2024. 7. 29. 06:58ㆍk8s
1. 인증서 만료 확인
kubeadm alpha certs check-expiration
root@k8s-master:~# kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Feb 23, 2025 08:45 UTC 209d ca no
apiserver Feb 23, 2025 08:45 UTC 209d ca no
apiserver-etcd-client Feb 23, 2025 08:45 UTC 209d etcd-ca no
apiserver-kubelet-client Feb 23, 2025 08:45 UTC 209d ca no
controller-manager.conf Feb 23, 2025 08:45 UTC 209d ca no
etcd-healthcheck-client Feb 23, 2025 08:45 UTC 209d etcd-ca no
etcd-peer Feb 23, 2025 08:45 UTC 209d etcd-ca no
etcd-server Feb 23, 2025 08:45 UTC 209d etcd-ca no
front-proxy-client Feb 23, 2025 08:45 UTC 209d front-proxy-ca no
scheduler.conf Feb 23, 2025 08:45 UTC 209d ca no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Feb 21, 2034 08:45 UTC 9y no
etcd-ca Feb 21, 2034 08:45 UTC 9y no
front-proxy-ca Feb 21, 2034 08:45 UTC 9y no
2. 인증서 백업
cp -rp /etc/kubernetes ~/backups
3. 인증서 갱신
모든 컨트롤 플레인 노드에서 이 명령을 실행해야 한다.
kubeadm alpha certs renew all
root@k8s-master:~# kubeadm certs renew all
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed
Done renewing certificates. You must restart the kube-apiserver, kube-controller-manager, kube-scheduler and etcd, so that they can use the new certificates.
root@k8s-master:~# kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Jul 28, 2025 21:39 UTC 364d ca no
apiserver Jul 28, 2025 21:39 UTC 364d ca no
apiserver-etcd-client Jul 28, 2025 21:39 UTC 364d etcd-ca no
apiserver-kubelet-client Jul 28, 2025 21:39 UTC 364d ca no
controller-manager.conf Jul 28, 2025 21:39 UTC 364d ca no
etcd-healthcheck-client Jul 28, 2025 21:39 UTC 364d etcd-ca no
etcd-peer Jul 28, 2025 21:39 UTC 364d etcd-ca no
etcd-server Jul 28, 2025 21:39 UTC 364d etcd-ca no
front-proxy-client Jul 28, 2025 21:39 UTC 364d front-proxy-ca no
scheduler.conf Jul 28, 2025 21:39 UTC 364d ca no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Feb 21, 2034 08:45 UTC 9y no
etcd-ca Feb 21, 2034 08:45 UTC 9y no
front-proxy-ca Feb 21, 2034 08:45 UTC 9y no
해시값이 아래와 같이 달라짐
root@k8s-master:~# md5sum /etc/kubernetes/admin.conf ~/.kube/config
ad59de8d8f1c951b691796dae463a05c /etc/kubernetes/admin.conf
bbb7d6ebf78f108c02acaed1abcb93d4 /root/.kube/config
root@k8s-master:~# chown $(id -u):$(id -g) $HOME/.kube/config
root@k8s-master:~# chmod 777 $HOME/.kube/config
root@k8s-master:~# ls -ld ~/.kube/config
-rwxrwxrwx 1 root root 5645 Jul 29 06:44 /root/.kube/config
4. k8s 컴포넌트 재시작
root@k8s-master:~# ll /etc/kubernetes/manifests/
total 24
drwxr-xr-x 2 root root 4096 Feb 24 17:45 ./
drwxr-xr-x 4 root root 4096 Feb 24 17:45 ../
-rw------- 1 root root 2383 Feb 24 17:45 etcd.yaml
-rw------- 1 root root 3867 Feb 24 17:45 kube-apiserver.yaml
-rw------- 1 root root 3394 Feb 24 17:45 kube-controller-manager.yaml
-rw------- 1 root root 1463 Feb 24 17:45 kube-scheduler.yaml
root@k8s-master:~# mkdir /etc/kubernetes/manifests_backup
root@k8s-master:~# mv /etc/kubernetes/manifests/* /etc/kubernetes/manifests_backup/
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD
c3033d32f060a ead0a4a53df89 31 minutes ago Running coredns 13 6f66cb0b95fb7 coredns-5dd5756b68-jkm52
7eb362e913487 ead0a4a53df89 31 minutes ago Running coredns 13 9e0401e9bd2be coredns-5dd5756b68-9fx7l
fb61c17773de7 690c3345cc9c3 31 minutes ago Running weave-npc 13 e9c483bb325df weave-net-8wv5c
d1c79d12be586 62fea85d60522 31 minutes ago Running weave 14 e9c483bb325df weave-net-8wv5c
34c858951a5a5 62fea85d60522 31 minutes ago Exited weave-init 10 e9c483bb325df weave-net-8wv5c
f0297fc1abaf9 123aa721f941b 31 minutes ago Running kube-proxy 14 9f2aa466b8301 kube-proxy-kt4j4
b488061cb042b 309c26d006295 31 minutes ago Exited kube-scheduler 14 f192079f49d3f kube-scheduler-k8s-master
4d5657534a27c 73deb9a3f7025 31 minutes ago Exited etcd 14 dc1c62362e770 etcd-k8s-master
5a024a3baf5c1 4d9d9de55f196 31 minutes ago Exited kube-controller-manager 14 b5b64651c9bdd kube-controller-manager-k8s-master
e7f9f4f4ef46a eeb80ea665767 31 minutes ago Running kube-apiserver 14 d115f7b5cb3e6 kube-apiserver-k8s-master
d36328ce6823e 690c3345cc9c3 3 days ago Exited weave-npc 12 4267c8cfaf460 weave-net-8wv5c
c707cb17f3619 ead0a4a53df89 3 days ago Exited coredns 12 389838eabdb7d coredns-5dd5756b68-jkm52
3c6505cb2f80b ead0a4a53df89 3 days ago Exited coredns 12 36dce87e900b7 coredns-5dd5756b68-9fx7l
04833eb033ba6 62fea85d60522 3 days ago Exited weave 13 4267c8cfaf460 weave-net-8wv5c
9cf40b840beff 123aa721f941b 3 days ago Exited kube-proxy 13 030761aef7684 kube-proxy-kt4j4
cd3539e4ab927 eeb80ea665767 3 days ago Exited kube-apiserver 13 c2b3bcc57a2ac kube-apiserver-k8s-master
3ca46b200a4bf 309c26d006295 3 days ago Exited kube-scheduler 13 670c0c96214d9 kube-scheduler-k8s-master
7a848f72866b8 4d9d9de55f196 3 days ago Exited kube-controller-manager 13 ab85c76980f92 kube-controller-manager-k8s-master
bdaca7fc9e35e 73deb9a3f7025 3 days ago Exited etcd 13 1ba1f7318102d etcd-k8s-master
root@k8s-master:~# mv /etc/kubernetes/manifests_backup/* /etc/kubernetes/manifests/
CONTAINER IMAGE CREATED STATE NAME ATTEMPT POD ID POD
a12072cfebe58 309c26d006295 37 seconds ago Running kube-scheduler 0 16721b5909659 kube-scheduler-k8s-master
8446d0b0a01b5 4d9d9de55f196 37 seconds ago Running kube-controller-manager 0 44bd3cb6f5b3c kube-controller-manager-k8s-master
d34e0212b56bd 73deb9a3f7025 37 seconds ago Running etcd 0 6c1d58bc80e4d etcd-k8s-master
6f55daa86ce75 eeb80ea665767 37 seconds ago Running kube-apiserver 0 7a1d3a237ee21 kube-apiserver-k8s-master
c3033d32f060a ead0a4a53df89 32 minutes ago Running coredns 13 6f66cb0b95fb7 coredns-5dd5756b68-jkm52
7eb362e913487 ead0a4a53df89 32 minutes ago Running coredns 13 9e0401e9bd2be coredns-5dd5756b68-9fx7l
fb61c17773de7 690c3345cc9c3 32 minutes ago Running weave-npc 13 e9c483bb325df weave-net-8wv5c
d1c79d12be586 62fea85d60522 32 minutes ago Running weave 14 e9c483bb325df weave-net-8wv5c
34c858951a5a5 62fea85d60522 33 minutes ago Exited weave-init 10 e9c483bb325df weave-net-8wv5c
f0297fc1abaf9 123aa721f941b 33 minutes ago Running kube-proxy 14 9f2aa466b8301 kube-proxy-kt4j4
d36328ce6823e 690c3345cc9c3 3 days ago Exited weave-npc 12 4267c8cfaf460 weave-net-8wv5c
c707cb17f3619 ead0a4a53df89 3 days ago Exited coredns 12 389838eabdb7d coredns-5dd5756b68-jkm52
3c6505cb2f80b ead0a4a53df89 3 days ago Exited coredns 12 36dce87e900b7 coredns-5dd5756b68-9fx7l
04833eb033ba6 62fea85d60522 3 days ago Exited weave 13 4267c8cfaf460 weave-net-8wv5c
9cf40b840beff 123aa721f941b 3 days ago Exited kube-proxy 13 030761aef7684 kube-proxy-kt4j4
root@k8s-master:~# systemctl restart kubelet.service
'k8s' 카테고리의 다른 글
| Endpoint (1) | 2023.10.31 |
|---|---|
| loadbalancer (0) | 2023.10.31 |
| etcd (0) | 2023.10.31 |
| Kubernetes 클러스터의 구성요소 (0) | 2023.10.31 |
| 네임 스페이스 요구명세서 실습 (0) | 2023.10.31 |