title: “K8S Zertifikate erneuern”
date: 2019-11-20T07:44:45
slug: k8s-zertifikate-erneuern
On Kubernetes master node:
- Backup old certificates:
“`
# mkdir -p /root/kube-backup/kubernetes-pki /root/kube-backup/kubernetes-conf /root/kube-backup/kubelet-pki
mv /etc/kubernetes/pki/* /root/kube-backup/kubernetes-pki/
mv /etc/kubernetes/*.conf /root/kube-backup/kubernetes-conf/
“`
- Renew the certificates and kubeconfig files of the core services:
“`
# K8S_IP=$(kubectl config view -o jsonpath={.clusters[0].cluster.server} | cut -d/ -f3 | cut -d: -f1)
kubeadm alpha phase certs all –apiserver-advertise-address $K8S_IP
kubeadm alpha phase kubeconfig all –apiserver-advertise-address $K8S_IP
“`
For installations behind proxy, it should be passed as a variable behind the kubeadm command:
“`
# http_proxy=http://192.168.10.12:8008 https_proxy=http://192.168.10.12:8008 kubeadm alpha phase certs all –apiserver-advertise-address $K8S_IP
“`
- Renew the config file to manage the cluster with kubectl:
“`
# \cp -arf /etc/kubernetes/admin.conf $HOME/.kube/config
chown $(id -u):$(id -g) $HOME/.kube/config
chmod 777 $HOME/.kube/config
“`
- Renew kubelet certificates:
“`
# systemctl stop kubelet
systemctl stop docker
mv /var/lib/kubelet/pki/* /root/kube-backup/kubelet-pki/
systemctl start docker
systemctl start kubelet
“`
