您现在的位置是：首页 >学无止境 >k8s证书过期网站首页学无止境

[root@master1 ~]# kubectl get nodes
Unable to connect to the server: x509: certificate has expired or is not yet valid: current time

1.master服务器：

# 备份 kubernetes配置

cp -r /etc/kubernetes /etc/kubernetes_bak

# 检测证书过期

kubeadm certs check-expiration

# 更新证书

kubeadm certs renew all

# 再次检测证书过期

kubeadm certs check-expiration 

如果kubectl get node

error: You must be logged in to the server (Unauthorized)

sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

[root@master1 ~]# kubectl get node
NAME      STATUS   ROLES                  AGE     VERSION
master1   Ready    control-plane,master   2y10d   v1.20.1
node1     Ready    <none>                 2y10d   v1.20.1
node2     Ready    <none>                 2y10d   v1.20.1
 

2.node1服务器：

[root@node1 ~]# kubectl get node
error: You must be logged in to the server (Unauthorized)
把master的/etc/kubernetes/admin.conf替换到node1节点下的/etc/kubernetes/admin.conf

[root@node1 kubernetes]# kubectl get node
NAME      STATUS   ROLES                  AGE     VERSION
master1   Ready    control-plane,master   2y10d   v1.20.1
node1     Ready    <none>                 2y10d   v1.20.1
node2     Ready    <none>                 2y10d   v1.20.1
3.node2服务器：

[root@node2 ~]# kubectl get node
error: You must be logged in to the server (Unauthorized)
把master的/etc/kubernetes/admin.conf替换到node2节点下的/etc/kubernetes/admin.conf

[root@node2 kubernetes]# kubectl get node
NAME      STATUS   ROLES                  AGE     VERSION
master1   Ready    control-plane,master   2y10d   v1.20.1
node1     Ready    <none>                 2y10d   v1.20.1
node2     Ready    <none>                 2y10d   v1.20.1

4.kubectl replace --force -f /var/jenkins_home/yaml/console-manage-business.yaml
等kubectl pods节点都无法更新问题

到master服务器上

按照提示，查找kube-apiserver, kube-controller-manager, kube-scheduler and etcd服务的容器并重启：

docker ps | grep -E 'kube-apiserver|kube-controller-manager|kube-scheduler|etcd'

 3：根据上一步查到的容器id重启docker容器：