共计 2243 个字符,预计需要花费 6 分钟才能阅读完成。
备份 kubernetes 目录
cp -r /etc/kubernetes{,-bak}
查看证书内的 ip
for i in $(find /etc/kubernetes/pki -type f -name "*.crt");do echo ${i} && openssl x509 -in ${i} -text | grep 'DNS:';done
⚡ root@master ~ for i in $(find /etc/kubernetes/pki -type f -name "*.crt");do echo ${i} && openssl x509 -in ${i} -text | grep 'DNS:';done
/etc/kubernetes/pki/apiserver.crt
DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:localhost, DNS:master, IP Address:10.96.0.1, IP Address:192.168.1.12, IP Address:127.0.0.1, IP Address:125.124.18.108
/etc/kubernetes/pki/etcd/healthcheck-client.crt
/etc/kubernetes/pki/etcd/peer.crt
DNS:localhost, DNS:master, IP Address:192.168.1.12, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1
/etc/kubernetes/pki/etcd/server.crt
DNS:localhost, DNS:master, IP Address:192.168.1.12, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1
/etc/kubernetes/pki/etcd/ca.crt
/etc/kubernetes/pki/apiserver-etcd-client.crt
/etc/kubernetes/pki/apiserver-kubelet-client.crt
/etc/kubernetes/pki/front-proxy-client.crt
/etc/kubernetes/pki/ca.crt
/etc/kubernetes/pki/front-proxy-ca.crt
生成集群配置
kubeadm config view > /root/kubeadm.yaml
cat kubeadm.yaml
⚡ root@master ~ cat kubeadm.yaml
apiServer:
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
certSANs:
- localhost
- 127.0.0.1
# 新增外网IP段
- 125.124.18.108
- 192.168.1.12
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.cn-hangzhou.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.20.0
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
删除原有证书
rm -rf /etc/kubernetes/pki/{apiserver*,front-proxy-client*}
rm -rf /etc/kubernetes/pki/etcd/{healthcheck*,peer*,server*}
重新生成证书
kubeadm init phase certs all --config /root/kubeadm.yaml
验证
for i in $(find /etc/kubernetes/pki -type f -name "*.crt");do echo ${i} && openssl x509 -in ${i} -text | grep 'DNS:';done
将配置更新到 configmap 中
kubeadm init phase upload-config kubeadm --config kubeadm.yaml
更新 controller-manager kubeconfig 文件
sudo kubeadm alpha kubeconfig user --org system:kube-controller-manager --client-name system:kube-controller-manager > cd /etc/kubernetes/controller-manager.conf
更新 scheduler kubeconfig 文件
sudo kubeadm init phase kubeconfig scheduler
正文完