kubernetes/kubernetes-MD/Kubernetes集群中Kubeadm证书到期问题.md

<h1><center>Kubernetes集群中Kubeadm证书到期问题</center></h1>

作者：行癫（盗版必究）

------

## 一：报错案例

#### 1.报错原因

```shell
[root@xingdiancloud-master ~]# kubectl get node
E0706 14:10:17.193472 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.194757 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.196208 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.197353 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.198343 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)
```

![image-20240706141328064](https://xingdian-home.oss-cn-beijing.aliyuncs.com/imagesimage-20240706141328064.png)

#### 2.解决方案

检查当前证书的到期时间

```shell
kubeadm certs check-expiration
```

更新证书

```shell
kubeadm certs renew all
```

更新 kubeconfig 文件

```shell
sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
```

更新证书后，需要重启控制平面组件以使新的证书生效

```shell
systemctl restart kubelet
```