k8s踩坑记录——证书一年有效期
kubernetes集群证书重签 依照https://github.com/strongit/kubeadm-ha/ 安装步骤,kubeadm init安装后的集群存在证书过期问题。现修复如下: 思路如下, 1、保留ca.crt ca.key front-proxy-ca.crt front-proxy-ca.key,根证书有效期十年 2、openssl重新签注 3、kubeadm alpha phase 生成config [root@k8s-master01 pki]# cat csr.conf [ req ] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C = CN ST = BeiJing L = BeiJing O = k8s OU = System CN = kubernetes [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = kubernetes DNS.2 = kubernetes.default DNS.3 = kubernetes.default.svc DNS.4 = kubernetes.default.svc