记kubenets-更新证书

证书过期续签问题

#使用kubectl 出现的错误，提示证书过期了。
15:58:07 Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2022-11-19T16:01:04+08:00 is after 2022-11-19T06:50:53Z

在master执行

#openssl命令查看证书过期时间
openssl x509 -noout -text -in /etc/kubernetes/pki/apiserver.crt
#k8s查看证书过期时间
kubeadm certs check-expiration
#更新证书
kubeadm certs renew all

kubeadm更新证书，影响文件:

一般k8s证书文件都在/etc/kubernetes/pki/下

/etc/kubenetes/
scheduler.conf
controller-manager.conf
admin.conf

./pki/
front-proxy-client.crt
front-proxy-client.key
apiserver-kubelet-client.crt
apiserver-kubelet-client.key
apiserver-etcd-client.crt
apiserver-etcd-client.key
apiserver.crt
apiserver.key

./pki/etcd/
server.crt
server.key
peer.crt
peer.key
healthcheck-client.crt
healthcheck-client.key

使用master01中的cert-main-master.sh脚本更新其他master证书，
更新完后需要重启k8s服务
k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd

systemctl restart kubelet

node节点

需要重新从master中获取admin.conf文件替换
/etc/kubenetes/admin.conf

多master节点启动报错

kubelet启动失败的错误

11月 19 18:55:41 master01 kubelet[957]: E1119 18:55:41.244364     957 kubelet.go:2412] "Error getting node" err="node \"master01\" not found"

因为api-server启动失败因为etcd启动失败

{"level":"warn","ts":"2022-11-19T10:49:38.149Z","caller":"etcdserver/server.go:2048","msg":"failed to publish local member to cluster through raft","local-member-id":"81ab23facc705c5e","locas:[https://192.168.31.132:2379]}","request-path":"/0/members/81ab23facc705c5e/attributes","publish-timeout":"7s","error":"etcdserver: request timed out"}
{"level":"info","ts":"2022-11-19T10:49:38.399Z","logger":"raft","caller":"etcdserver/zap_raft.go:77","msg":"81ab23facc705c5e is starting a new election at term 838"}
{"level":"info","ts":"2022-11-19T10:49:38.399Z","logger":"raft","caller":"etcdserver/zap_raft.go:77","msg":"81ab23facc705c5e became pre-candidate at term 838"}
{"level":"info","ts":"2022-11-19T10:49:38.399Z","logger":"raft","caller":"etcdserver/zap_raft.go:77","msg":"81ab23facc705c5e received MsgPreVoteResp from 81ab23facc705c5e at term 838"}
{"level":"info","ts":"2022-11-19T10:49:38.399Z","logger":"raft","caller":"etcdserver/zap_raft.go:77","msg":"81ab23facc705c5e [logterm: 838, index: 78805032] sent MsgPreVote request to 829901
{"level":"info","ts":"2022-11-19T10:49:38.400Z","logger":"raft","caller":"etcdserver/zap_raft.go:77","msg":"81ab23facc705c5e [logterm: 838, index: 78805032] sent MsgPreVote request to c77160
{"level":"warn","ts":"2022-11-19T10:49:39.147Z","caller":"rafthttp/probing_status.go:68","msg":"prober detected unhealthy status","round-tripper-name":"ROUND_TRIPPER_RAFT_MESSAGE","remote-pedial tcp 192.168.31.189:2380: connect: no route to host"}
{"level":"warn","ts":"2022-11-19T10:49:39.147Z","caller":"rafthttp/probing_status.go:68","msg":"prober detected unhealthy status","round-tripper-name":"ROUND_TRIPPER_SNAPSHOT","remote-peer-i tcp 192.168.31.189:2380: connect: no route to host"}
{"level":"warn","ts":"2022-11-19T10:49:39.150Z","caller":"rafthttp/probing_status.go:68","msg":"prober detected unhealthy status","round-tripper-name":"ROUND_TRIPPER_SNAPSHOT","remote-peer-i tcp 192.168.31.245:2380: connect: no route to host"}
{"level":"warn","ts":"2022-11-19T10:49:39.150Z","caller":"rafthttp/probing_status.go:68","msg":"prober detected unhealthy status","round-tripper-name":"ROUND_TRIPPER_RAFT_MESSAGE","remote-pedial tcp 192.168.31.245:2380: connect: no route to host"}

etcd启动失败因为有多个master节点，需要同时启动多个master节点

其他参考

docker ps -a查看容器启动情况
使用docker logs -f ID查看日志

# docker ps -a
CONTAINER ID   IMAGE                  COMMAND                  CREATED          STATUS                          PORTS     NAMES
5f8e0a5134a4   53224b502ea4           "kube-apiserver --ad…"   2 minutes ago    Exited (1) About a minute ago             k8s_kube-apiserver_kube-apiserver-master01_kube-system_3a103ffbab7c7
7e7bd38fda98   004811815584           "etcd --advertise-cl…"   2 minutes ago    Up 2 minutes                              k8s_etcd_etcd-master01_kube-system_fcb5b6c01c8c7ec7c0128ca15e358bf0_
505f13b9460c   004811815584           "etcd --advertise-cl…"   6 minutes ago    Exited (2) 2 minutes ago                  k8s_etcd_etcd-master01_kube-system_fcb5b6c01c8c7ec7c0128ca15e358bf0_
bdd3c663685e   05c905cef780           "kube-controller-man…"   37 minutes ago   Up 37 minutes                             k8s_kube-controller-manager_kube-controller-manager-master01_kube-sy
f193eda14fc9   0aa9c7e31d30           "kube-scheduler --au…"   37 minutes ago   Up 37 minutes                             k8s_kube-scheduler_kube-scheduler-master01_kube-system_ce98abf1ceb5f
a7554dee07d1   k8s.gcr.io/pause:3.5   "/pause"                 37 minutes ago   Up 37 minutes                             k8s_POD_kube-scheduler-master01_kube-system_ce98abf1ceb5f9727ff1f6b5
c512ac959b0c   k8s.gcr.io/pause:3.5   "/pause"                 37 minutes ago   Up 37 minutes                             k8s_POD_kube-controller-manager-master01_kube-system_9841182058077a6
8ed6d575561a   k8s.gcr.io/pause:3.5   "/pause"                 37 minutes ago   Up 37 minutes                             k8s_POD_kube-apiserver-master01_kube-system_3a103ffbab7c7281000a6298
6587c3905f2e   k8s.gcr.io/pause:3.5   "/pause"                 37 minutes ago   Up 37 minutes                             k8s_POD_etcd-master01_kube-system_fcb5b6c01c8c7ec7c0128ca15e358bf0_1
7f3d64b59944   0aa9c7e31d30           "kube-scheduler --au…"   2 hours ago      Exited (255) 37 minutes ago               k8s_kube-scheduler_kube-scheduler-master01_kube-system_ce98abf1ceb5f
bf1e676be635   05c905cef780           "kube-controller-man…"   2 hours ago      Exited (255) 37 minutes ago               k8s_kube-controller-manager_kube-controller-manager-master01_kube-sy
19394b6900d3   k8s.gcr.io/pause:3.5   "/pause"                 2 hours ago      Exited (255) 37 minutes ago               k8s_POD_kube-scheduler-master01_kube-system_ce98abf1ceb5f9727ff1f6b5
d8edd1744fc7   k8s.gcr.io/pause:3.5   "/pause"                 2 hours ago      Exited (255) 37 minutes ago               k8s_POD_kube-controller-manager-master01_kube-system_9841182058077a6
48bb929fe427   8d147537fb7d           "/coredns -conf /etc…"   2 days ago       Exited (0) 2 hours ago                    k8s_coredns_coredns-78fcd69978-2zb6j_kube-system_30ea3a56-8ba7-4725-
d66b7b025c68   8d147537fb7d           "/coredns -conf /etc…"   2 days ago       Exited (0) 2 hours ago                    k8s_coredns_coredns-78fcd69978-cpdxv_kube-system_1ee32571-d952-4180-
0f368dba6cd0   cb977f5197a1           "java -jar /app.jar …"   2 days ago       Exited (143) 2 hours ago                  k8s_szjyserver_szjyserver-c565f4d88-z85jc_test_dbfd94cc-38a5-4c76-b6
af35be1d6143   43e8e8772bf0           "java -jar /app.jar …"   2 days ago       Exited (143) 2 hours ago                  k8s_xsserver_xsserver-6bb944f76b-qsc7w_test_268dd7cb-4ed4-408c-aaab-
eb305f1c33e0   868da3864bbb           "java -jar /app.jar …"   2 days ago       Exited (143) 2 hours ago                  k8s_lqgpfserver_lqgpfserver-5849cdfdf8-ctnvd_test_7103f619-ff52-4f13
287bc9f96b83   k8s.gcr.io/pause:3.5   "/pause"                 3 days ago       Exited (0) 2 hours ago                    k8s_POD_szjyserver-c565f4d88-z85jc_test_dbfd94cc-38a5-4c76-b644-089b
5c49b1cc0ad9   k8s.gcr.io/pause:3.5   "/pause"                 4 days ago       Exited (0) 2 hours ago                    k8s_POD_lqgpfserver-5849cdfdf8-ctnvd_test_7103f619-ff52-4f13-a8b7-b0
19422cd3b4a7   k8s.gcr.io/pause:3.5   "/pause"                 4 days ago       Exited (0) 2 hours ago                    k8s_POD_xsserver-6bb944f76b-qsc7w_test_268dd7cb-4ed4-408c-aaab-fb86f
1d68923ee9cf   7801cfc6d5c0           "/metrics-sidecar"       4 days ago       Exited (2) 2 hours ago                    k8s_dashboard-metr

查看systemctld服务启动日志
journalctl -fu kubelet

完整显示docker command
docker ps -a --no-trunc | grep etcd

k8s大致启动过程

etcd -> flannel -> api-server -> kubelet

# kubernetes