#用于自动签发证书 #王庭威 #2020/1/9 kubelet增加这两个参数:--feature-gates=RotateKubeletServerCertificate=true --feature-gates=RotateKubeletClientCertificate=true kube-controller-manager 增加两个参数:--feature-gates=RotateKubeletServerCertificate=true --experimental-cluster-signing-duration=876000h0m0s" 重启kubelet以及kube-controller组件,执行脚本,创建yaml文件 删除旧证书,让其自动签发生成新证书 rm -rf kubelet-* && service kubelet restart openssl x509 -in xxx公钥证书(不带key字样的) -noout -text | grep "Not" 查看证书过期时间