kubernetes/kubernetes-MD/Kubernetes集群中Kubeadm证书到期问题.md

50 lines
1.6 KiB
Markdown
Raw Normal View History

2024-07-06 14:43:35 +08:00
<h1><center>Kubernetes集群中Kubeadm证书到期问题</center></h1>
作者:行癫(盗版必究)
------
## 一:报错案例
#### 1.报错原因
```shell
[root@xingdiancloud-master ~]# kubectl get node
E0706 14:10:17.193472 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.194757 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.196208 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.197353 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.198343 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)
```
![image-20240706141328064](https://xingdian-home.oss-cn-beijing.aliyuncs.com/imagesimage-20240706141328064.png)
#### 2.解决方案
检查当前证书的到期时间
```shell
kubeadm certs check-expiration
```
更新证书
```shell
kubeadm certs renew all
```
更新 kubeconfig 文件
```shell
sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
```
更新证书后,需要重启控制平面组件以使新的证书生效
```shell
systemctl restart kubelet
```