当前位置:网站首页>Kubernetes certificate validity period modification
Kubernetes certificate validity period modification
2022-07-31 05:34:00 【hunheidaode】
Certificate validity period modification
[[email protected] pki]# openssl x509 -in apiserver.crt -text -noout
First download the source code of kubeadm, and modify the function of apiserver one-year certificate distribution, from 1 year to 10 years.(Requires go language environment)
1.go locale
[[email protected] data]# tar -zxvf go1.16.5.linux-amd64.tar.gz -C /usr/local[[email protected] data]# vim /etc/profileexport PATH=$PATH:/usr/local/go/bin[[email protected] data]# source /etc/profile[[email protected] data]# go version- 1
- 2
- 3
- 4
- 5
2. Download the kubernetes source code
[[email protected] data]# git clone https://github.com/kubernetes/kubernetes.git[[email protected] data]# cd kubernetes[[email protected] kubernetes]# kubeadm versionkubeadm version: &version.Info{Major:"1", Minor:"15", GitVersion:"v1.21.2",[[email protected] kubernetes]# git checkout -b remotes/origin/release-1.21.2 v1.21.2- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
3. Modify the Kubeadm source package update certificate policy
[[email protected] kubernetes]# vim staging/src/k8s.io/client-go/util/cert/cert.go# kubeadm before version 1.14vi cmd/kubeadm/app/constants/constants.go# kubeadm 1.21.2 to date// NewSignedCert {const duration365d = time.Hour * 24 * 365 * 100NotAfter: time.Now().Add(duration365d).UTC(),}[[email protected] kubernetes]# make WHAT=cmd/kubeadm GOFLAGS=-v[[email protected] kubernetes]# cp /usr/bin/kubeadm /usr/bin/kubeadm.old[[email protected] kubernetes]# cp _output/bin/kubeadm /usr/bin/kubeadm[[email protected] kubernetes]# chmod a+x /usr/bin/kubeadm[[email protected] kubernetes]# cd /etc/kubernetes/[[email protected] kubernetes]# cp -r pki /pki.oldNew certificate generation[[email protected] ~]# kubeadm certs renew all --config=/root/kubeadm_init/kubeadm-config.yaml--config is the yaml file that originally installed the k8s cluster[[email protected] ~]# cd /etc/kubernetes/pkiView certificate age[[email protected] pki]# openssl x509 -in apiserver.crt -text -nooutView kubeadm-config.yaml location[[email protected] pki]# cd /etc/kubernetes/pki/openssl x509 -in apiserver.crt -text -nooutk8sv1.19.10 version:Need to add alpha commandkubeadm alpha certs renew all --config=/root/kubeadm_init/kubeadm-config.yamlYou also need to add alpha to view the expiration time of all certificateskubeadm alpha certs check-expiration边栏推荐
猜你喜欢
![[mysql improves query efficiency] Mysql database query is slow to solve the problem](/img/fa/502a2efdd37508f15541558851a254.png)
随机推荐
实验8 DNS解析
mysql5.7.35安装配置教程【超级详细安装教程】
数据库学习笔记
Distributed Transactions - Introduction to Distributed Transactions, Distributed Transaction Framework Seata (AT Mode, Tcc Mode, Tcc Vs AT), Distributed Transactions - MQ
为什么要用Flink,怎么入门使用Flink?
MySQL8.0安装教程,在Linux环境安装MySQL8.0教程,最新教程 超详细
C语言教程(三)-if和循环
Redis Advanced - Cache Issues: Consistency, Penetration, Penetration, Avalanche, Pollution, etc.
如何将项目部署到服务器上(全套教程)
基于flask的三方登陆的流程
pytorch中的一维、二维、三维卷积操作
Distributed transaction processing solution big PK!
第7章 网络层第3次练习题答案(第三版)
Interviewer: If the order is not paid within 30 minutes, it will be automatically canceled. How to do this?
pycharm专业版使用
uni-app进阶之生命周期【day8】
【数据库学习】Redis 解析器&&单线程&&模型
Refinement of the four major collection frameworks: Summary of List core knowledge
梳理一下自己常用的快捷键
Interviewer, don't ask me to shake hands three times and wave four times again