当前位置:网站首页>Kubernetes certificate validity period modification
Kubernetes certificate validity period modification
2022-07-31 05:34:00 【hunheidaode】
Certificate validity period modification
[[email protected] pki]# openssl x509 -in apiserver.crt -text -noout
First download the source code of kubeadm, and modify the function of apiserver one-year certificate distribution, from 1 year to 10 years.(Requires go language environment)
1.go locale
[[email protected] data]# tar -zxvf go1.16.5.linux-amd64.tar.gz -C /usr/local[[email protected] data]# vim /etc/profileexport PATH=$PATH:/usr/local/go/bin[[email protected] data]# source /etc/profile[[email protected] data]# go version- 1
- 2
- 3
- 4
- 5
2. Download the kubernetes source code
[[email protected] data]# git clone https://github.com/kubernetes/kubernetes.git[[email protected] data]# cd kubernetes[[email protected] kubernetes]# kubeadm versionkubeadm version: &version.Info{Major:"1", Minor:"15", GitVersion:"v1.21.2",[[email protected] kubernetes]# git checkout -b remotes/origin/release-1.21.2 v1.21.2- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
3. Modify the Kubeadm source package update certificate policy
[[email protected] kubernetes]# vim staging/src/k8s.io/client-go/util/cert/cert.go# kubeadm before version 1.14vi cmd/kubeadm/app/constants/constants.go# kubeadm 1.21.2 to date// NewSignedCert {const duration365d = time.Hour * 24 * 365 * 100NotAfter: time.Now().Add(duration365d).UTC(),}[[email protected] kubernetes]# make WHAT=cmd/kubeadm GOFLAGS=-v[[email protected] kubernetes]# cp /usr/bin/kubeadm /usr/bin/kubeadm.old[[email protected] kubernetes]# cp _output/bin/kubeadm /usr/bin/kubeadm[[email protected] kubernetes]# chmod a+x /usr/bin/kubeadm[[email protected] kubernetes]# cd /etc/kubernetes/[[email protected] kubernetes]# cp -r pki /pki.oldNew certificate generation[[email protected] ~]# kubeadm certs renew all --config=/root/kubeadm_init/kubeadm-config.yaml--config is the yaml file that originally installed the k8s cluster[[email protected] ~]# cd /etc/kubernetes/pkiView certificate age[[email protected] pki]# openssl x509 -in apiserver.crt -text -nooutView kubeadm-config.yaml location[[email protected] pki]# cd /etc/kubernetes/pki/openssl x509 -in apiserver.crt -text -nooutk8sv1.19.10 version:Need to add alpha commandkubeadm alpha certs renew all --config=/root/kubeadm_init/kubeadm-config.yamlYou also need to add alpha to view the expiration time of all certificateskubeadm alpha certs check-expiration边栏推荐
猜你喜欢
剑指offer基础版 --- 第21天
剑指offer基础版--- 第23天
Sword Point Offer Special Assault Edition ---- Day 2
Distributed Transactions - Introduction to Distributed Transactions, Distributed Transaction Framework Seata (AT Mode, Tcc Mode, Tcc Vs AT), Distributed Transactions - MQ
![[mysql improves query efficiency] Mysql database query is slow to solve the problem](/img/fa/502a2efdd37508f15541558851a254.png)
[mysql improves query efficiency] Mysql database query is slow to solve the problem
【C语言趣味小游戏——猜数字】
Typec手机有线网卡网线转网口转接口快充方案
分布式事务处理方案大 PK!
MySQL (updating)
【MQ我可以讲一个小时】
随机推荐
MySQL(更新中)
限流的原理
Interviewer: If the order is not paid within 30 minutes, it will be automatically canceled. How to do this?
Minio upload file ssl certificate is not trusted
第7章 网络层第2次练习题答案(第三版)
matlab simulink欠驱动水面船舶航迹自抗扰控制研究
面试Redis 高可靠性|主从模式、哨兵模式、Cluster集群模式
C语言实验四 循环结构程序设计(一)
Interview Redis High Reliability | Master-Slave Mode, Sentinel Mode, Cluster Cluster Mode
Temporal介绍
基于web3.0使用钱包Metamask的三方登陆
Reference code series_1. Hello World in various languages
Moment Pool Cloud quickly installs packages such as torch-sparse and torch-geometric
联盟链的真实场景在哪里
Goodbye to the cumbersome Excel, mastering data analysis and processing technology depends on it
踏上编程之路,你必须要干的几件事
uni-app进阶之生命周期【day8】
The TOKEN value of Kubernetes joining the cluster expires
数据库上机实验2 单表查询和嵌套查询
With MVC, why DDD?