外网无法访问内外K8S

问题报错

Unable to connect to the server: x509: certificate is valid for ${kubernetes集群的内网IP列表}, not ${kubernetes集群的master设备的外网IP}

解决方案

# 删除当前kubernetes集群下的apiserver的cert和key
rm -rf /etc/kubernetes/pki/apiserver.*

# 生成新的apiserver的cert和key
# advertise-ip是网卡上的地址，也可以使用cat ~/.kube/config | grep "server:"查看默认config配置的内外IP
kubeadm init phase certs apiserver --apiserver-advertise-address ${原来的advertise ip} --apiserver-cert-extra-sans ${master的外网ip}

# 刷新admin.conf
kubeadm alpha certs renew admin.conf

# 重启apiserver

kubectl delete pod -l component=kube-apiserver -n kube-system

Docker导入镜像到Containerd

# docker导出镜像
docker save test:latest -o test.tar

# containerd导入镜像
ctr -n k8s.io i import test.tar

# containerd查看镜像
ctr -n k8s.io images list

# contianerd删除镜像
ctr -n k8s.io i rm [镜像名:TAG | sha256]

# 批量删除无标签镜像
ctr -n k8s.io images list | grep "^sha256:" | awk '{print $1}' | xargs -i ctr -n k8s.io i rm {}