Shulou(Shulou.com)05/31 Report--

In this article, the editor introduces in detail "what is the method for kubeadm to extend the certificate time", the content is detailed, the steps are clear, and the details are handled properly. I hope that this article "kubeadm to extend the certificate time is what" the article can help you solve your doubts, the following follows the editor's ideas slowly in depth, together to learn new knowledge.

Modify the expiration time of kubeadm certificate

In this paper, the default one-year certificate expiration time of kubeadm is changed to 1999 by modifying the kubeadm source code.

How to use it:

[root@dev-86-202b] # chmod + x kubeadm & & cp kubeadm / usr/ [root @ dev-86-202b] # rm / etc/kubernetes/pki/-RF [root @ dev-86-202b] # kubeadm alpha phase certs all-- config kube/conf/kubeadm.yaml

Update kubeconfig

[root@dev-86-202b] # rm-rf / etc/kubernetes/* confession [root @ dev-86-202a] # kubeadm alpha phase kubeconfig all-- config ~ / kube/conf/ kubeadm.yaml [root @ dev-86-202a] # cp / etc/kubernetes/admin.conf ~ / .kube/config

Verify:

$cd / etc/kubernetes/pki$ openssl x509-in apiserver-etcd-client.crt-text-nooutCertificate: Data: Version: 3 (0x2) Serial Number: 4701787282062078235 (0x41401a9f34c2711b) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=etcd-ca Validity Not Before: Nov 22 11:58:50 2018 GMT Not After: Oct 29 11:58:51 2117 GMT # time has become 1999

Other certificates are verified in the same way.

Code compilation

I have put the compiled environment image on dockerhub: fanux/kubernetes-build:v1.0.0

First, the clone K8s code:

Git clone https://github.com/kubernetes/kubernetes

Mount it to the image to compile

Docker run-- rm-v yourcodedir:/go/src/k8s.io/kubernetes-it fanux/kubernetes-build:v1.0.0 bash# cd / go/src/k8s.io/kubernetes# make all WHAT=cmd/kubeadm GOFLAGS=-v

The compiled product is in the _ output/local/bin/linux/amd64/kubeadm directory.

Modify the code

The certificate time code is actually in client-go, and the file is:

Vendor/k8s.io/client-go/util/cert/cert.go

Then you can see that all the NotAfter files have been changed:

NotAfter: validFrom.Add (duration365d * longYear)

I have longYear = 99.

And then compiled and finished.

Finally, put a small ad in the code:

Func main () {if err: = app.Run () Err! = nil {fmt.Fprintf (os.Stderr, "error:% v\ n" Err) os.Exit (1)} fmt.Println ("* *") fmt.Println ("* www.sealyun.com * *") Fmt.Println ("* kubernetes install in 3 steps * *") fmt.Println ("* provide by fanux * *") fmt.Println ("* *") Os.Exit (0)} read here. This article "what is the method of kubeadm to extend the certificate time" has been introduced. If you want to master the knowledge points of this article, you still need to practice and use it yourself to understand it. If you want to know more about related articles, welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.