侧边栏壁纸
博主头像
惬意小蜗牛博主等级

海内存知己,天涯若比邻!

  • 累计撰写 54 篇文章
  • 累计创建 143 个标签
  • 累计收到 41 条评论

目 录CONTENT

文章目录

Breeze 实战系列 之 breeze k8s 定时更新证书

惬意小蜗牛
2021-07-19 / 0 评论 / 0 点赞 / 693 阅读 / 591 字 / 正在检测是否收录...

凡是2020年以前发布的Breeze版本,请在部署完集群之后在三台master节点,手动执行以下命令替换/etc/kubernetes/kubelet.conf的内嵌证书 (updateKubelet.sh):

vi updateKubelet.sh
#!/bin/bash
TIME_STRING=`date "+%Y-%m-%d-%H-%M-%S"`
cd /etc/kubernetes/cp -p /etc/kubernetes/kubelet.conf /etc/kubernetes/kubelet.conf.$TIME_STRING
sed -i 's#client-certificate-data:.*$#client-certificate: /var/lib/kubelet/pki/kubelet-client-current.pem#g' kubelet.confsed -i 's#client-key-data:.*$#client-key: /var/lib/kubelet/pki/kubelet-client-current.pem#g' kubelet.conf

systemctl restart kubelet

另外,三台master主机上,添加一个crontab的脚本文件,脚本每半年执行一次,生成一个新的有效期为1年的配置文件,脚本如下:

vi /etc/kubernetes/breeze-k8s-half-year-crontab.sh

#!/bin/bash
TIME_STRING=`date "+%Y-%m-%d-%H-%M-%S"`
cd /etc/kubernetes/
mv admin.conf admin.conf.$TIME_STRING
mv controller-manager.conf controller-manager.conf.$TIME_STRING
mv scheduler.conf scheduler.conf.$TIME_STRING

kubeadm init phase kubeconfig admin
kubeadm init phase kubeconfig controller-manager
kubeadm init phase kubeconfig scheduler

#如果是 > = 3个master节点的使用此替换脚本
sed -i 's#server: https:.*$#server: https://127.0.0.1:6444#g' admin.conf
sed -i 's#server: https:.*$#server: https://127.0.0.1:6444#g' controller-manager.confs
sed -i 's#server: https:.*$#server: https://127.0.0.1:6444#g' scheduler.conf

#如果是1个master节点的使用此替换脚本
sed -i 's#server: https:.*$#server: https://127.0.0.1:6443#g' admin.conf
sed -i 's#server: https:.*$#server: https://127.0.0.1:6443#g' controller-manager.conf

sed -i 's#server: https:.*$#server: https://127.0.0.1:6443#g' scheduler.confcp -f /etc/kubernetes/admin.conf $HOME/.kube/configchown $(id -u):$(id -g) $HOME/.kube/config

#restart controller-manager and scheduler
docker ps|grep kube-controller-manager|awk '{print $1}'|xargs docker stop
docker ps|grep kube-scheduler|awk '{print $1}'|xargs docker stop

比如我们将上述脚本保存为/etc/kubernetes/breeze-k8s-half-year-crontab.sh,则可以执行命令crontab -e后编辑如下内容保存即可:

crontab -e

SHELL=/bin/bash    #如果存在则不需要
PATH=/sbin:/bin:/usr/sbin:/usr/bin    #如果存在则不需要

# 每年的1月1日和7月1日的0:00会执行该脚本0 0 1 1,7 * /etc/kubernetes/breeze-k8s-half-year-crontab.sh    #新增需要执行脚本的时间及脚本路径

# 每半年会执行该脚本0 1 1 */6 *  /etc/kubernetes/breeze-k8s-half-year-crontab.sh    #新增需要执行脚本的时间及脚本路径
0

评论区