解决kubernetes集群证书过期的问题

现象：

 解决办法：

1.在master节点运行： kubeadm alpha certs renew all
2.在master节点运行： rm -f  /etc/kubernetes/kubelet.conf && cp /etc/kubernetes/admin.conf /etc/kubernetes/bootstrap-kubelet.conf 
3.在master节点运行： cp /etc/kubernetes/admin.conf ~/.kube/config

# 此命令会在/etc/kubernetes/pki目录下重新生成证书
4.在master节点运行： kubeadm init phase kubeconfig all    

5. 重启etcd,apiserver等关键容器：docker ps -a | grep -v pause | grep -E "etcd|scheduler|controller|apiserver" | awk '{print $1}' | awk '{print "docker","restart",$1}' | bash
6. master节点重启kubelet==> systemctl restart kubelet

7. 删除node节点上的/etc/kubernetes/kubelet.conf，

   用master节点上的新文件admin.conf来替换，

scp /etc/kubernetes/admin.conf  root@k8s-node2:/etc/kubernetes/

把master节点上的/etc/kubernetes/pki拷贝到各个node节点上

scp -r  /etc/kubernetes/pki root@k8s-node2:/etc/kubernetes/pki

然后node节点上重启kubelet

查看证书有效期的命令：

kubeadm alpha certs check-expiration

意外情况：node节点上的pod mysql-8fcd9f64-kwd9t起不来，一直处于creating状态

然后describe看一下：

kubectl describe pod mysql-8fcd9f64-kwd9t

 Warning  FailedCreatePodSandBox  2m5s (x1631 over 107m)  kubelet, k8s-node1  (combined from similar events): Failed to create pod sandbox: rpc error: code = Unknown desc = failed to set up sandbox container "7dc1895c2ee70a63a9c04907f612014ee6ef7e3a8132c55d920c9de3dd4f924e" network for pod "mysql-8fcd9f64-kwd9t": networkPlugin cni failed to set up pod "mysql-8fcd9f64-kwd9t_default" network: open /run/flannel/subnet.env: no such file or directory
 

 

  Normal   SandboxChanged          2m48s (x1994 over 128m)  kubelet, k8s-node1  Pod sandbox changed, it will be killed an          d re-created.
  Normal   Pulling                 27s (x2 over 49s)        kubelet, k8s-node1  Pulling image "mysql:5.7"
  Warning  Failed                  16s (x2 over 40s)        kubelet, k8s-node1  Failed to pull image "mysql:5.7": rpc err          or: code = Unknown desc = missing signature key
  Warning  Failed                  16s (x2 over 40s)        kubelet, k8s-node1  Error: ErrImagePull
  Normal   BackOff                 1s (x2 over 39s)         kubelet, k8s-node1  Back-off pulling image "mysql:5.7"
  Warning  Failed                  1s (x2 over 39s)         kubelet, k8s-node1  Error: ImagePullBackOff

基本上是报错：  /run/flannel/subnet.env 找不到这个文件。

解决办法： 找另外一台有这个文件的节点，拷贝过来即可