k8s-1.28.1证书更新到100年-cenots7.9
一、查看信息
# cat /etc/redhat-release
# kubeadm version
k8s环境是通过kubeadm进行安装的。
二、安装依赖工具
# yum groupinstall "Development Tools" -y
# yum install gcc make -y
# yum install rsync jq -y
三、下载相应版本的k8s包
## 下载地址:
# https://github.com/kubernetes/kubernetes/releases/tag/v1.28.1
## 下载连接
# https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.28.1.tar.gz
## 解压
# tar -zxf kubernetes-1.28.1.tar.gz
# mv kubernetes-1.28.1 kubernetes
# cd kubernetes/
四、修改证书有效期
# vi ./staging/src/k8s.io/client-go/util/cert/cert.go
把NotAfter: now.Add(duration365d * 10).UTC(),
改成
NotAfter: now.Add(duration365d * 100).UTC(),
# vi ./cmd/kubeadm/app/constants/constants.go
把CertificateValidity = time.Hour * 24 * 365
改成
CertificateValidity = time.Hour * 24 * 365 * 100
检验是否修改:
五、安装golang环境
查看kubenetesv1.28.1版本中的go版本:
## 下载地址:
# https://golang.google.cn/dl/
## 下载连接
# https://golang.google.cn/dl/go1.20.7.linux-amd64.tar.gz
# tar -zxf go1.20.7.linux-amd64.tar.gz -C /usr/local
## 配置变量,在/etc/profile增加下面内容
##go setting (sysin)
export GOROOT=/usr/local/go
export GOPATH=/usr/local/gopath
export PATH=$PATH:$GOROOT/bin
# source /etc/profile
六、编译
# pwd
/tmp/v1.28.1/kubernetes
# make all WHAT=cmd/kubeadm GOFLAGS=-v
# make all WHAT=cmd/kubelet GOFLAGS=-v
# make all WHAT=cmd/kubectl GOFLAGS=-v
## 编译完成的在
# ls _output/local/bin/linux/amd64/
kubeadm kubectl kubelet
七、替换原有kubeadm命令
# mv /usr/bin/kubeadm /usr/bin/kubeadm`date +%F`
# cp _output/local/bin/linux/amd64/kubeadm /usr/bin/kubeadm
# chmod +x /usr/bin/kubeadm
八、续订证书
# kubeadm certs renew all
# kubeadm certs check-expiration