18禁美女黄网站色大片免费网站 ,漂亮女上司

今天使用kubectl命令查看pod信息時(shí)，一直正常運(yùn)行的k8s集群突然不能訪問(wèn)了，輸入任何命令都提示以下報(bào)錯(cuò)：
Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2025-01-25T1145+08:00 is after 2024-11-22T2348Z

解決方案：

參考官方文檔：kubeadm證書(shū)管理使用命令kubeadm alpha certs來(lái)管理證書(shū)：

使用命令kubeadm alpha certs renew all更新證書(shū)，返回

	[renew] Reading configuration from the cluster...
	[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'

	certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
	certificate for serving the Kubernetes API renewed
	certificate the apiserver uses to access etcd renewed
	certificate for the API server to connect to kubelet renewed
	certificate embedded in the kubeconfig file for the controller manager to use renewed
	certificate for liveness probes to healthcheck etcd renewed
	certificate for etcd nodes to communicate with each other renewed
	certificate for serving etcd renewed
	certificate for the front proxy client renewed
	certificate embedded in the kubeconfig file for the scheduler manager to use renewed

使用如下命令拷貝新生成的配置文件

	sudo kubeadm alpha kubeconfig user --client-name=admin --org=system:masters > /tmp/admin.conf
	sudo cp /tmp/admin.conf $HOME/.kube/config
	sudo chown $(id -u):$(id -g) $HOME/.kube/config

重啟kubeletsystemctl restart kubelet即可正常使用K8S集群

	[root@k8smaster k8s]# kubectl get po
	NAME READY STATUS RESTARTS AGE
	cron-job-test-1732318920-k2g76 0/1 Completed 0 63d
	cron-job-test-1732318980-kcr4x 0/1 Completed 0 63d
	cron-job-test-1732319040-b88rf 0/1 Completed 0 63d

再次查看證書(shū)到期情況

	[root@k8smaster k8s]# kubeadm alpha certs check-expiration
	[check-expiration] Reading configuration from the cluster...
	[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'

	CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
	admin.conf Jan 25, 2026 05:55 UTC 364d no
	apiserver Jan 25, 2026 05:55 UTC 364d ca no
	apiserver-etcd-client Jan 25, 2026 05:55 UTC 364d etcd-ca no
	apiserver-kubelet-client Jan 25, 2026 05:55 UTC 364d ca no
	controller-manager.conf Jan 25, 2026 05:55 UTC 364d no
	etcd-healthcheck-client Jan 25, 2026 05:55 UTC 364d etcd-ca no
	etcd-peer Jan 25, 2026 05:55 UTC 364d etcd-ca no
	etcd-server Jan 25, 2026 05:55 UTC 364d etcd-ca no
	front-proxy-client Jan 25, 2026 05:55 UTC 364d front-proxy-ca no
	scheduler.conf Jan 25, 2026 05:55 UTC 364d no

	CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
	ca Nov 20, 2033 23:44 UTC 8y no
	etcd-ca Nov 20, 2033 23:44 UTC 8y no
	front-proxy-ca Nov 20, 2033 23:44 UTC 8y no

注意事項(xiàng)：

官網(wǎng)上給的命令是kubeadm certs check-expiration，標(biāo)識(shí)的k8s版本是V1.15，直接在本地執(zhí)行該命令報(bào)錯(cuò)：

	[root@k8smaster k8s]# kubeadm certs check-expiration
	unknown command "certs" for "kubeadm"
	To see the stack trace of this error execute with --v=5 or higher

查了下，我本地的k8s版本是1.19，certs命令放在了kubeadm alpha下，需要將kubeadm certs替換為kubeadm aplha certs執(zhí)行即可

	[root@k8smaster k8sh]# kubeadm version
	kubeadm version: &version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.5", GitCommit:"e338cf2c6d297aa603b50ad3a301f761b4173aa6", GitTreeState:"clean", BuildDate:"2020-12-09T1140Z", GoVersion:"go1.15.2", Compiler:"gc", Platform:"linux/amd64"}

	[root@k8smaster k8s]# kubeadm --help


	┌──────────────────────────────────────────────────────────┐
	│ KUBEADM │
	│ Easily bootstrap a secure Kubernetes cluster │
	│ │
	│ Please give us feedback at: │
	│ https://github.com/kubernetes/kubeadm/issues │
	└──────────────────────────────────────────────────────────┘
	Example usage:
	Create a two-machine cluster with one control-plane node
	(which controls the cluster), and one worker node
	(where your workloads, like Pods and Deployments run).
	┌──────────────────────────────────────────────────────────┐
	│ On the first machine: │
	├──────────────────────────────────────────────────────────┤
	│ control-plane# kubeadm init │
	└──────────────────────────────────────────────────────────┘
	┌──────────────────────────────────────────────────────────┐
	│ On the second machine: │
	├──────────────────────────────────────────────────────────┤
	│ worker# kubeadm join │
	└──────────────────────────────────────────────────────────┘
	You can then repeat the second step on as many other machines as you like.
	Usage:
	kubeadm [command]
	Available Commands:
	alpha Kubeadm experimental sub-commands
	completion Output shell completion code for the specified shell (bash or zsh)
	config Manage configuration for a kubeadm cluster persisted in a ConfigMap in the cluster
	help Help about any command
	init Run this command in order to set up the Kubernetes control plane
	join Run this on any machine you wish to join an existing cluster
	reset Performs a best effort revert of changes made to this host by 'kubeadm init ' or 'kubeadm join'
	token Manage bootstrap tokens
	upgrade Upgrade your cluster smoothly to a newer version with this command
	version Print the version of kubeadm
	Flags:
	--add-dir-header If true, adds the file directory to the header of the lo g messages
	-h, --help help for kubeadm
	--log-file string If non-empty, use this log file
	--log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
	--rootfs string [EXPERIMENTAL] The path to the 'real' host root filesyst em.
	--skip-headers If true, avoid header prefixes in the log messages
	--skip-log-headers If true, avoid headers when opening log files
	-v, --v Level number for the log level verbosity
	Use "kubeadm [command] --help" for more information about a command.
	[root@k8smaster k8s]# kubectl alpha --help
	These commands correspond to alpha features that are not enabled in Kubernetes
	clusters by default.
	Available Commands:
	debug Attach a debug container to a running pod
	Use "kubectl --help" for more information about a given command.
	[root@k8smaster k8s]# kubeadm alpha --help
	Kubeadm experimental sub-commands
	Usage:
	kubeadm alpha [command]
	Available Commands:
	certs Commands related to handling kubernetes certificates
	kubeconfig Kubeconfig file utilities
	selfhosting Make a kubeadm cluster self-hosted
	Flags:
	-h, --help help for alpha
	Global Flags:
	--add-dir-header If true, adds the file directory to the header of the log messages
	--log-file string If non-empty, use this log file
	--log-file-max-size uint Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
	--rootfs string [EXPERIMENTAL] The path to the 'real' host root filesystem.
	--skip-headers If true, avoid header prefixes in the log messages
	--skip-log-headers If true, avoid headers when opening log files
	-v, --v Level number for the log level verbosity
	Additional help topics:
	kubeadm alpha phase Invoke subsets of kubeadm functions separately for a manual install

	Use "kubeadm alpha [command] --help" for more information about a command.

鏈接：https://www.cnblogs.com/wenha/p/18690938

聲明：本文內(nèi)容及配圖由入駐作者撰寫(xiě)或者入駐合作網(wǎng)站授權(quán)轉(zhuǎn)載。文章觀點(diǎn)僅代表作者本人，不代表電子發(fā)燒友網(wǎng)立場(chǎng)。文章及其配圖僅供工程師學(xué)習(xí)之用，如有內(nèi)容侵權(quán)或者其他違規(guī)問(wèn)題，請(qǐng)聯(lián)系本站處理。舉報(bào)投訴

集群

集群

+關(guān)注

關(guān)注
0

文章
129

瀏覽量
17573
命令

命令

+關(guān)注

關(guān)注
5

文章
745

瀏覽量
23362

原文標(biāo)題：自建K8S集群認(rèn)證過(guò)期

文章出處：【微信號(hào)：magedu-Linux，微信公眾號(hào)：馬哥Linux運(yùn)維】歡迎添加關(guān)注！文章轉(zhuǎn)載請(qǐng)注明出處。

18video性欧美19sex,欧美高清videosddfsexhd,性少妇videosexfreexxx片中国,激情五月激情综合五月看花,亚洲人成网77777色在线播放

搜索歷史

自建K8S集群認(rèn)證過(guò)期

評(píng)論