k8s证书到期时间查询命令

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
k8s证书到期时间查询命令
openssl x509 -in kubelet.crt -noout -dates
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '
openssl x509 -noout -text -in /etc/kubernetes/pki/apiserver.crt |grep ' Not '

k8s证书到期时间批量查询命令
for crt in $(find /etc/kubernetes/pki/ -name "*.crt"); do openssl x509 -in $crt -noout -dates; done
for crt in $(find /etc/kubernetes/ssl/ -name "*.pem"); do openssl x509 -in $crt -noout -dates; done
for crt in $(find /etc/kubernetes/ssl/ -name "*.crt"); do openssl x509 -in $crt -noout -dates; done
for crt in $(find /etc/kubernetes/ssl/ -name "*.pem"|grep -v "key"); do openssl x509 -in $crt -noout -dates; done

在证书过期node删除kubelet相关证书文件
rm -rf /etc/kubernetes/kubelet.kubeconfig
rm -rf /etc/kubernetes/ssl/kubelet.*
systemctl  restart kubelet && systemctl  status  kubelet

自动生成了kubelet kubeconfig 文件和公私钥
查看未授权的CSR请求
kubectl get csr

通过CSR 请求:
kubectl certificate approve csr-aa-test1
查看重新生成的证书文件
ll /etc/kubernetes/ssl/kubelet.*

人已赞赏
k8s容器

k8s给节点打标签命令

2020-3-12 12:44:44

容器

docker容器停止和清理命令

2020-3-12 12:49:37

个人中心
购物车
优惠劵
今日签到
有新私信 私信列表
搜索