Difference between revisions of "Kubernetes"

From Fixme.ch
Jump to: navigation, search
(Certificate expiration)
Line 25: Line 25:
  
 
<pre>
 
<pre>
 +
# Service state
 
systemctl stop kubelet.service
 
systemctl stop kubelet.service
 
systemctl restart docker.service
 
systemctl restart docker.service
  
 +
# Backup
 
rsync -av /etc/kubernetes/ /root/kubernetes-$(date +%s)/
 
rsync -av /etc/kubernetes/ /root/kubernetes-$(date +%s)/
 
rsync -av /var/lib/etcd/ /root/etcd-$(date +%s)/
 
rsync -av /var/lib/etcd/ /root/etcd-$(date +%s)/
Line 37: Line 39:
 
rm {apiserver.crt,apiserver-etcd-client.key,apiserver-kubelet-client.crt,front-proxy-ca.crt,front-proxy-client.crt,front-proxy-client.key,front-proxy-ca.key,apiserver-kubelet-client.key,apiserver.key,apiserver-etcd-client.crt}
 
rm {apiserver.crt,apiserver-etcd-client.key,apiserver-kubelet-client.crt,front-proxy-ca.crt,front-proxy-client.crt,front-proxy-client.key,front-proxy-ca.key,apiserver-kubelet-client.key,apiserver.key,apiserver-etcd-client.crt}
  
 +
# Regen certificates
 
cd
 
cd
 
kubeadm init phase certs all --apiserver-advertise-address 62.220.135.205 --ignore-preflight-errors=all
 
kubeadm init phase certs all --apiserver-advertise-address 62.220.135.205 --ignore-preflight-errors=all
Line 42: Line 45:
 
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
 
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
  
 +
# Check states
 
kubeadm join 62.220.135.205:6443 --token XXX --discovery-token-ca-cert-hash YYY --ignore-preflight-errors=all
 
kubeadm join 62.220.135.205:6443 --token XXX --discovery-token-ca-cert-hash YYY --ignore-preflight-errors=all
 
kubectl get nodes
 
kubectl get nodes
 
kubectl get all
 
kubectl get all
 
</pre>
 
</pre>

Revision as of 22:56, 18 July 2021

Kubernetes @ FIXME

Information

Services

Certificate expiration

Sometimes K8S is in the sauce, something like this might help regenerate the certs

# Service state
systemctl stop kubelet.service
systemctl restart docker.service

# Backup
rsync -av /etc/kubernetes/ /root/kubernetes-$(date +%s)/
rsync -av /var/lib/etcd/ /root/etcd-$(date +%s)/

cd /etc/kubernetes
rm {admin.conf,controller-manager.conf,kubelet.conf,scheduler.conf}

cd /etc/kubernetes/pki
rm {apiserver.crt,apiserver-etcd-client.key,apiserver-kubelet-client.crt,front-proxy-ca.crt,front-proxy-client.crt,front-proxy-client.key,front-proxy-ca.key,apiserver-kubelet-client.key,apiserver.key,apiserver-etcd-client.crt}

# Regen certificates
cd
kubeadm init phase certs all --apiserver-advertise-address 62.220.135.205 --ignore-preflight-errors=all
kubeadm init phase kubeconfig all
cp -i /etc/kubernetes/admin.conf $HOME/.kube/config

# Check states
kubeadm join 62.220.135.205:6443 --token XXX --discovery-token-ca-cert-hash YYY --ignore-preflight-errors=all
kubectl get nodes
kubectl get all