这个证书很重要,不用说。

但手工生成证书,确实工作量大且容易出错。

推荐的方式,是保留/etc/kubernetes/pki目录下的ca.crt,ca.key,sa.crt,sa.key。

这四个文件,前两个是10年过期,后两个没有过期概念,可以保证现有群集的顺利升级证书。

然后,使用kubeadm命令,来解决证书过期问题。

但kubeadm的生成证书和配置的命令,在1.10和1.14之间发生了比较大的变化,

现在作个记录。

一,1.10

This command is not meant to be run on its own. See list of available subcommands.

Usage:
  kubeadm alpha phase [command]

Available Commands:
  addon           Installs required addons for passing Conformance tests
  bootstrap-token Manage kubeadm-specific bootstrap token functions
  certs           Generates certificates for a Kubernetes cluster
  controlplane    Generates all static Pod manifest files necessary to establish the control plane
  etcd            Generates static Pod manifest file for etcd.
  kubeconfig      Generates all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
  mark-master     Mark a node as master
  preflight       Run pre-flight checks
  selfhosting     Makes a kubeadm cluster self-hosted
  upload-config   Uploads the currently used configuration for kubeadm to a ConfigMap

Flags:
  -h, --help   help for phase

Use "kubeadm alpha phase [command] --help" for more information about a command.

时,这些功能还是属于alpha功能,所以使用kubeadm alpha phase -h命令查看帮助信息。

二,1.14之后,此功能已正常,集成到了kubeadm init phase -h功能中。

use this command to invoke single phase of the init workflow

Usage:
  kubeadm init phase [command]

Available Commands:
  addon              Installs required addons for passing Conformance tests
  bootstrap-token    Generates bootstrap tokens used to join a node to a cluster
  certs              Certificate generation
  control-plane      Generates all static Pod manifest files necessary to establish the control plane
  etcd               Generates static Pod manifest file for local etcd.
  kubeconfig         Generates all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
  kubelet-start      Writes kubelet settings and (re)starts the kubelet
  mark-control-plane Mark a node as a control-plane
  preflight          Run pre-flight checks
  upload-certs       Upload certificates to kubeadm-certs
  upload-config      Uploads the kubeadm and kubelet configuration to a ConfigMap

Flags:
  -h, --help   help for phase

Global Flags:
      --log-file string   If non-empty, use this log file
      --rootfs string     [EXPERIMENTAL] The path to the 'real' host root filesystem.
      --skip-headers      If true, avoid header prefixes in the log messages
  -v, --v Level           number for the log level verbosity

Use "kubeadm init phase [command] --help" for more information about a command.

三,生成证书和配置文件两大命令:

1.10

kubeadm alpha phase kubeconfig all --config masterconfiguration.yaml
kubeadm alpha phase certs all  --config masterconfiguration.yaml

1.14

kubeadm init phase kubeconfig all --config masterconfiguration.yaml
kubeadm init phase certs all  --config masterconfiguration.yaml

最新文章

  1. 【转】MipMap
  2. jsp使用EL表达式回传boolean值出错的问题
  3. 对iOS后台模式最多10分钟运行时间的进一步理解
  4. SQL指定字段指定顺序排序
  5. 事务BEGIN TRANSACTION
  6. 【Struts2学习笔记-3】常量配置
  7. C#学习笔记二: C#类型详解
  8. [原]SQL_实验2.1.3 清华大学出版社
  9. VMware 11 设置U盘启动,总是找不到physicalDrive1
  10. redis linux 基本命令
  11. 湖南省第六届大学生程序设计大赛原题 F Biggest Number (UVA1182)
  12. 【转】内核编译时, 到底用make clean, make mrproper还是make distclean(转载)
  13. HTML5 总结-表单-输入类型
  14. EF 打造冲不掉的标签
  15. jquery中html、text、val回调函数
  16. Spring @ResponseBody 返回中文乱码问题
  17. App 监控、推广
  18. Python_02笔记
  19. convert sorted list to binary search tree(将有序链表转成平衡二叉搜索树)
  20. 使用Boostrap框架写一个登录\注册界面

热门文章

  1. jieba、NLTK学习笔记
  2. 全网最新方法:win10下如何安装和配置64位JDK-13
  3. calcifications loss
  4. Python文件读取中:f.seek(0)和f.seek(0,0)有什么区别
  5. JAVA 中加载属性文件的4种方法
  6. 教你用好 Javascript 数组
  7. vue 使用JavaScript表达式
  8. 深度解密Go语言之context
  9. 强大的性能监测工具dstat
  10. 大话设计模式Python实现-原型模式