K8S集群认证过期后，如何重新获取有效认证？

今天使用kubectl命令查看pod信息时，一直正常运行的k8s集群突然不能访问了，输入任何命令都提示以下报错： Unable to connect to the server: x509: certificate has expired or is not yet valid: current time 2025-01-25T11:35:45+08:00 is after 2024-11-22T23:44:48Z 解决方案： 参考官方文档： kubeadm证书管理 使用命令kubeadm alpha certs 来管理证书： 使用命令kubeadm alpha certs renew all更新证书，返回 [renew] Reading configuration from the cluster... [renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml' certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed certificate for serving the Kubernetes API renewed certificate the apiserver uses to access etcd renewed certificate for the API server to connect to kubelet renewed certificate embedded in the kubeconfig file for the controller manager to use renewed certificate for liveness probes to healthcheck etcd renewed certificate for etcd nodes to communicate with each other renewed certificate for serving etcd renewed certificate for the front proxy client renewed certificate embedded in the kubeconfig file for the scheduler manager to use renewed 使用如下命令拷贝新生成的配置文件 sudo kubeadm alpha kubeconfig user --client-name=admin --org=system:masters > /tmp/admin.conf sudo cp /tmp/admin.conf $HOME/.kube/config sudo chown $(id -u):$(id -g) $HOME/.kube/config 重启kubeletsystemctl restart kubelet 即可正常使用K8S集群 [root@k8smaster k8s]# kubectl get po NAME READY STATUS RESTARTS AGE cron-job-test-1732318920-k2g76 0/1 Completed 0 63d cron-job-test-1732318980-kcr4x 0/1 Completed 0 63d cron-job-test-1732319040-b88rf 0/1 Completed 0 63d 再次查看证书到期情况 [root@k8smaster k8s]# kubeadm alpha certs check-expiration [check-expiration] Reading configuration from the cluster... [check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml' CERTIFICATE EXPIRES RESIDUAL TIME C