@zhangyy
2020-04-04T10:54:44.000000Z
字数 1295
阅读 103
kubernetes系列
- 一:kubernetes 关于kubeadmin 部署的认证时间的修改
cd /etc/kubernetes/pki
openssl x509 -in apiserver.crt -text -noout
---
Validity
Not Before: Apr 2 02:42:39 2020 GMT
Not After : Apr 2 02:42:39 2021 GMT
---
apiserver 只有一年的默认时间使用期限
-------------
openssl x509 -in ca.crt -text -noout
---
Validity
Not Before: Apr 2 02:42:39 2020 GMT
Not After : Mar 31 02:42:39 2030 GMT
----
ca 的使用期限是 10年
wget https://dl.google.com/go/go1.12.7.linux-amd64.tar.gz
tar -zxvf go1.12.1.linux-amd64.tar.gz -C /usr/local
vim /etc/profile
---
export PATH=$PATH:/usr/local/go/bin
---
source /etc/profile
git clone https://github.com/kubernetes/kubernetes.git
git checkout -b remotes/origin/release-1.15.1 v1.15.1
vim staging/src/k8s.io/client-go/util/cert/cert.go # kubeadm 1.14 版本之前
vim cmd/kubeadm/app/util/pkiutil/pki_helpers.go # kubeadm 1.14 至今
----
----
const duration3650d = time.Hour * 24 * 365 * 10
NotAfter: time.Now().Add(duration365d).UTC(),
----
make WHAT=cmd/kubeadm GOFLAGS=-v
cp _output/bin/kubeadm /root/kubeadm-new
cp -p /usr/bin/kubeadmn /usr/bin/kubeadmn.old
cp -p /root/kubeadm-new /usr/bin/kubeadm
chmod +x /usr/bin/kubeadmn
cd /etc/kubernetes/
cp -ap pki pki.old
cd /root/k8s-install/core
kubeadm alpha certs renew all --config=./kubeadm-config.yaml
openssl x509 -in apiserver.crt -text -noout
这样 证书的年限就改成了10年了