S_lion's Studio

修改kubeadm源码中的证书过期时间

kubernetes
字数统计: 514阅读时长: 2 min
2022/04/01 Share

通过kubeadm安装的kubernetes v1.22.8版本,查看集群的证书有效期依旧是一年。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
[root@test1 home]#  kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Mar 31, 2023 10:58 UTC   364d            ca                      no
apiserver                  Mar 31, 2023 10:58 UTC   364d            ca                      no
apiserver-etcd-client      Mar 31, 2023 10:58 UTC   364d            etcd-ca                 no
apiserver-kubelet-client   Mar 31, 2023 10:58 UTC   364d            ca                      no
controller-manager.conf    Mar 31, 2023 10:58 UTC   364d            ca                      no
etcd-healthcheck-client    Mar 31, 2023 10:58 UTC   364d            etcd-ca                 no
etcd-peer                  Mar 31, 2023 10:58 UTC   364d            etcd-ca                 no
etcd-server                Mar 31, 2023 10:58 UTC   364d            etcd-ca                 no
front-proxy-client         Mar 31, 2023 10:58 UTC   364d            front-proxy-ca          no
scheduler.conf             Mar 31, 2023 10:58 UTC   364d            ca                      no

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Mar 28, 2032 10:58 UTC   9y              no
etcd-ca                 Mar 28, 2032 10:58 UTC   9y              no
front-proxy-ca          Mar 28, 2032 10:58 UTC   9y              no

修改kubeadm源码

拉取kubernetes源码

1
git clone https://github.com/kubernetes/kubernetes.git

切换到匹配版本

1
cd kubernetes && git checkout -b remotes/origin/release-1.22.8  v1.22.8

安装编译环境

查看kubeadm对应的go版本

1
2
[root@test1 home]# kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.8", GitCommit:"7061dbbf75f9f82e8ab21f9be7e8ffcaae8e0d44", GitTreeState:"clean", BuildDate:"2022-03-16T14:08:54Z", GoVersion:"go1.16.15", Compiler:"gc", Platform:"linux/amd64"}

下载go1.16.15

1
2
wget https://dl.google.com/go/go1.16.15.linux-amd64.tar.gz
tar zxvf go1.16.15.linux-amd64.tar.gz  -C  /usr/local

设置go的运行环境变量:

1
2
3
4
5
#编辑/etc/profile文件添加如下:
#go setting
export GOROOT=/usr/local/go
export GOPATH=/usr/local/gopath
export PATH=$PATH:$GOROOT/bin

加载环境变量

1
source /etc/profile

修改源码

修改CA有效期

1
vim staging/src/k8s.io/client-go/util/cert/cert.go

修改集群证书有效期

1
vim cmd/kubeadm/app/constants/constants.go

编译

下载编译工具

1
yum install gcc make -y

编译kubeadm

1
make all WHAT=cmd/kubeadm GOFLAGS=-v

编译完产物在_output/bin/kubeadm目录下,其中 bin 是使用了软连接,真实路径是_output/local/bin/linux/amd64/kubeadm

1
2
[root@test1 kubernetes]# ll _output/bin/kubeadm
-rwxr-xr-x. 1 root root 45830144 4月   1 14:52 _output/bin/kubeadm
CATALOG
  1. 1. 修改kubeadm源码
    1. 1.1. 拉取kubernetes源码
    2. 1.2. 安装编译环境
    3. 1.3. 修改源码
    4. 1.4. 编译
Total : 85
2024
2023
2022
2021
docker 虚拟机相关 prometheus glusterfs kubernetes storage harbor heketi linux ceph Distributed protocol ansible hexo shadowsocks git kubernetes核心组件 kubernetes Mysql logging Network shell openshift 观点与感悟
存储类 linux系统 虚拟机 k8s存储 镜像仓库 监控 docker hello-world 分布式一致性协议 ansible回炉 hexo使用 科学上网 git 好文推荐 kubernetes笔记 kubernetes Mysql 云原生 Network shell 观点与感悟