K8S join 证书过期 节点报错:certificate has expired or is not yet valid

  • 开发
  • 13

问题场景:

我是因为虚拟机,挂起了几天,再打开join节点的时候报错:

  • 证书过期报错
...其他输出
I0427 15:33:56.626776   93338 token.go:215] [discovery] Failed to request cluster-info, will try again: Get "https://192.168.1.100:6443/api/v1/namespaces/kube-public/configmaps/cluster-info?timeout=10s": x509: certificate has expired or is not yet valid: current time 2024-04-27T15:33:56+08:00 is before 2024-04-27T12:26:15Z

certificate has expired or is not yet valid: current time 就是指的证书过期,而且是master的证书过期。

解决办法:


检查各个证书是否真的过期

[root@master pki]# kubeadm alpha certs check-expiration
CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Apr 27, 2025 12:59 UTC   364d                                    no
apiserver                  Apr 27, 2025 13:05 UTC   364d            ca                      no
apiserver-etcd-client      Apr 27, 2025 12:26 UTC   364d            etcd-ca                 no
apiserver-kubelet-client   Apr 27, 2025 12:59 UTC   364d            ca                      no
controller-manager.conf    Apr 27, 2025 12:59 UTC   364d                                    no
etcd-healthcheck-client    Apr 27, 2025 12:26 UTC   364d            etcd-ca                 no
etcd-peer                  Apr 27, 2025 12:26 UTC   364d            etcd-ca                 no
etcd-server                Apr 27, 2025 12:26 UTC   364d            etcd-ca                 no
front-proxy-client         Apr 27, 2025 12:59 UTC   364d            front-proxy-ca          no
scheduler.conf             Apr 27, 2025 12:59 UTC   364d                                    no

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Apr 25, 2034 12:26 UTC   9y              no
etcd-ca                 Apr 25, 2034 12:26 UTC   9y              no
front-proxy-ca          Apr 25, 2034 12:26 UTC   9y              no

我这里显示是没有过期的

如果没有过期就同步各个服务器的时间,一般安装k8s都有装ntpdate没有的话自行安装

[root@master pki]# ntpdate time.windows.com
# 或者
[root@master pki]# ntpdate pool.ntp.org

如果过期了,就刷新重新刷新证书(全部)并重启Docker容器内容和K8S

[root@master pki]# kubeadm alpha certs renew all
[root@master pki]# docker ps |grep kube-apiserver|grep -v pause|awk '{print $1}'|xargs -i docker restart {}
[root@master pki]# docker ps |grep kube-controller-manage|grep -v pause|awk '{print $1}'|xargs -i docker restart {}
[root@master pki]# docker ps |grep kube-scheduler|grep -v pause|awk '{print $1}'|xargs -i docker restart {}
[root@master pki]# systemctl restart kubelet

阅读全部

相关推荐

  1. K8S join 证书过期 节点:certificate has expired or is not yet valid

    2024-05-03 08:48:08       14 阅读

  3. k8s处理

    2024-05-03 08:48:08       36 阅读

  4. k8s自签证书过期x509: certificate has expired or is not yet valid

    2024-05-03 08:48:08       41 阅读

  5. k8s集群的CA证书过期处理

    2024-05-03 08:48:08       24 阅读

  8. 一些k8s的小的记录

    2024-05-03 08:48:08       41 阅读

最近更新

  4. TCP协议是安全的吗?

    2024-05-03 08:48:08       16 阅读

  12. 阿里云服务器执行yum,一直下载docker-ce-stable失败

    2024-05-03 08:48:08       16 阅读

  13. 【Python教程】压缩PDF文件大小

    2024-05-03 08:48:08       15 阅读

  18. 通过文章id递归查询所有评论(xml)

    2024-05-03 08:48:08       18 阅读

热门阅读

  1. 启程Python机器学习之旅:从JupyterLab到神经网络初探

    2024-05-03 08:48:08       14 阅读

  5. Windows 下安装 jupyter notebook

    2024-05-03 08:48:08       14 阅读

  7. 7-79 坚持散步

    2024-05-03 08:48:08       12 阅读

  9. 关于逐帧读取视频,并且读取视频帧图片标注

    2024-05-03 08:48:08       13 阅读

  11. 机器翻译常用指标BLEU

    2024-05-03 08:48:08       12 阅读

  12. 【DevOps】使用Docker Compose 部署Web应用

    2024-05-03 08:48:08       12 阅读

  17. 软件架构设计模式:微服务与单体架构的比较

    2024-05-03 08:48:08       11 阅读

  20. Linux下深度学习虚拟环境的搭建与模型训练

    2024-05-03 08:48:08       13 阅读

  21. 深度学习的核心数学知识点

    2024-05-03 08:48:08       12 阅读