查看证书是否过期
openssl x509 -in /var/lib/kubelet/pki/kubelet.crt -noout -dates
模拟证书过期
# date Thu Nov 7 00:05:17 CST 2021 # date -s "2022-10-07" Fri Nov 7 00:00:00 CST 2022 # date Fri Nov 7 00:00:02 CST 2022
备份旧证书
cp /var/lib/kubelet/pki/kubelet.crt /tmp
cp /var/lib/kubelet/pki/kubelet.key /tmp
#手动续签
续签10年
openssl req -x509 -newkey rsa:4096 -keyout kubelet.key -out kubelet.crt -days 3650 -nodes
mv kubelet.crt /var/lib/kubelet/pki/
mv kubelet.key /var/lib/kubelet/pki/
systemctl restart kubelet
检查结果
[root@k8s-master01 ~]# openssl x509 -in /var/lib/kubelet/pki/kubelet.crt -noout -dates
notBefore=Nov 6 10:21:35 2022 GMT
notAfter=Nov 4 10:21:35 2032 GMT
标签:00,续签,crt,lib,手动,kubelet,var,pki From: https://www.cnblogs.com/h1x2n/p/17755138.html