[cc lang=”bash”]
k8s证书到期时间查询命令
openssl x509 -in kubelet.crt -noout -dates
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ‘ Not ‘
openssl x509 -noout -text -in /etc/kubernetes/pki/apiserver.crt |grep ‘ Not ‘
k8s证书到期时间批量查询命令
for crt in $(find /etc/kubernetes/pki/ -name “*.crt”); do openssl x509 -in $crt -noout -dates; done
for crt in $(find /etc/kubernetes/ssl/ -name “*.pem”); do openssl x509 -in $crt -noout -dates; done
for crt in $(find /etc/kubernetes/ssl/ -name “*.crt”); do openssl x509 -in $crt -noout -dates; done
for crt in $(find /etc/kubernetes/ssl/ -name “*.pem”|grep -v “key”); do openssl x509 -in $crt -noout -dates; done
在证书过期node删除kubelet相关证书文件
rm -rf /etc/kubernetes/kubelet.kubeconfig
rm -rf /etc/kubernetes/ssl/kubelet.*
systemctl restart kubelet && systemctl status kubelet
自动生成了kubelet kubeconfig 文件和公私钥
查看未授权的CSR请求
kubectl get csr
通过CSR 请求:
kubectl certificate approve csr-aa-test1
查看重新生成的证书文件
ll /etc/kubernetes/ssl/kubelet.*
[/cc]
