Unable to connect to the server: x509: certificate has expired or is not yet valid openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '
原因是Kubernetes的证书默认过期有效期为1年,查看证书有效期命令如下
1
kubeadm alpha certs check-expiration
查看结果例子:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
[check-expiration] Reading configuration from the cluster... [check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED admin.conf Jul 08, 2022 01:40 UTC 364d no apiserver Jul 08, 2022 01:40 UTC 364d ca no apiserver-etcd-client Jul 08, 2022 01:40 UTC 364d etcd-ca no apiserver-kubelet-client Jul 08, 2022 01:40 UTC 364d ca no controller-manager.conf Jul 08, 2022 01:40 UTC 364d no etcd-healthcheck-client Jul 08, 2022 01:40 UTC 364d etcd-ca no etcd-peer Jul 08, 2022 01:40 UTC 364d etcd-ca no etcd-server Jul 08, 2022 01:40 UTC 364d etcd-ca no front-proxy-client Jul 08, 2022 01:40 UTC 364d front-proxy-ca no scheduler.conf Jul 08, 2022 01:40 UTC 364d no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED ca Jul 05, 2030 08:16 UTC 8y no etcd-ca Jul 05, 2030 08:16 UTC 8y no front-proxy-ca Jul 05, 2030 08:16 UTC 8y no
