背景:在现有K8S环境中默认情况下编译新kubeadm 只能更新组件证书的时间,至于ca,front-proxy-ca 集群根证书是无法更新的
#更新集群ca、front-proxy-ca 根证书
1、备份master节点的ca、front-proxy-ca 根证书
cp -a /etc/kubernetes/pki/ca.crt /etc/kubernetes/pki/ca.crt.old
cp -a /etc/kubernetes/pki/ca.key /etc/kubernetes/pki/ca.key.old
cp -a /etc/kubernetes/pki/front-proxy-ca.crt /etc/kubernetes/pki/front-proxy-ca.crt.old
cp -a /etc/kubernetes/pki/front-proxy-ca.key /etc/kubernetes/pki/front-proxy-ca.key.old
标签:pki,kubernetes,ca,etc,proxy,front,K8S From: https://www.cnblogs.com/zbhlinux/p/17616480.html