1.6 KiB
1.6 KiB
Kubernetes集群中Kubeadm证书到期问题
一:报错案例
1.报错原因
[root@xingdiancloud-master ~]# kubectl get node
E0706 14:10:17.193472 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.194757 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.196208 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.197353 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
E0706 14:10:17.198343 1056310 memcache.go:265] couldn't get current server API group list: the server has asked for the client to provide credentials
error: You must be logged in to the server (the server has asked for the client to provide credentials)
2.解决方案
检查当前证书的到期时间
kubeadm certs check-expiration
更新证书
kubeadm certs renew all
更新 kubeconfig 文件
sudo cp /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
更新证书后,需要重启控制平面组件以使新的证书生效
systemctl restart kubelet