kubernetes重新生成证书,重新生成配置文件
Posted shark_西瓜甜
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了kubernetes重新生成证书,重新生成配置文件相关的知识,希望对你有一定的参考价值。
生成 证书
备份原来的证书
cp -ra /etc/kubernetes/pki,.bak
ls /etc/kubernetes/
帮助信息
kubeadm init phase certs --help
This command is not meant to be run on its own. See list of available subcommands.
Usage:
kubeadm init phase certs [flags]
kubeadm init phase certs [command]
Available Commands:
all Generate all certificates
apiserver Generate the certificate for serving the Kubernetes API
apiserver-etcd-client Generate the certificate the apiserver uses to access etcd
apiserver-kubelet-client Generate the certificate for the API server to connect to kubelet
ca Generate the self-signed Kubernetes CA to provision identities for other Kubernetes components
etcd-ca Generate the self-signed CA to provision identities for etcd
etcd-healthcheck-client Generate the certificate for liveness probes to healthcheck etcd
etcd-peer Generate the certificate for etcd nodes to communicate with each other
etcd-server Generate the certificate for serving etcd
front-proxy-ca Generate the self-signed CA to provision identities for front proxy
front-proxy-client Generate the certificate for the front proxy client
sa Generate a private key for signing service account tokens along with its public key
生成新的证书
kubeadm init phase certs all --apiserver-cert-extra-sans kube-apiserver,10.10.40.128,10.10.40.215,10.10.40.61 --control-plane-endpoint kube-apiserver
配置
备份
cp -ra /etc/kubernetes,.bak
重新生成
kubeadm init phase kubeconfig all
以上是关于kubernetes重新生成证书,重新生成配置文件的主要内容,如果未能解决你的问题,请参考以下文章
sh 笔记:OpenSSL生成「自签名」证书,配置Nodejs本地HTTPS服务 - 12.不需要单独创建文件,重新生成证书的方法
sh 笔记:OpenSSL生成「自签名」证书,配置Nodejs本地HTTPS服务 - 11.通过v3.ext对证书进行重新生成
应用程序已在应用程序商店中 - 为 APN 生成新证书。重新上传?