YJWANG

Kubernetes 인증서 만료일 확인 및 갱신 본문

60.Cloud/80.Kubernetes

Kubernetes 인증서 만료일 확인 및 갱신

왕영주 2021. 1. 26. 10:52

만료일 확인

[root@master01 ~]# kubeadm alpha certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
W0126 01:47:16.573916 3779829 utils.go:69] The recommended value for "clusterDNS" in "KubeletConfiguration" is: [10.233.0.10]; the provided value is: [169.254.25.10]

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Jan 15, 2022 05:57 UTC   354d                                    no      
apiserver                  Jan 15, 2022 05:56 UTC   354d            ca                      no      
apiserver-kubelet-client   Jan 15, 2022 05:56 UTC   354d            ca                      no      
controller-manager.conf    Jan 15, 2022 05:57 UTC   354d                                    no      
front-proxy-client         Jan 15, 2022 05:56 UTC   354d            front-proxy-ca          no      
scheduler.conf             Jan 15, 2022 05:57 UTC   354d                                    no      

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Jan 13, 2031 05:56 UTC   9y              no      
front-proxy-ca          Jan 13, 2031 05:56 UTC   9y              no

갱신

[root@master01 ~]# kubeadm alpha certs renew all
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
W0126 01:48:46.186922 3781636 utils.go:69] The recommended value for "clusterDNS" in "KubeletConfiguration" is: [10.233.0.10]; the provided value is: [169.254.25.10]

certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed

확인

[root@master01 ~]# kubeadm alpha certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
W0126 01:49:24.393211 3782380 utils.go:69] The recommended value for "clusterDNS" in "KubeletConfiguration" is: [10.233.0.10]; the provided value is: [169.254.25.10]

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Jan 26, 2022 01:48 UTC   364d                                    no      
apiserver                  Jan 26, 2022 01:48 UTC   364d            ca                      no      
apiserver-kubelet-client   Jan 26, 2022 01:48 UTC   364d            ca                      no      
controller-manager.conf    Jan 26, 2022 01:48 UTC   364d                                    no      
front-proxy-client         Jan 26, 2022 01:48 UTC   364d            front-proxy-ca          no      
scheduler.conf             Jan 26, 2022 01:48 UTC   364d                                    no      

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Jan 13, 2031 05:56 UTC   9y              no      
front-proxy-ca          Jan 13, 2031 05:56 UTC   9y              no
반응형
저작자표시
'60.Cloud/80.Kubernetes' Related Articles more