证书到期
来源:7-11 为集群添加认证授权(下)
Ajistyle
2021-02-09
[root@node16615 ca]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.166.13 Ready 363d v1.17.1
192.168.166.14 NotReady 365d v1.17.1
192.168.166.15 NotReady 365d v1.17.1
[root@node16615 ca]#
[root@node16615 ca]# journalctl -f -u kubelet
– Logs begin at Thu 2020-12-17 02:21:03 CST. –
Feb 09 10:02:47 node16615 kubelet[10167]: I0209 10:02:47.632575 10167 feature_gate.go:243] feature gates: &{map[]}
Feb 09 10:02:47 node16615 kubelet[10167]: I0209 10:02:47.666250 10167 mount_linux.go:168] Detected OS with systemd
Feb 09 10:02:47 node16615 kubelet[10167]: I0209 10:02:47.666414 10167 server.go:416] Version: v1.17.1
Feb 09 10:02:47 node16615 kubelet[10167]: I0209 10:02:47.666471 10167 feature_gate.go:243] feature gates: &{map[]}
Feb 09 10:02:47 node16615 kubelet[10167]: I0209 10:02:47.666549 10167 feature_gate.go:243] feature gates: &{map[]}
Feb 09 10:02:47 node16615 kubelet[10167]: I0209 10:02:47.666728 10167 plugins.go:100] No cloud provider specified.
Feb 09 10:02:47 node16615 kubelet[10167]: I0209 10:02:47.666746 10167 server.go:532] No cloud provider specified: “” from the config file: ""
Feb 09 10:02:47 node16615 kubelet[10167]: E0209 10:02:47.689175 10167 bootstrap.go:265] part of the existing bootstrap client certificate is expired: 2021-02-08 14:34:02 +0000 UTC
Feb 09 10:02:47 node16615 kubelet[10167]: I0209 10:02:47.689194 10167 bootstrap.go:119] Using bootstrap kubeconfig to generate TLS client cert, key and kubeconfig file
Feb 09 10:02:47 node16615 kubelet[10167]: I0209 10:02:47.695847 10167 certificate_store.go:129] Loading cert/key pair from “/etc/kubernetes/ca/kubelet-client-current.pem”.
老师,你好,我之前设置的是10年的,为啥这么快就到期了,这个怎么解决?
1回答
-
刘果国
2021-02-11
感觉设置没生效,看下controller-manager的启动参数确认一下。
过期处理参考:https://my.oschina.net/u/4373297/blog/3778240
00
相似问题