kubeadm alpha certs check-expiration 查看证书信息CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Dec 20, 2024 07:37 UTC 364d no
apiserver Dec 20, 2024 07:37 UTC 364d ca no
apiserver-etcd-client Dec 20, 2024 07:37 UTC 364d etcd-ca no
apiserver-kubelet-client Dec 20, 2024 07:37 UTC 364d ca no
controller-manager.conf Dec 20, 2024 07:37 UTC 364d no
etcd-healthcheck-client Dec 20, 2024 07:37 UTC 364d etcd-ca no
etcd-peer Dec 20, 2024 07:37 UTC 364d etcd-ca no
etcd-server Dec 20, 2024 07:37 UTC 364d etcd-ca no
front-proxy-client Dec 20, 2024 07:37 UTC 364d front-proxy-ca no
scheduler.conf Dec 20, 2024 07:37 UTC 364d noCERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Dec 17, 2033 13:41 UTC 9y no
etcd-ca Dec 17, 2033 13:41 UTC 9y no
front-proxy-ca Dec 17, 2033 13:41 UTC 9y no执行这个进行更新证书kubeadm alpha certs renew all[root@kubeadm-master1 m43]# kubeadm alpha certs renew all
Command "all" is deprecated, please use the same command under "kubeadm certs"
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewedDone renewing certificates. You must restart the kube-apiserver, kube-controller-manager, kube-scheduler and etcd, so that they can use the new certificates.然后证书会更新了
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Dec 20, 2024 14:56 UTC 364d no
apiserver Dec 20, 2024 14:56 UTC 364d ca no
apiserver-etcd-client Dec 20, 2024 14:56 UTC 364d etcd-ca no
apiserver-kubelet-client Dec 20, 2024 14:56 UTC 364d ca no
controller-manager.conf Dec 20, 2024 14:56 UTC 364d no
etcd-healthcheck-client Dec 20, 2024 14:56 UTC 364d etcd-ca no
etcd-peer Dec 20, 2024 14:56 UTC 364d etcd-ca no
etcd-server Dec 20, 2024 14:56 UTC 364d etcd-ca no
front-proxy-client Dec 20, 2024 14:56 UTC 364d front-proxy-ca no
scheduler.conf Dec 20, 2024 14:56 UTC 364d noCERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Dec 17, 2033 13:41 UTC 9y no
etcd-ca Dec 17, 2033 13:41 UTC 9y no
front-proxy-ca Dec 17, 2033 13:41 UTC 9y no
注释haproxy 的,然后进行重启haproxy
[root@ha1 ~]# systemctl restart haproxy
[root@ha1 ~]# cat /etc/haproxy/haproxy.cfg
listen statsmode httpbind 0.0.0.0:9999stats enablelog globalstats uri /haproxy-statusstats auth haadmin:faeefa123eflisten k8s-6443bind 192.168.1.240:6443mode tcpbalance roundrobinserver 192.168.1.209 192.168.1.209:6443 check inter 2s fall 3 rise 5server 192.168.1.210 192.168.1.210:6443 check inter 2s fall 3 rise 5#server 192.168.1.212 192.168.1.212:6443 check inter 2s fall 3 rise 5listen k8s-nginx-80bind 192.168.1.240:80mode tcpserver 192.168.1.209 192.168.1.209:30004 check inter 2s fall 3 rise 5server 192.168.1.210 192.168.1.210:30004 check inter 2s fall 3 rise 5server 192.168.1.212 192.168.1.212:30004 check inter 2s fall 3 rise 5
Grey
全部学习内容汇总: GitHub - GreyZhang/g_hardware_basic: You should learn some hardware design knowledge in case hardware engineer would ask you to prove your software is right when their hardware design is wrong!
1857_什么是AEC-Q100认证
经…