kubernetes重新生成证书，重新生成配置文件

Posted 2022-08-11 shark_西瓜甜

生成 证书

备份原来的证书

cp -ra /etc/kubernetes/pki,.bak
ls /etc/kubernetes/

帮助信息

kubeadm init phase certs --help

This command is not meant to be run on its own. See list of available subcommands.

Usage:
  kubeadm init phase certs [flags]
  kubeadm init phase certs [command]

Available Commands:
  all                      Generate all certificates
  apiserver                Generate the certificate for serving the Kubernetes API
  apiserver-etcd-client    Generate the certificate the apiserver uses to access etcd
  apiserver-kubelet-client Generate the certificate for the API server to connect to kubelet
  ca                       Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components
  etcd-ca                  Generate the self-signed CA to provision identities for etcd
  etcd-healthcheck-client  Generate the certificate for liveness probes to healthcheck etcd
  etcd-peer                Generate the certificate for etcd nodes to communicate with each other
  etcd-server              Generate the certificate for serving etcd
  front-proxy-ca           Generate the self-signed CA to provision identities for front proxy
  front-proxy-client       Generate the certificate for the front proxy client
  sa                       Generate a private key for signing service account tokens along with its public key

生成新的证书

kubeadm init phase certs all --apiserver-cert-extra-sans kube-apiserver,10.10.40.128,10.10.40.215,10.10.40.61 --control-plane-endpoint kube-apiserver

配置

备份

cp -ra /etc/kubernetes,.bak

重新生成

kubeadm init phase kubeconfig all