Task weight: 2%

Use context: kubectl config use-context k8s-c2-AC

Check how long the kube-apiserver server certificate is valid on cluster2-controlplane1 . Do this with openssl or cfssl. Write the exipiration date into /opt/course/22/expiration .

Also run the correct kubeadm command to list the expiration dates and confirm both methods show the same date.

Write the correct kubeadm command that would renew the apiserver server certificate into /opt/course/22/kubeadm-renew-certs.sh .


译文:

检查 kube-apiserver 服务器证书在 cluster2-controlplane1 上的有效时间。用openssl或cfssl做这个。把有效期写进 /opt/course/22/expiration

同时运行正确的 kubeadm 命令来列出到期日期,并确认两种方法都显示相同的日期。

将更新apiserver服务器证书的正确 kubeadm 命令写入 /opt/course/22/kubeadm-renew-erts.sh


解答:
kubectl config use-context k8s-c2-AC

连接到controlplane1,并检查证书过期时间

ssh cluster2-controlplane1

root@cluster2-controlplane1:~# find /etc/kubernetes/pki | grep apiserver
root@cluster2-controlplane1:~# openssl x509  -noout -text -in /etc/kubernetes/pki/apiserver.crt | grep Validity -A2

file

使用kubeadm 来获取过期时间

root@cluster2-controlplane1:~# kubeadm certs check-expiration | grep apiserver

file

写过期时间到文件

echo "Jan 10 05:00:49 2024 GMT" > /opt/course/22/expiration

更新证书

echo "kubeadm certs renew apiserver" > /opt/course/22/kubeadm-renew-certs.sh

Killer.sh CKA模拟题目 汇总