Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # make sure this script executed on master node
- source /data/kubernetes/env.sh
- # backup master node certificates
- cp -r /etc/kubernetes/pki /etc/kubernetes/pki_backup
- # remove expired certificates
- rm /etc/kubernetes/pki/apiserver-kubelet-client.crt
- rm /etc/kubernetes/pki/apiserver-kubelet-client.key
- rm /etc/kubernetes/pki/apiserver.crt
- rm /etc/kubernetes/pki/apiserver.key
- rm /etc/kubernetes/pki/front-proxy-client.crt
- rm /etc/kubernetes/pki/front-proxy-client.key
- # generate new certificates
- kubeadm alpha phase certs apiserver --apiserver-advertise-address ${MASTER_IP} --apiserver-cert-extra-sans ${ENV_API_EXTERNAL_DOMAIN},${MASTER_IP},${HOST_INSTANCE_ID} --service-cidr 10.96.0.0/16 --service-dns-domain cluster.local
- kubeadm alpha phase certs apiserver-kubelet-client
- kubeadm alpha phase certs front-proxy-client
- # backup control plane kubeconfig
- mkdir -p /data/kubernetes/control_plane_kubeconfig
- mv /data/kubernetes/admin.conf /data/kubernetes/control_plane_kubeconfig/
- mv /data/kubernetes/controller-manager.conf /data/kubernetes/control_plane_kubeconfig/
- mv /data/kubernetes/scheduler.conf /data/kubernetes/control_plane_kubeconfig/
- mv /data/kubernetes/kubelet.conf /data/kubernetes/control_plane_kubeconfig/
- # generate new control plane kubeconfig files
- kubeadm alpha phase kubeconfig all --apiserver-advertise-address ${MASTER_IP}
- systemctl restart docker && systemctl restart kubelet
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
