原标题:Kubeadm安装k8s集群升级100年证书时报错:Unable to connect to the server: EOF:求解决方法.
[root@k8s-master01 ~]# kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.17", GitCommit:"953be8927218ec8067e1af2641e540238ffd7576", GitTreeState:"clean", BuildDate:"2023-02-22T13:33:14Z", GoVersion:"go1.19.6", Compiler:"gc", Platform:"linux/amd64"}
[root@k8s-master01 ~]# git clone https://gitee.com/mirrors/kubernetes.git Cloning into 'kubernetes'... remote: Enumerating objects: 1427037, done. remote: Counting objects: 100% (14341/14341), done. remote: Compressing objects: 100% (8326/8326), done. remote: Total 1427037 (delta 9201), reused 8548 (delta 5365), pack-reused 1412696 Receiving objects: 100% (1427037/1427037), 911.55 MiB | 16.42 MiB/s, done. Resolving deltas: 100% (1039605/1039605), done. Checking out files: 100% (23746/23746), done.
[root@k8s-master01 kubernetes]# git checkout v1.23.17 Checking out files: 100% (17024/17024), done. Note: checking out 'v1.23.17'. You are in 'detached HEAD' state. You can look around, make experimental changes and commit them, and you can discard any commits you make in this state without impacting any branches by performing another checkout. If you want to create a new branch to retain commits you create, you may do so (now or later) by using -b with the checkout command again. Example: git checkout -b new_branch_name HEAD is now at 953be89... Release commit for Kubernetes v1.23.17
[root@k8s-master01 kubernetes]# docker run -ti --rm -v `pwd`:/go/src/ registry.cn-beijing.aliyuncs.com/dotbalo/golang:kubeadm bash Unable to find image 'registry.cn-beijing.aliyuncs.com/dotbalo/golang:kubeadm' locally kubeadm: Pulling from dotbalo/golang f606d8928ed3: Pull complete 47db815c6a45: Pull complete bf4849400000: Pull complete a572f7a256d3: Pull complete 643043c84a42: Pull complete 4bbfdffcd51b: Pull complete 7bacd2cea1ca: Pull complete 4ca1c8393efa: Pull complete Digest: sha256:af620e3fb7f2a8ee5e070c2f5608cc6e1600ec98c94d7dd25778a67f1a0b792a Status: Downloaded newer image for registry.cn-beijing.aliyuncs.com/dotbalo/golang:kubeadm
root@85165a2f7d91:/go# cd /go/src/ root@85165a2f7d91:/go/src#
root@85165a2f7d91:/go/src# go env -w GOPROXY=https://goproxy.cn,direct root@85165a2f7d91:/go/src# go env -w GOSUMDB=off
root@85165a2f7d91:/go/src# grep "365" cmd/kubeadm/app/constants/constants.go CertificateValidity = time.Hour * 24 * 365
root@85165a2f7d91:/go/src# sed -i 's#365#365 * 100#g' cmd/kubeadm/app/constants/constants.go
root@85165a2f7d91:/go/src# grep "365" cmd/kubeadm/app/constants/constants.go CertificateValidity = time.Hour * 24 * 365 * 100
root@85165a2f7d91:/go/src# mkdir -p _output/
root@85165a2f7d91:/go/src# chmod 777 -R _output/
root@85165a2f7d91:/go/src# make WHAT=cmd/kubeadm
root@5592256d5bb3:/go/src# ls _output/bin/kubeadm _output/bin/kubeadm
root@5592256d5bb3:/go/src# cp _output/bin/kubeadm ./kubeadm
[root@k8s-master01 kubernetes]# cp kubeadm /opt/
[root@k8s-master01 kubernetes]# /opt/kubeadm certs renew all [renew] Reading configuration from the cluster... [renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' [renew] Error reading configuration from the Cluster. Falling back to default configuration certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed certificate for serving the Kubernetes API renewed certificate the apiserver uses to access etcd renewed certificate for the API server to connect to kubelet renewed certificate embedded in the kubeconfig file for the controller manager to use renewed certificate for liveness probes to healthcheck etcd renewed certificate for etcd nodes to communicate with each other renewed certificate for serving etcd renewed certificate for the front proxy client renewed certificate embedded in the kubeconfig file for the scheduler manager to use renewed Done renewing certificates. You must restart the kube-apiserver, kube-controller-manager, kube-scheduler and etcd, so that they can use the new certificates.
[root@k8s-master01 kubernetes]# /opt/kubeadm version kubeadm version: &version.Info{Major:"1", Minor:"23+", GitVersion:"v1.23.17-dirty", GitCommit:"953be8927218ec8067e1af2641e540238ffd7576", GitTreeState:"dirty", BuildDate:"2023-03-30T11:19:36Z", GoVersion:"go1.19.2", Compiler:"gc", Platform:"linux/amd64"}
[root@k8s-master01 kubernetes]# kubeadm certs check-expiration [check-expiration] Reading configuration from the cluster... [check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' [check-expiration] Error reading configuration from the Cluster. Falling back to default configuration CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED admin.conf Mar 06, 2123 13:46 UTC 99y ca no apiserver Mar 06, 2123 13:46 UTC 99y ca no apiserver-etcd-client Mar 06, 2123 13:46 UTC 99y etcd-ca no apiserver-kubelet-client Mar 06, 2123 13:46 UTC 99y ca no controller-manager.conf Mar 06, 2123 13:46 UTC 99y ca no etcd-healthcheck-client Mar 06, 2123 13:46 UTC 99y etcd-ca no etcd-peer Mar 06, 2123 13:46 UTC 99y etcd-ca no etcd-server Mar 06, 2123 13:46 UTC 99y etcd-ca no front-proxy-client Mar 06, 2123 13:46 UTC 99y front-proxy-ca no scheduler.conf Mar 06, 2123 13:46 UTC 99y ca no CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED ca Mar 20, 2033 03:14 UTC 9y no etcd-ca Mar 20, 2033 03:14 UTC 9y no front-proxy-ca Mar 20, 2033 03:14 UTC 9y no
[root@k8s-master01 kubernetes]# systemctl restart kubelet