k8s单节点升级为高可用

参考网址：https://zahui.fan/posts/34d8fad0/

• 导出kubeadm配置

kubectl -n kube-system get configmap kubeadm-config -o jsonpath='{.data.ClusterConfiguration}' > kubeadm.yaml

• 添加证书SANs信息

certSANs到extraArgs中间的内容，既负载均衡地址，所有的master主机名，IP地址

apiServer:
  certSANs:
  # 这里需要包含负载均衡、所有master节点的hostname和ip
  - kube-api-server
  - 5-10.vpclub.io
  - 5-11.vpclub.io
  - 5-12.vpclub.io
  - 192.168.5.10
  - 192.168.5.11
  - 192.168.5.12
  - 192.168.5.200
  extraArgs:
    authorization-mode: Node,RBAC
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.20.15
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
scheduler: {}

• 备份原kubernetes配置文件

cp /etc/kubernetes/** ./etc-kubernetes-bak/ -rf

• 生成新的证书

# 删除旧的证书
rm /etc/kubernetes/pki/apiserver.key -rf
rm /etc/kubernetes/pki/apiserver.crt

# 生成新的配置
kubeadm init phase certs apiserver --config kubeadm.yaml

# 查看证书内容，应该要多出刚增加的那些主机和IP地址
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text

• 重启Apiserver

kubectl delete pod 	kube-apiserver-5-10.vpclub.io kube-controller-manager-5-10.vpclub.io -n kube-system

• 将配置更新到集群

kubeadm init phase upload-config kubeadm --config kubeadm.yaml