https://github.com/kubesphere/kubekey/blob/master/docs/check-renew-certificate.md
查询证书

  1. [root@master ~]# ls -l
  2. total 9770232
  3. -rw-------.  1 root root       1405 Jul  8  2021 anaconda-ks.cfg
  4. -rw-r--r--   1 root root      10026 Jun  9 16:30 cluster-configuration.yaml
  5. -rw-r--r--   1 root root       4748 Jun  6 16:50 config-sample.yaml
  6. -rw-r--r--.  1 root root       1269 Jun  6 11:06 config-sample.yaml.ba
  7. drwxrwxr-x  10 root root        244 Jun 17 15:30 kubegems-1.21.0
  8. -rw-r--r--   1 root root    1208820 Jun 23 13:45 kubegems-1.21.0.tar.gz
  9. drwxr-xr-x. 13 root root        166 Jun  6 11:42 kubekey
  10. -rw-r--r--.  1 root root   17716475 Jun  6 10:50 kubekey-v2.1.1-linux-64bit.rpm
  11. -rw-r--r--.  1 root root 9985745698 Dec 17  2021 kubesphere-all-v3.1.0-offline-linux-amd64.tar.gz
  12. -rw-r--r--   1 root root       4555 Jun  9 16:30 kubesphere-installer.yaml
  13. [root@master ~]# kk certs check-expiration 
  16.  _   __      _          _   __           
  17. | | / /     | |        | | / /           
  18. | |/ / _   _| |__   ___| |/ /  ___ _   _ 
  19. |    \| | | | '_ \ / _ \    \ / _ \ | | |
  20. | |\  \ |_| | |_) |  __/ |\  \  __/ |_| |
  21. \_| \_/\__,_|_.__/ \___\_| \_/\___|\__, |
  22.                                     __/ |
  23.                                    |___/
  25. 14:03:57 CST [GreetingsModule] Greetings
  26. 14:03:58 CST message: [master]
  27. Greetings, KubeKey!
  28. 14:03:58 CST success: [master]
  29. 14:03:58 CST [CheckCertsModule] Check cluster certs
  30. 14:04:00 CST success: [master]
  31. 14:04:00 CST [PrintClusterCertsModule] Display cluster certs form
  32. CERTIFICATE                    EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   NODE
  33. apiserver.crt                  Jun 06, 2023 03:42 UTC   298d            ca                      master  
  34. apiserver-kubelet-client.crt   Jun 06, 2023 03:42 UTC   298d            ca                      master  
  35. front-proxy-client.crt         Jun 06, 2023 03:42 UTC   298d            front-proxy-ca          master  
  36. admin.conf                     Jun 06, 2023 03:42 UTC   298d                                    master  
  37. controller-manager.conf        Jun 06, 2023 03:42 UTC   298d                                    master  
  38. scheduler.conf                 Jun 06, 2023 03:42 UTC   298d                                    master  
  40. CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   NODE
  41. ca.crt                  Jun 03, 2032 03:42 UTC   9y              master  
  42. front-proxy-ca.crt      Jun 03, 2032 03:42 UTC   9y              master  
  43. 14:04:00 CST success: [LocalHost]
  44. 14:04:00 CST Pipeline[CheckCertsPipeline] execute successful

更新证书

  2. [root@master ~]# kk certs renew
  5.  _   __      _          _   __           
  6. | | / /     | |        | | / /           
  7. | |/ / _   _| |__   ___| |/ /  ___ _   _ 
  8. |    \| | | | '_ \ / _ \    \ / _ \ | | |
  9. | |\  \ |_| | |_) |  __/ |\  \  __/ |_| |
  10. \_| \_/\__,_|_.__/ \___\_| \_/\___|\__, |
  11.                                     __/ |
  12.                                    |___/
  14. 14:04:11 CST [GreetingsModule] Greetings
  15. 14:04:11 CST message: [master]
  16. Greetings, KubeKey!
  17. 14:04:11 CST success: [master]
  18. 14:04:11 CST [RenewCertsModule] Renew control-plane certs
  19. 14:04:12 CST stdout: [master]
  20. v1.21.5
  21. 14:04:17 CST success: [master]
  22. 14:04:17 CST [RenewCertsModule] Copy admin.conf to ~/.kube/config
  23. 14:04:21 CST success: [master]
  24. 14:04:21 CST [RenewCertsModule] Fetch kube config file from control-plane
  25. 14:04:22 CST success: [master]
  26. 14:04:22 CST [RenewCertsModule] Synchronize kube config to worker
  27. 14:04:22 CST skipped: [master]
  28. 14:04:22 CST [CheckCertsModule] Check cluster certs
  29. 14:04:25 CST success: [master]
  30. 14:04:25 CST [PrintClusterCertsModule] Display cluster certs form
  31. CERTIFICATE                    EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   NODE
  32. apiserver.crt                  Aug 11, 2023 06:04 UTC   364d            ca                      master  
  33. apiserver-kubelet-client.crt   Aug 11, 2023 06:04 UTC   364d            ca                      master  
  34. front-proxy-client.crt         Aug 11, 2023 06:04 UTC   364d            front-proxy-ca          master  
  35. admin.conf                     Aug 11, 2023 06:04 UTC   364d                                    master  
  36. controller-manager.conf        Aug 11, 2023 06:04 UTC   364d                                    master  
  37. scheduler.conf                 Aug 11, 2023 06:04 UTC   364d                                    master  
  39. CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   NODE
  40. ca.crt                  Jun 03, 2032 03:42 UTC   9y              master  
  41. front-proxy-ca.crt      Jun 03, 2032 03:42 UTC   9y              master  
  42. 14:04:25 CST success: [LocalHost]
  43. 14:04:25 CST Pipeline[RenewCertsPipeline] execute successful
  44. [root@master ~]#

自动更换证书

  1. [root@master ~]# find / admin.conf |grep admin.conf 
  2. /etc/kubernetes/admin.conf
  3. /root/kubekey/master/admin.conf
  4. /tmp/kubekey/admin.conf
  5. find: admin.conf’: No such file or directory
  6. [root@master ~]# 
  7. [root@master ~]# ls -l /etc/kubernetes/admin.conf 
  8. -rw-------. 1 kube root 5611 Aug 11 14:04 /etc/kubernetes/admin.conf
  9. [root@master ~]# ls -l /root/kubekey/master/admin.conf 
  10. -rw-r--r-- 1 root root 5611 Aug 11 14:04 /root/kubekey/master/admin.conf
  11. [root@master ~]# ls -l /root/kubekey/master/admin.conf
  12. -rw-r--r-- 1 root root 5611 Aug 11 14:04 /root/kubekey/master/admin.conf
  13. [root@master ~]# ls -l /root/.kube/config 
  14. -rw-------. 1 root root 5611 Aug 11 14:04 /root/.kube/config
  15. [root@master ~]#