Rke 完成k8s集群部署,测试各项功能正常后,在为master 添加vip,实现高可用,此时再次请求api接口报错:api
vip:172.20.101.252ide
master:172.20.101.157, 172.20.101.164, 172.20.101.165测试
Unable to connect to the server: x509: certificate is valid for 172.20.101.157, 172.20.101.164, 172.20.101.165, 127.0.0.1, 10.43.0.1, not 172.20.101.252
修改rke cluster.yml 文件,更新集群证书;code
编辑集群配置文件,添加须要外围IP地址和相关域名:server
vi cluster.yml
authentication:
strategy: x509
sans:
- "172.20.101.252"
- "k8sdev.ptmind.com"
rke cert rotate
证书轮换以后,Kubernetes组件将自动从新启动。证书轮换可用于下列服务:接口
etcd kubelet kube-apiserver kube-proxy kube-scheduler kube-controller-manager
推荐方法:ip
使用--service 指定单个服务,好比kubelet:部署
rke cert rotate --service kubelet
生成证书配置文件时,没有vip在访问列表清单;域名