请选择 进入手机版 | 继续访问电脑版
 找回密码
 立即注册
搜索

本文来自

边缘计算专区

边缘计算专区

人已关注

请添加对本版块的简短描述

精选帖子

阿里云CDN计费
阿里云CDN计费
0阅读|170人阅读
信用卡空当接龙
信用卡空当接龙
0阅读|284人阅读
HTTP/1.0和HTTP/1.1、HTTP/2请求对比
HTTP/1.0和HTTP/1.1、HTTP/2请求对比
3阅读|665人阅读
Kubernetes 多集群管理平台 Wayne
Kubernetes 多集群管理平台 Wayne
0阅读|698人阅读

kubeadm1.15修改证书续期到100年

[复制链接]
250 abc 发表于 2019-9-5 14:00:10
长话短说

Git仓库:kubernetes/kubernetes

$ git clone https://github.com/kubernetes/kubernetes.git

$ cd kubernetes
# 编辑源码
$ git checkout release-1.15
$ vim cmd/kubeadm/app/util/pkiutil/pki_helpers.go
$ git diff
--- a/cmd/kubeadm/app/util/pkiutil/pki_helpers.go
+++ b/cmd/kubeadm/app/util/pkiutil/pki_helpers.go
@@ -571,7 +571,7 @@ func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certifi
  IPAddresses: cfg.AltNames.IPs,
  SerialNumber: serial,
  NotBefore: caCert.NotBefore,
- NotAfter: time.Now().Add(kubeadmconstants.CertificateValidity).UTC(),
+ NotAfter: time.Now().Add(kubeadmconstants.CertificateValidity * 100).UTC(),
  KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
  ExtKeyUsage: cfg.Usages,

# 编译二进制
$ go version
go version go1.12.7 linux/amd64
$ go build ./cmd/kubeadm

# 使用二进制更新证书
$ ./kubeadm alpha certs renew all
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healtcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed

# 检查新证书期限
$ cfssl-certinfo -cert /etc/kubernetes/pki/apiserver.crt|grep not
"not_before": "2019-08-28T02:04:17Z",
"not_after": "2119-08-04T03:52:33Z",

https://www.kubernetes.org.cn/5777.html

回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

快速回复 返回顶部 返回列表