Unable to connect to the server: x509: certificate is valid for xxx.xxx.xxx.xxx not yyy.yyy.yyy.yyy
安装方式:kubeadm
内网 IP:xxx.xxx.xxx.xxx
外网 IP:yyy.yyy.yyy.yyy
证书目录:/etc/kubernetes/pki
kubeadm 配置文件目录:/etc/kubernetes/kubeadm-config.yaml
cp -r /etc/kubernetes /etc/kubernetes.bak
找到 ClusterConfiguration 中的 certSANs 并添加 yyy.yyy.yyy.yyy
vim /etc/kubernetes/kubeadm-config.yaml
apiVersion: kubeadm.k8s.io/v1beta2
kind: ClusterConfiguration
etcd:
external:
endpoints:
- https://xxx.xxx.xxx.xxx:6443
apiServer:
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
certSANs:
- xxx.xxx.xxx.xxx
- yyy.yyy.yyy.yyy
kubeadm init phase certs apiserver --config /etc/kubernetes/kubeadm-config.yaml
[certs] Generating "apiserver" certificate and key
[certs] apiserver serving cert is signed for DNS names [xxx.xxx.xxx.xxx yyy.yyy.yyy.yyy]
登录所有的master主机,kill kube-apiserver 进程就能全部重新运行了
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text | grep yyy.yyy.yyy.yyy
如果这篇文章对你有所帮助,可以通过下边的“打赏”功能进行小额的打赏。
本网站部分内容来源于互联网,如有侵犯版权请来信告知,我们将立即处理。