本文最后更新于98 天前,其中的信息可能已经过时,如有错误请发送邮件到big_fw@foxmail.com
集群更换kube-vip
修改vip,每个master节点都要修改:
sed -i 's@value: 1.1.3.94@value: 1.1.3.102@g' /etc/kubernetes/manifests/kube-vip.yaml修改完vip之后需要更新apiserver证书:
#查看apiserver的证书信息
cd /etc/kubernetes/pki
openssl x509 -noout -text -in apiserver.crt |grep IP
#移动(删除)旧证书
mkdir -pv /opt/k8s-pki
mv apiserver.* /opt/k8s-pki
#生成新的证书,--apiserver-cert-extra-sans参数后可以加上需要添加的IP地址
kubeadm init phase certs apiserver \
#节点ip
--apiserver-advertise-address 1.1.3.86 \
#集群ip
--apiserver-cert-extra-sans 10.96.0.1 \
#kube-vip
--apiserver-cert-extra-sans 1.1.3.102
#修改kubelet配置文件(所有节点)
sed -i 's@https://1.1.3.94:6443@https://1.1.3.102:6443@g' /etc/kubernetes/kubelet.conf
#修改kubelet配置文件(master节点)
sed -i 's@https://1.1.3.94:6443@https://1.1.3.102:6443@g' /root/.kube/config
#重启所有节点kubelet
ansible all -m shell -a "systemctl restart kubelet"#修改集群配置
kubectl edit cm kubeadm-config -n kube-system
clusterName: kubernetes
controlPlaneEndpoint: 172.50.60.6:6443
#修改kube-proxy配置
kubectl edit cm -n kube-system kube-proxy
apiVersion: v1
kind: Config
clusters:
- cluster:
certificate-authority: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
server: https://172.50.60.6:6443
#重启kube-proxy
kubectl get po -n kube-system -owide |grep proxy |awk '{print $1}' |xargs kubectl delete po -n kube-system --force
