共计 1524 个字符,预计需要花费 4 分钟才能阅读完成。
Kubernetes 证书续命
命令执行后,注意:
- 无论证书的到期时间如何,都会无条件地续订一年。
- 证书的 SAN 等信息基于原证书,无需再次提供。
- renew 执行后,为使更改生效,需要重启控制平面组件。
- kubeadm alpha certs 命令仅支持 v1.15 及其以上的版本。
命令如下:
# kubeadm alpha certs renew all
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healtcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed# kubeadm alpha certs check-expiration
CERTIFICATE EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
admin.conf Oct 24, 2020 05:25 UTC 364d no
apiserver Oct 24, 2020 05:25 UTC 364d no
apiserver-etcd-client Oct 24, 2020 05:25 UTC 364d no
apiserver-kubelet-client Oct 24, 2020 05:25 UTC 364d no
controller-manager.conf Oct 24, 2020 05:25 UTC 364d no
etcd-healthcheck-client Oct 24, 2020 05:25 UTC 364d no
etcd-peer Oct 24, 2020 05:25 UTC 364d no
etcd-server Oct 24, 2020 05:25 UTC 364d no
front-proxy-client Oct 24, 2020 05:25 UTC 364d no
scheduler.conf Oct 24, 2020 05:25 UTC 364d no
正文完
发表至: kubernetes
2020-06-17
