1. 查看各个证书过期时间 3个master 都要
kubeadm alpha certs check-expiration
2. 备份原有证书 3个master 都要
cp -rp /etc/kubernetes /etc/kubernetes.bak
3. 备份etcd数据目录 3个master 都要
cp -r /var/lib/etcd /var/lib/etcd.bak
4. 更新证书 master 节点 3个master 都要,用安装k8s 时候的配置文件kubeadm_master01.conf kubeadm_master02.conf kubeadm_master03.conf
kubeadm alpha certs renew all --config=kubeadm_master01.conf
kubeadm alpha certs renew all --config=kubeadm_master02.conf
kubeadm alpha certs renew all --config=kubeadm_master03.conf
5. 确认各个证书过期时间
kubeadm alpha certs check-expiration
6. 在三台Master上备份 配置文件
mkdir /etc/kubernetes/backup
mv /etc/kubernetes/*.conf /etc/kubernetes/backup
7. 在三台master 上重新生成配置文件,3个master 都要,用安装k8s 时候的配置文件kubeadm_master01.conf kubeadm_master02.conf kubeadm_master03.conf
kubeadm init phase kubeconfig all --config kubeadm_master01.conf
kubeadm init phase kubeconfig all --config kubeadm_master02.conf
kubeadm init phase kubeconfig all --config kubeadm_master03.conf
8. 重新配置 用户的配置文件
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
9. 在三台Master上执行重启kube-apiserver,kube-controller,kube-scheduler,etcd这4 个容器,使证书生效
docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' |xargs docker restart
10 重启 docker kubelete (3个master)
systemctl restart docker; systemctl restart kubelet