#先提前编译kubeadm到100年
1、先备份 conf文件和证书文件
cp -rp /etc/kubernetes/ /etc/kubernetes.bak
2、生成新的crt 证书,默认在/etc/kubernetes/pki 路径
for i in ca front-proxy-ca apiserver-kubelet-client front-proxy-client apiserver ;do kubeadm init phase certs $i --config=kubeadm-config.yaml;done
kubeadm init phase certs sa
3、生成新的conf 文件
#先创建目录
mkdir -p /home/certs/file/
for i in admin controller-manager kubelet scheduler;do kubeadm init phase kubeconfig $i --config=kubeadm-config.yaml --kubeconfig-dir /home/certs/file/;done
#删除原来的配置文件
rm /etc/kubernetes/*.conf -f && rm /etc/kubernetes/pki/* && rm /var/lib/kubelet/pki/* -f
#拷贝新生成的文件到另外2个master 节点
scp /etc/kubernetes/pki/* 192.168.111.x:/etc/kubernetes/pki/
scp /etc/kubernetes/*.conf 192.168.111.x:/etc/kubernetes/
#拷贝新生成的文件到work节点
scp /etc/kubernetes/kubelet.conf 192.168.111.x:/etc/kubernetes/
scp /etc/kubernetes/pki/ca.crt 192.168.111.x:/etc/kubernetes/pki/
4、重启kubelet和 kube-apiserver、kube-controller-manager、kube-scheduler、calico-kube-controller、kube-proxy、calico-node
5、签发证书
kubectl certificate approve 【证书名称】
6、验证证书是否延长100年
标签:k8S,kubernetes,kubelet,CA,etc,conf,100,pki,kubeadm From: https://www.cnblogs.com/zbhlinux/p/18050633