复盘盘古石k8s的时候碰到了证书过期的问题,在此记录解决方法
报错信息:192.168.91.171:6443 was refused - did you specify the right host or port?
查看证书是否过期
kubeadm alpha certs check-expiration
或文章来源:https://www.toymoban.com/news/detail-851640.html
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '
更新证书
master节点运行
cp -rp /etc/kubernetes /etc/kubernetes.bak
rm -rf /etc/kubernetes/pki/apiserver.key
kubeadm alpha certs renew all
mv /etc/kubernetes/*.conf /tmp/
kubeadm init phase kubeconfig all
systemctl restart kubelet
cp /etc/kubernetes/admin.conf ~/.kube/config
kubeadm token list
kubeadm token create #csygpb.bffu793fol3hpmf5
penssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //' #e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
node节点运行
kubeadm join 192.168.91.171:6443 --token csygpb.bffu793fol3hpmf5 --discovery-token-ca-cert-hash sha256:e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 #用自己生成的替换
systemctl restart kubelet
至此完事!!文章来源地址https://www.toymoban.com/news/detail-851640.html
到了这里,关于记一次k8s取证检材过期的恢复的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!