k8s version : 1.4.0-beta 8
大家好,我已经花了5个小时试图了解在主机中重新生成证书+ api密钥后要执行的强制操作,
现在即使我这样做了:
- regen certs + keys
- restart kube-apiserver ( systemd service )
- restart kubelet ( systemd service )
- delete all kube-controller-manager pods ( and allow automatic recreation )
- delete all kube-scheduler pods ( and allow automatic recreation )
- delete all kube-proxy pods ( and allow automatic recreation )
- delete service account ( in all namespaces )
- delete kubernetes.io/service-account-token in all namespaces
- delete kube-dns pod ( to allow injection of new credential )
如果我记录kube-dns,我仍然会得到" x509:由未知权限签署的证书" ,
如果我重新执行所有操作,也重启docker,则没有任何变化,
**但** 如果我重新启动所有节点(5个节点,3个主节点)(现在关闭-r),当它们出现时,它就可以工作......!
...无需尝试所有组合(由于组件数量很多而导致很多组合)
唯一需要(最小)的步骤是什么?
我认为这是一项常见的操作,但我发现没有任何关于......的文档..