重置csr
注意:下面操作仅在刚安装k8s后24小时内有效
分析:kubelet启动后会生成如下文件。kubelet.conf文件决定了csr的存在,如果要想重新获取csr,可以停掉kubelet,删除kubelet.conf文件,重启kubelet就可以获得csr
ls -l /etc/kubernetes/kubelet.conf
ls -l /etc/kubernetes/pki/kubelet*
[root@test2 ~]# ls -l /etc/kubernetes/kubelet.conf
-rw------- 1 root root 2295 Jan 22 10:07 /etc/kubernetes/kubelet.conf
[root@test2 ~]# ls -l /etc/kubernetes/pki/kubelet*
-rw------- 1 root root 1273 Jan 22 10:07 /etc/kubernetes/pki/kubelet-client-2019-01-22-10-07-06.pem
lrwxrwxrwx 1 root root 58 Jan 22 10:07 /etc/kubernetes/pki/kubelet-client-current.pem -> /etc/kubernetes/pki/kubelet-client-2019-01-22-10-07-06.pem
-rw-r--r-- 1 root root 2181 Jan 22 02:10 /etc/kubernetes/pki/kubelet.crt
-rw------- 1 root root 1675 Jan 22 02:10 /etc/kubernetes/pki/kubelet.key
查看目前所有csr
[root@test1 ~]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-462w6AWPUkqlTnmKUT1gs6orq6WqBWaTO1XndyRA5co 55m kubelet-bootstrap Approved,Issued
node-csr-in1KxGY-YMGu_CMY1Psl_1ZYx4kMDPwNkBuFP5_OXZY 28m kubelet-bootstrap Approved,Issued
删除node1节点csr
[root@test1 ~]# kubectl delete csr node-csr-in1KxGY-YMGu_CMY1Psl_1ZYx4kMDPwNkBuFP5_OXZY
certificatesigningrequest.certificates.k8s.io "node-csr-in1KxGY-YMGu_CMY1Psl_1ZYx4kMDPwNkBuFP5_OXZY" deleted
[root@test1 ~]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-462w6AWPUkqlTnmKUT1gs6orq6WqBWaTO1XndyRA5co 57m kubelet-bootstrap Approved,Issued
停掉该节点的kubelet
[root@lab3 ~]# systemctl stop kubelet
删除该节点的kubelet.conf文件
[root@lab1 ~]# rm -rf /etc/kubernetes/kubelet.conf
重启该节点的kubelet
[root@lab1 ~]# systemctl restart kubelet
查看csr
[root@test1 kubernetes]# kubectl get csr
NAME AGE REQUESTOR CONDITION
node-csr-462w6AWPUkqlTnmKUT1gs6orq6WqBWaTO1XndyRA5co 1h kubelet-bootstrap Approved,Issued
node-csr-in1KxGY-YMGu_CMY1Psl_1ZYx4kMDPwNkBuFP5_OXZY 25s kubelet-bootstrap Pending
参照文档:
https://my.oschina.net/u/3390908/blog/1649764
浙公网安备 33010602011771号