Task weight: 2%
Use context: kubectl config use-context k8s-c2-AC
Check how long the kube-apiserver server certificate is valid on cluster2-controlplane1 . Do this with openssl or cfssl. Write the exipiration date into /opt/course/22/expiration .
Also run the correct kubeadm command to list the expiration dates and confirm both methods show the same date.
Write the correct kubeadm command that would renew the apiserver server certificate into /opt/course/22/kubeadm-renew-certs.sh .
译文:
检查 kube-apiserver 服务器证书在 cluster2-controlplane1 上的有效时间。用openssl或cfssl做这个。把有效期写进 /opt/course/22/expiration 。
同时运行正确的 kubeadm 命令来列出到期日期,并确认两种方法都显示相同的日期。
将更新apiserver服务器证书的正确 kubeadm 命令写入 /opt/course/22/kubeadm-renew-erts.sh 。
解答:
kubectl config use-context k8s-c2-AC连接到controlplane1,并检查证书过期时间
ssh cluster2-controlplane1
root@cluster2-controlplane1:~# find /etc/kubernetes/pki | grep apiserver
root@cluster2-controlplane1:~# openssl x509 -noout -text -in /etc/kubernetes/pki/apiserver.crt | grep Validity -A2
使用kubeadm 来获取过期时间
root@cluster2-controlplane1:~# kubeadm certs check-expiration | grep apiserver
写过期时间到文件
echo "Jan 10 05:00:49 2024 GMT" > /opt/course/22/expiration更新证书
echo "kubeadm certs renew apiserver" > /opt/course/22/kubeadm-renew-certs.sh