Kubernetes集群中Kubeadm证书到期问题

作者:行癫(盗版必究) ------ ## 一:报错案例 #### 1.报错原因 ```shell [root@xingdiancloud-master ~]# kubectl get node E0706 14:10:17.193472 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials E0706 14:10:17.194757 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials E0706 14:10:17.196208 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials E0706 14:10:17.197353 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials E0706 14:10:17.198343 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials error: You must be logged in to the server (the server has asked for the client to provide credentials) ``` ![image-20240706141328064](https://xingdian-home.oss-cn-beijing.aliyuncs.com/imagesimage-20240706141328064.png) #### 2.解决方案 检查当前证书的到期时间 ```shell kubeadm certs check-expiration ``` 更新证书 ```shell kubeadm certs renew all ``` 更新 kubeconfig 文件 ```shell sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config ``` 更新证书后,需要重启控制平面组件以使新的证书生效 ```shell systemctl restart kubelet ```