当前位置:网站首页>Kubernetes certificate validity period modification
Kubernetes certificate validity period modification
2022-07-31 05:34:00 【hunheidaode】
Certificate validity period modification
[[email protected] pki]# openssl x509 -in apiserver.crt -text -noout
First download the source code of kubeadm, and modify the function of apiserver one-year certificate distribution, from 1 year to 10 years.(Requires go language environment)
1.go locale
[[email protected] data]# tar -zxvf go1.16.5.linux-amd64.tar.gz -C /usr/local[[email protected] data]# vim /etc/profileexport PATH=$PATH:/usr/local/go/bin[[email protected] data]# source /etc/profile[[email protected] data]# go version- 1
- 2
- 3
- 4
- 5
2. Download the kubernetes source code
[[email protected] data]# git clone https://github.com/kubernetes/kubernetes.git[[email protected] data]# cd kubernetes[[email protected] kubernetes]# kubeadm versionkubeadm version: &version.Info{Major:"1", Minor:"15", GitVersion:"v1.21.2",[[email protected] kubernetes]# git checkout -b remotes/origin/release-1.21.2 v1.21.2- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
3. Modify the Kubeadm source package update certificate policy
[[email protected] kubernetes]# vim staging/src/k8s.io/client-go/util/cert/cert.go# kubeadm before version 1.14vi cmd/kubeadm/app/constants/constants.go# kubeadm 1.21.2 to date// NewSignedCert {const duration365d = time.Hour * 24 * 365 * 100NotAfter: time.Now().Add(duration365d).UTC(),}[[email protected] kubernetes]# make WHAT=cmd/kubeadm GOFLAGS=-v[[email protected] kubernetes]# cp /usr/bin/kubeadm /usr/bin/kubeadm.old[[email protected] kubernetes]# cp _output/bin/kubeadm /usr/bin/kubeadm[[email protected] kubernetes]# chmod a+x /usr/bin/kubeadm[[email protected] kubernetes]# cd /etc/kubernetes/[[email protected] kubernetes]# cp -r pki /pki.oldNew certificate generation[[email protected] ~]# kubeadm certs renew all --config=/root/kubeadm_init/kubeadm-config.yaml--config is the yaml file that originally installed the k8s cluster[[email protected] ~]# cd /etc/kubernetes/pkiView certificate age[[email protected] pki]# openssl x509 -in apiserver.crt -text -nooutView kubeadm-config.yaml location[[email protected] pki]# cd /etc/kubernetes/pki/openssl x509 -in apiserver.crt -text -nooutk8sv1.19.10 version:Need to add alpha commandkubeadm alpha certs renew all --config=/root/kubeadm_init/kubeadm-config.yamlYou also need to add alpha to view the expiration time of all certificateskubeadm alpha certs check-expiration边栏推荐
猜你喜欢
About the problems encountered by Xiaobai installing nodejs (npm WARN config global `--global`, `--local` are deprecated. Use `--location=glob)
基于flask的三方登陆的流程
Redis Advanced - Cache Issues: Consistency, Penetration, Penetration, Avalanche, Pollution, etc.
Sword Point Offer Special Assault Edition ---- Day 2
剑指offer基础版 ---- 第29天
剑指offer专项突击版 ---- 第2天
剑指offer基础版 --- 第24天
剑指offer专项突击版 --- 第 4 天
面试官竟然问我怎么分库分表?幸亏我总结了一套八股文
剑指offer基础版 ---- 第26天
随机推荐
数据库上机实验7 数据库设计
matlab abel变换图片处理
剑指offer基础版 ---- 第26天
With MVC, why DDD?
剑指offer专项突击版 ---- 第1天
C语言实验三 选择结构程序设计
MySQL8.0安装教程,在Linux环境安装MySQL8.0教程,最新教程 超详细
数据库上机实验1 数据库定义语言
The interviewer asked me TCP three handshake and four wave, I really
wpf ScrowViewer水平滚动
Swordsman Offer Special Assault Edition --- Day 3
Sword Point Offer Special Assault Edition ---- Day 2
MYSQL下载及安装完整教程
MySQL(更新中)
【一起学Rust】Rust的Hello Rust详细解析
Flink sink redis writes to Redis
C语言实验四 循环结构程序设计(一)
剑指offer基础版 ----- 第25天
三子棋讲解(C语言)
数据库上机实验4 数据更新和视图