kubernetes/kubernetes-MD/Kubernetes集群中Kubeadm证书到期问题.md

Kubernetes集群中Kubeadm证书到期问题

作者：行癫（盗版必究）

---

一：报错案例

1.报错原因

[root@xingdiancloud-master ~]# kubectl get node
E0706 14:10:17.193472 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.194757 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.196208 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.197353 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.198343 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)

2.解决方案

检查当前证书的到期时间

kubeadm certs check-expiration

更新证书

kubeadm certs renew all

更新 kubeconfig 文件

sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

更新证书后，需要重启控制平面组件以使新的证书生效

systemctl restart kubelet