将 Kubernetes 集群证书的有效期延长至 10 年
安装golang
yum install -y epel-release yum -y install golang
编辑修改k8s软件包中的源码
[root@master pkiutil]# vim /root/k8s/certs_update/kubernetes-1.18.1/cmd/kubeadm/app/util/pkiutil/pki_helpers.go 48 const ( ………. //找到或者添加 duration365d = time.Hour * 24 * 365 ………. 59 ) //找到NotAfter,修改()里的内容 579 NotAfter: time.Now().Add(duration365d * 10).UTC(),
编译kube
[root@master kubernetes-1.18.1]# make WHAT=cmd/kube GOFLAGS=-v
在output文件夹下找到新的kubeadm
[root@master kubernetes-1.18.1]# cd _output/local/bin/linux/amd64/ [root@master amd64]# ls conversion-gen defaulter-gen go2make openapi-gen deepcopy-gen go-bindata kubeadm
将旧kubeadm进行备份,将新kubeadm移到环境变量下
[root@master amd64]# mv /usr/bin/kubeadm /usr/bin/kubeadm-bak [root@master amd64]# cp kubeadm /usr/bin/kubeadm [root@master ~]# cp -rf /etc/kubernetes /etc/kubernetes-bak/
更新证书
[root@master ~]# kubeadm alpha certs renew all [root@master ~]# kubeadm alpha certs check-expiration
