1. Back up the entire certificate directory cp -r /etc/kubernetes/ /etc/kubernetes-old
2, check the certificate expiration time openssl x509 – in apiserver. CRT – text – noout | grep Not
Renew all certificates kubeadm alpha certs renew All The certificate can be viewed for 100 years
Kubeadm config view > /root/cluster.yaml kubeadm init phase kubeconfig all /root/cluster.yaml
5. Restart etCD, Apiserver, Controller, and Scheduler Docker rm -f dockerID Docker logs -f dockerid
6. Perform the above operations on each master node in sequence, and the ETCD is fine. If the container restarts and loads the certificate, there will be no problem.
etcd3 get / –prefix –keys-only