文件
修改kubeadm.yaml为如下配置
apiServer:
certSANs:
- "192.168.0.184" # 添加需要签名的域名
- "www.k8s.cn"
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta3
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns: {}
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.28.0
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
将原来的apiserver证书配置文件备份
mkdir -p /etc/kubernetes/pki/backup
mv /etc/kubernetes/pki/apiserver.{crt,key} /etc/kubernetes/pki/backup/
生成新的apiserver 证书文件
[root@node1 ~]# kubeadm init phase certs apiserver --config kubeadm.yaml
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [kubernetes kubernetes.default kubernetes.default.svc kubernetes.default.svc.cluster.local node1 www.k8s.cn] and IPs [10.96.0.1 192.168.0.184]
更新~/.kube/config文件
将新生成的/etc/kubernetes/admin.conf拷贝到$HOME/.kube/config
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
代码测试
提前修改测试主机的hosts文件,将www.k8s.cn指向k8s apiserver的地址,然后执行如下go代码
package main
import (
"context"
"fmt"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/tools/clientcmd"
"os"
)
func main() {
projectDir, _ := os.Getwd()
config, err := clientcmd.BuildConfigFromFlags("https://www.k8s.cn:6443", projectDir+"/kubeconfig")
if err != nil {
panic(err)
}
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
panic(err)
}
result, err := clientset.CoreV1().Pods("default").List(context.TODO(), metav1.ListOptions{Limit: 500})
if err != nil {
panic(err)
}
for _, item := range result.Items {
fmt.Printf("namespace: %v\t name: %v\t status: %+v\n", item.Namespace, item.Name, item.Status.Phase)
}
}