Rancher 更新 kubelet 证书

发表于 阅读次数: 本文字数: 128 阅读时长 ≈ 1 分钟

检查

1
2
3
cd /var/lib/kubelet/pki/ && openssl x509 -in kubelet.crt -text -noout  |grep After

openssl x509 -in /var/lib/kubelet/pki/kubelet.crt  -noout -dates

处理

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# ansible剧本
- hosts: "{{ host }}"
  remote_user: root
  gather_facts: no
  tasks:
  - name: 删除 /var/lib/kubelet/pki/ 目录下的所有文件
    file:
      path: /var/lib/kubelet/pki/
      state: absent
  - name: 重启 kubelet 容器
    shell: docker restart kubelet

# ansible执行
ansible-playbook -i hosts -e "host=region" upgrade_certificate.yaml

# ansible检查
ansible -i ./hosts all -m shell -a "openssl x509 -in /var/lib/kubelet/pki/kubelet.crt -noout -dates"

后续

1
2
3
kubectl rollout restart ds calico-node -n kube-system
或者
kubectl delete po -l k8s-app=calico-node -n kube-system