Comments (20)
sealos安装后就是99y:
kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
W1121 02:03:05.092584 334927 configset.go:78] Warning: No kubeproxy.config.k8s.io/v1alpha1 config is loaded. Continuing without it: configmaps "kube-proxy" not found
W1121 02:03:05.116044 334927 utils.go:69] The recommended value for "healthzBindAddress" in "KubeletConfiguration" is: 127.0.0.1; the provided value is: 0.0.0.0
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Oct 02, 2123 08:44 UTC 99y ca no
apiserver Oct 06, 2123 06:31 UTC 99y ca no
apiserver-etcd-client Oct 06, 2123 06:31 UTC 99y etcd-ca no
apiserver-kubelet-client Oct 06, 2123 06:31 UTC 99y ca no
controller-manager.conf Oct 02, 2123 08:44 UTC 99y ca no
etcd-healthcheck-client Oct 06, 2123 06:31 UTC 99y etcd-ca no
etcd-peer Oct 06, 2123 06:31 UTC 99y etcd-ca no
etcd-server Oct 06, 2123 06:31 UTC 99y etcd-ca no
front-proxy-client Oct 06, 2123 06:31 UTC 99y front-proxy-ca no
scheduler.conf Oct 02, 2123 08:44 UTC 99y ca no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Oct 02, 2123 08:44 UTC 99y no
etcd-ca Oct 02, 2123 08:44 UTC 99y no
front-proxy-ca Oct 02, 2123 08:44 UTC 99y no
为什么还要kubeadm cert renew
from sealos.
kubeadm cert renew 肯定是1年……
from sealos.
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
kubeadm cert renew must be 1 year...
from sealos.
sealos安装后就是99y:
kubeadm certs check-expiration [check-expiration] Reading configuration from the cluster... [check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml' W1121 02:03:05.092584 334927 configset.go:78] Warning: No kubeproxy.config.k8s.io/v1alpha1 config is loaded. Continuing without it: configmaps "kube-proxy" not found W1121 02:03:05.116044 334927 utils.go:69] The recommended value for "healthzBindAddress" in "KubeletConfiguration" is: 127.0.0.1; the provided value is: 0.0.0.0 CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED admin.conf Oct 02, 2123 08:44 UTC 99y ca no apiserver Oct 06, 2123 06:31 UTC 99y ca no apiserver-etcd-client Oct 06, 2123 06:31 UTC 99y etcd-ca no apiserver-kubelet-client Oct 06, 2123 06:31 UTC 99y ca no controller-manager.conf Oct 02, 2123 08:44 UTC 99y ca no etcd-healthcheck-client Oct 06, 2123 06:31 UTC 99y etcd-ca no etcd-peer Oct 06, 2123 06:31 UTC 99y etcd-ca no etcd-server Oct 06, 2123 06:31 UTC 99y etcd-ca no front-proxy-client Oct 06, 2123 06:31 UTC 99y front-proxy-ca no scheduler.conf Oct 02, 2123 08:44 UTC 99y ca no CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED ca Oct 02, 2123 08:44 UTC 99y no etcd-ca Oct 02, 2123 08:44 UTC 99y no front-proxy-ca Oct 02, 2123 08:44 UTC 99y no
为什么还要kubeadm cert renew
是这样的,我使用 ks 的时候,监控 etcd 配置了 server.crt 或 peert.crt 证书,都无法获取其他的 etcd 监控信息,查看 prometheus 发现 证书错误。
于是,我使用 kubeadm config cert 重新配置 peer.crt server.crt 加入了其他 etcd 节点证书,就变成这样了。
from sealos.
kubeadm cert renew 肯定是1年……
使用 sealos cert 操作也一样是 1 年
from sealos.
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
kubeadm cert renew must be 1 year...
Using sealos cert operation is also 1 year
from sealos.
sealos cert
sealos cert 是加域名的东西 不是延长证书的工具。。。
from sealos.
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
sealos cert
sealos cert is a tool for adding domain names, not a tool for extending certificates. . .
from sealos.
sealos cert
sealos cert 是加域名的东西 不是延长证书的工具。。。
但是也有偶尔这些需求吧,加一些 IP、域名什么的到证书处。
from sealos.
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
sealos cert
sealos cert is a tool for adding domain names, not a tool for extending certificates. . .
But there are also occasional needs. Add some IPs, domain names, etc. to the certificate.
from sealos.
初始化的时候,我certSAN都是预留三个域名的
from sealos.
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
During initialization, my certSAN reserves three domain names.
from sealos.
初始化的时候,我certSAN都是预留三个域名的
你是指 ClusterConfig 资源吗? @zhangguanzhang
然而我试过了 修改 sealos 生成的 Clusterfile 文件。
类似如下
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
Etcd:
External: null
Local:
DataDir: ""
ExtraArgs:
listen-metrics-urls: http://0.0.0.0:2381
ImageRepository: ""
ImageTag: ""
PeerCertSANs:
- 10.3.1.1
- 10.3.1.2
- 10.3.1.3
ServerCertSANs:
- 10.3.1.1
- 10.3.1.2
- 10.3.1.3
实验的结果是无效, etcd 证书始终是 当前 节点的 127.0.0.1 和 MasterIP。 不包含其他节点的 masterIP 。
sealos 工具版本 就是最新的。4.3.7
from sealos.
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
During initialization, my certSAN reserves three domain names.
Are you referring to the ClusterConfig resource? @zhangguanzhang
However, I tried modifying the Clusterfile generated by sealos.
Similar to the following
apiVersion: kubeadm.k8s.io/v1beta3
kind: ClusterConfiguration
Etcd:
External: null
Local:
DataDir: ""
ExtraArgs:
listen-metrics-urls: http://0.0.0.0:2381
ImageRepository: ""
ImageTag: ""
PeerCertSANs:
- 10.3.1.1
- 10.3.1.2
- 10.3.1.3
ServerCertSANs:
- 10.3.1.1
- 10.3.1.2
- 10.3.1.3
The result of the experiment is invalid, the etcd certificate is always the 127.0.0.1 and MasterIP of the current node. Does not contain the masterIP of other nodes.
The sealos tool version is the latest. 4.3.7
from sealos.
🤔我是说一般初始化的时候,你可以自己手动用ca签署下新证书也可以的
from sealos.
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
🤔I mean during general initialization, you can manually sign the new certificate with ca yourself.
from sealos.
🤔我是说一般初始化的时候,你可以自己手动用ca签署下新证书也可以的
@zhangguanzhang 细说下这个操作。
from sealos.
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
🤔I mean during general initialization, you can manually sign the new certificate with ca yourself.
@zhangguanzhang Please explain this operation in detail.
from sealos.
🤔我是说一般初始化的时候,你可以自己手动用ca签署下新证书也可以的
@zhangguanzhang 细说下这个操作。
就用原来的ca文件,手动openssl或者cfssl签署新证书
from sealos.
Bot detected the issue body's language is not English, translate it automatically. 👯👭🏻🧑🤝🧑👫🧑🏿🤝🧑🏻👩🏾🤝👨🏿👬🏿
🤔I mean during general initialization, you can manually sign the new certificate with ca yourself.
@zhangguanzhang Please explain this operation in detail.
Just use the original ca file and manually sign the new certificate with openssl or cfssl.
from sealos.
Related Issues (20)
- The shell script has a bug HOT 12
- BUG: brief description of the bug HOT 13
- BUG: k8s + cilium cluster created using sealos. Uninstall problem HOT 3
- upgrade sealos cli version in import-save-sealos ci. HOT 2
- BUG: Error from server (BadRequest): error when creating "manifests/deploy.yaml": Deployment in version "v1" cannot be handled as a Deployment: json: cannot unmarshal number into Go struct field EnvVar.spec.template.spec.containers.env.value of type string
- BUG: When I wasn't using sealos cloud, it kept charging me. HOT 1
- Inquiry About Deploying NoCoDB on Sealos HOT 4
- Feature: Add flowise in the template market HOT 3
- Use the environment variable serviceSubnet, podSubnet cannot take effect HOT 12
- Error cherry-picking PR #4395
- Error: failed to init runtime, cluster image kubernetes version cannot be empty HOT 1
- Sealos usging envoy gateway HOT 1
- BUG: An error occurred when deploying k8s HOT 2
- BUG: k3s runtime reseNode cause panic
- sealos When deploying calico, it will scan the network card information of the host. It will look for the network card information starting with en and eth to obtain the IP. Can you add one starting with br? HOT 3
- Requirements for starting a cluster of version 1.27 or above
- sealos When installing the cluster, it prompts that pulling the image from registry.k8s.io failed. HOT 12
- BUG: metrics-server cannot be installed
- sealos.io cannot open HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sealos.