问题表现
使用kubelet get node后报错,x509: certificate has expired or is not yet valid,提示证书过期。
[root@master ~]# kubectl get node
Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2023-02-17T09:56:22+08:00 is after 2023-01-12T10:42:07Z
问题排查
集群是由kubeadm创建。但是它创建的apiserver、controller-manager等证书默认只有一年的有效期,同时kubelet 证书也只有一年有效期,一年之后kubernetes将停止服务。
官方文档:
https://kubernetes.io/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-certs/
问题解决
#查看证书到期时间
kubeadm certs check-expiration
#更新自签证书
kubeadm certs renew all
#复制配置
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
#之后重启kubelet,docker(master与node都要重启)
systemctl restart docker
systemctl restart kubelet