日本免费高清视频-国产福利视频导航-黄色在线播放国产-天天操天天操天天操天天操|www.shdianci.com

學無先后,達者為師

網站首頁 編程語言 正文

kubernetes之證書更新

作者:吉松松 更新時間: 2022-07-09 編程語言

證書更新

kubernetes的證書存放在/etc/kubernetes/pki目錄下,使用kubeadm alpha certs check-expiration,可查看證書有效時間

可以看出apiserver等證書有效期為一年,ca等證書有效期是10年.

重新編譯kubeadm

部署go環境

打開Go下載 - Go語言中文網 - Golang中文社區(https://studygolang.com/dl)網站,下載一個最新版的。

或者linux服務器上執行

$ wget https://studygolang.com/dl/golang/go1.18.1.linux-amd64.tar.gz
$ tar -zxvf go1.18.1.linux-amd64.tar.gz -C /usr/local/
$ cp /usr/local/go/bin/go  /usr/local/bin/
$ cp /usr/local/go/bin/gofmt /usr/local/bin/
$ chown a+x /usr/local/bin/go
$ chown a+x /usr/local/bin/gofmt
#測試安裝是否正常
$ go version
go version go1.18.1 linux/amd64

下載對應kubernetes源碼

查看安裝kubernetes版本

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.6", GitCommit:"dff82dc0de47299ab66c83c626e08b245ab19037", GitTreeState:"clean", BuildDate:"2020-07-15T16:58:53Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.6", GitCommit:"dff82dc0de47299ab66c83c626e08b245ab19037", GitTreeState:"clean", BuildDate:"2020-07-15T16:51:04Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}

kuberneted版本為1.18.6,所以下載源碼,下載地址https://github.com/kubernetes/kubernetes


$ unzip kubernetes-1.18.6.zip
$ cd kubernetes-1.18.6
#修改文件
$ vim ./cmd/kubeadm/app/constants/constants.go
const (
......
        // CertificateValidity defines the validity for all the signed certificates generated by kubeadm
        CertificateValidity = time.Hour * 24 * 365 * 100
.......

$ vim ./staging/src/k8s.io/client-go/util/cert/cert.go
func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) {
      ....
                NotAfter:              now.Add(duration365d * 100).UTC(),
      ....
}
#編譯文件
$ make WHAT=cmd/kubeadm GOFLAGS=-v
#編譯完成后生成的kubeadm在/opt/kubernetes-1.18.6/_output/bin目錄下
$  ll /opt/kubernetes-1.18.6/_output/bin/
total 65656
-rwxr-xr-x. 1 root root  6115328 May 10 11:12 conversion-gen
-rwxr-xr-x. 1 root root  5849088 May 10 11:11 deepcopy-gen
-rwxr-xr-x. 1 root root  5840896 May 10 11:12 defaulter-gen
-rwxr-xr-x. 1 root root  3388281 May 10 11:11 go2make
-rwxr-xr-x. 1 root root  1744896 May 10 11:14 go-bindata
-rwxr-xr-x. 1 root root 34365440 May 10 14:31 kubeadm
-rwxr-xr-x. 1 root root  9924608 May 10 11:13 openapi-gen

更新證書

$ mv  /usr/bin/kubeadm /usr/bin/kubeadmold
$ cp -R /etc/kubernetes/pki /etc/kubernetes/pkiold
#將重新編譯好的kubeadm文件上傳至/usr/bin/目錄下,授權。
#更新證書
$ kubeadm alpha certs renew all
#再次查看證書信息
$ kubeadm alpha certs check-expiration

原文鏈接:https://blog.csdn.net/m0_37642477/article/details/124666466

欄目分類
最近更新