From b2b5e2a5314ef9075da4cedc04d0ecc5654bb2a5 Mon Sep 17 00:00:00 2001 From: diandian Date: Sat, 6 Jul 2024 14:43:35 +0800 Subject: [PATCH] =?UTF-8?q?=E4=B8=8A=E4=BC=A0=E6=96=87=E4=BB=B6=E8=87=B3?= =?UTF-8?q?=20'kubernetes-MD'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../Kubernetes集群中Kubeadm证书到期问题.md | 49 +++++++++++++++++++ 1 file changed, 49 insertions(+) create mode 100644 kubernetes-MD/Kubernetes集群中Kubeadm证书到期问题.md diff --git a/kubernetes-MD/Kubernetes集群中Kubeadm证书到期问题.md b/kubernetes-MD/Kubernetes集群中Kubeadm证书到期问题.md new file mode 100644 index 0000000..c2332db --- /dev/null +++ b/kubernetes-MD/Kubernetes集群中Kubeadm证书到期问题.md @@ -0,0 +1,49 @@ +

Kubernetes集群中Kubeadm证书到期问题

+ +作者:行癫(盗版必究) + +------ + +## 一:报错案例 + +#### 1.报错原因 + +```shell +[root@xingdiancloud-master ~]# kubectl get node +E0706 14:10:17.193472 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials +E0706 14:10:17.194757 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials +E0706 14:10:17.196208 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials +E0706 14:10:17.197353 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials +E0706 14:10:17.198343 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials +error: You must be logged in to the server (the server has asked for the client to provide credentials) +``` + +![image-20240706141328064](https://xingdian-home.oss-cn-beijing.aliyuncs.com/imagesimage-20240706141328064.png) + +#### 2.解决方案 + +检查当前证书的到期时间 + +```shell +kubeadm certs check-expiration +``` + +更新证书 + +```shell +kubeadm certs renew all +``` + +更新 kubeconfig 文件 + +```shell +sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config +sudo chown $(id -u):$(id -g) $HOME/.kube/config +``` + +更新证书后,需要重启控制平面组件以使新的证书生效 + +```shell +systemctl restart kubelet +``` +