kubernetes master 更换ip(单节点)
<h2> </h2><div class="post_content markdown">
<h3 id="问题分析">问题分析</h3>
<p>master ip地址变更以后,我们首先应该检查以下内容:</p>
<ol>
<li>
<p><code>/etc/kubernetes/manifests</code>下面的config配置文件,替换里面对应的ip</p>
</li>
<li>
<p>相关的证书文件</p>
</li>
<li>
<p>客户端文件</p>
</li>
</ol>
<h3 id="解决步骤">解决步骤</h3>
<h4 id="准备config文件">准备config文件</h4>
<blockquote>
<p>如果环境能出国网则不用进行该步骤,此文件为kubeadm.config<br>
使用该文件时候注意替换相关的API地址和端口等信息</p>
</blockquote>
<div class="cnblogs_code">
<pre>apiVersion: kubeadm.k8s.io/<span style="color: rgba(0, 0, 0, 1)">v1beta2
bootstrapTokens:
</span>-<span style="color: rgba(0, 0, 0, 1)"> groups:
</span>- system:bootstrappers:kubeadm:default-node-<span style="color: rgba(0, 0, 0, 1)">token
token: abcdef.0123456789abcdef
ttl: 24h0m0s
usages:
</span>-<span style="color: rgba(0, 0, 0, 1)"> signing
</span>-<span style="color: rgba(0, 0, 0, 1)"> authentication
kind: InitConfiguration
localAPIEndpoint:
advertiseAddress: </span>100.64.139.62<span style="color: rgba(0, 0, 0, 1)">
bindPort: </span>6443<span style="color: rgba(0, 0, 0, 1)">
nodeRegistration:
criSocket: </span>/var/run/<span style="color: rgba(0, 0, 0, 1)">dockershim.sock
name: k8s</span>-master-2<span style="color: rgba(0, 0, 0, 1)">
taints:
</span>-<span style="color: rgba(0, 0, 0, 1)"> effect: NoSchedule
key: node</span>-role.kubernetes.io/<span style="color: rgba(0, 0, 0, 1)">master
</span>---<span style="color: rgba(0, 0, 0, 1)">
apiServer:
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io</span>/<span style="color: rgba(0, 0, 0, 1)">v1beta2
certificatesDir: </span>/etc/kubernetes/<span style="color: rgba(0, 0, 0, 1)">pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: </span>/var/lib/<span style="color: rgba(0, 0, 0, 1)">etcd
kind: ClusterConfiguration
imageRepository: registry.cn</span>-hangzhou.aliyuncs.com/<span style="color: rgba(0, 0, 0, 1)">google_containers
kubernetesVersion: v1.</span>16.0<span style="color: rgba(0, 0, 0, 1)">
networking:
dnsDomain: cluster.local
serviceSubnet: </span>10.96.0.0/12<span style="color: rgba(0, 0, 0, 1)">
scheduler: {}</span></pre>
</div>
<p> </p>
<h4 id="修改配置文件">修改配置文件</h4>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)"> cd /etc/kubernetes</span>
<span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)"> find . -type f |xargs grep 100.64.139.60 |awk '{print $1}' |sort |uniq</span>
./<span style="color: rgba(0, 0, 0, 1)">admin.conf:
.</span>/controller-<span style="color: rgba(0, 0, 0, 1)">manager.conf:
.</span>/<span style="color: rgba(0, 0, 0, 1)">kubelet.conf:
.</span>/manifests/<span style="color: rgba(0, 0, 0, 1)">etcd.yaml:
.</span>/manifests/kube-<span style="color: rgba(0, 0, 0, 1)">apiserver.yaml:
.</span>/scheduler.conf:</pre>
</div>
<p> </p>
<p>其中几个conf文件为kubeadm自动生成的带证书的客户端配置文件,需要修改的为<code>etcd.yaml</code>,<code>kube-apiserver.yaml</code>两个配置文件。将里面对应的ip地址修改为新的ip地址。</p>
<h4 id="生成新证书">生成新证书</h4>
<p><strong>方法一:部分删除生成证书</strong></p>
<p>备份原始证书,根据<code>find</code>命令的输出,以下相关的服务证书需要更换<code>kubelt api proxy</code></p>
<pre><code># 备份原始证书<br><br></code></pre>
<div class="cnblogs_code">
<pre>mv /etc/kubernetes/pki/apiserver.key /etc/kubernetes/pki/<span style="color: rgba(0, 0, 0, 1)">apiserver.key.old
mv </span>/etc/kubernetes/pki/apiserver.crt /etc/kubernetes/pki/<span style="color: rgba(0, 0, 0, 1)">apiserver.crt.old
mv </span>/etc/kubernetes/pki/apiserver-kubelet-client.crt /etc/kubernetes/pki/apiserver-kubelet-<span style="color: rgba(0, 0, 0, 1)">client.crt.old
mv </span>/etc/kubernetes/pki/apiserver-kubelet-client.key /etc/kubernetes/pki/apiserver-kubelet-<span style="color: rgba(0, 0, 0, 1)">client.key.old
mv </span>/etc/kubernetes/pki/front-proxy-client.crt /etc/kubernetes/pki/front-proxy-<span style="color: rgba(0, 0, 0, 1)">client.crt.old
mv </span>/etc/kubernetes/pki/front-proxy-client.key /etc/kubernetes/pki/front-proxy-client.key.old</pre>
</div>
<p><code> </code></p>
<pre><em id="__mceDel"><code># 生成新证书<br><br></code></em></pre>
<div class="cnblogs_code">
<pre>kubeadm initphase certs apiserver --<span style="color: rgba(0, 0, 0, 1)">config kubeadm.config
kubeadm initphase certs apiserver</span>-kubelet-client --<span style="color: rgba(0, 0, 0, 1)">config kubeadm.config
kubeadm initphase certs front</span>-proxy-client --config kubeadm.config</pre>
</div>
<p> </p>
<pre><code>
kubeadm initphase certs apiserver --config kubeadm.config
kubeadm initphase certs apiserver-kubelet-client --config kubeadm.config
kubeadm initphase certs front-proxy-client --config kubeadm.config
</code></pre>
<p><strong>方法二:全部删除生成证书</strong></p>
<pre><code># 全部删除证书<br></code></pre>
<div class="cnblogs_code">
<pre>mv /etc/kubernetes/pki/etc/kubernetes/pki.old</pre>
</div>
<p> </p>
<pre><code>
# 生成新证书</code></pre>
<div class="cnblogs_code">
<pre>kubeadm initphase certs all --config kubeadm.config</pre>
</div>
<p> </p>
<h4 id="生成新的客户端文件">生成新的客户端文件</h4>
<p><strong>方法一:分步骤生成</strong></p>
<p> </p>
<div class="cnblogs_code">
<pre>kubeadminit phase kubeconfig admin --<span style="color: rgba(0, 0, 0, 1)">config kubeadm.config
kubeadminit phase kubeconfig controller</span>-manager --<span style="color: rgba(0, 0, 0, 1)">config kubeadm.config
kubeadminit phase kubeconfig kubelet </span>--<span style="color: rgba(0, 0, 0, 1)">config kubeadm.config
kubeadminit phase kubeconfig scheduler </span>--config kubeadm.config</pre>
</div>
<p> </p>
<p><strong>方法二:一次全部生成</strong></p>
<div class="cnblogs_code">
<pre>mv /etc/kubernetes/*.conf /<span style="color: rgba(0, 0, 0, 1)">tmp
kubeadminit phase kubeconfig all </span>--config kubeadm.config</pre>
</div>
<p> </p>
<h4 id="查看证书过期时间">查看证书过期时间</h4>
<p> </p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 128, 0, 1)">#</span><span style="color: rgba(0, 128, 0, 1)"> kubeadmalphacerts check-expiration</span>
<span style="color: rgba(0, 0, 0, 1)">CERTIFICATE EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
admin.conf Dec </span>10, 2020 05:31<span style="color: rgba(0, 0, 0, 1)"> UTC 364d no
apiserver Dec </span>10, 2020 05:30<span style="color: rgba(0, 0, 0, 1)"> UTC 364d no
apiserver</span>-etcd-client Dec 10, 2020 05:31<span style="color: rgba(0, 0, 0, 1)"> UTC 364d no
apiserver</span>-kubelet-client Dec 10, 2020 05:30<span style="color: rgba(0, 0, 0, 1)"> UTC 364d no
controller</span>-manager.conf Dec 10, 2020 05:31<span style="color: rgba(0, 0, 0, 1)"> UTC 364d no
etcd</span>-healthcheck-client Dec 10, 2020 05:31<span style="color: rgba(0, 0, 0, 1)"> UTC 364d no
etcd</span>-peer Dec 10, 2020 05:31<span style="color: rgba(0, 0, 0, 1)"> UTC 364d no
etcd</span>-server Dec 10, 2020 05:30<span style="color: rgba(0, 0, 0, 1)"> UTC 364d no
front</span>-proxy-client Dec 10, 2020 05:30<span style="color: rgba(0, 0, 0, 1)"> UTC 364d no
scheduler.conf Dec </span>10, 2020 05:31 UTC 364d no</pre>
</div>
<p> </p>
<h4 id="重启服务">重启服务</h4>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">service docker restart
service kubelet restart</span></pre>
</div>
<p> </p>
<p> </p>
<p class="md_block"> </p>
</div>
</div>
<div id="MySignature" role="contentinfo">
全世界的程序员们联合起来吧!<br><br>
来源:https://www.cnblogs.com/chaojiyingxiong/p/12047628.html
頁:
[1]