当前位置:网站首页>Kubernetes certificate validity period modification
Kubernetes certificate validity period modification
2022-07-31 05:34:00 【hunheidaode】
Certificate validity period modification
[[email protected] pki]# openssl x509 -in apiserver.crt -text -noout
First download the source code of kubeadm, and modify the function of apiserver one-year certificate distribution, from 1 year to 10 years.(Requires go language environment)
1.go locale
[[email protected] data]# tar -zxvf go1.16.5.linux-amd64.tar.gz -C /usr/local[[email protected] data]# vim /etc/profileexport PATH=$PATH:/usr/local/go/bin[[email protected] data]# source /etc/profile[[email protected] data]# go version- 1
- 2
- 3
- 4
- 5
2. Download the kubernetes source code
[[email protected] data]# git clone https://github.com/kubernetes/kubernetes.git[[email protected] data]# cd kubernetes[[email protected] kubernetes]# kubeadm versionkubeadm version: &version.Info{Major:"1", Minor:"15", GitVersion:"v1.21.2",[[email protected] kubernetes]# git checkout -b remotes/origin/release-1.21.2 v1.21.2- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
3. Modify the Kubeadm source package update certificate policy
[[email protected] kubernetes]# vim staging/src/k8s.io/client-go/util/cert/cert.go# kubeadm before version 1.14vi cmd/kubeadm/app/constants/constants.go# kubeadm 1.21.2 to date// NewSignedCert {const duration365d = time.Hour * 24 * 365 * 100NotAfter: time.Now().Add(duration365d).UTC(),}[[email protected] kubernetes]# make WHAT=cmd/kubeadm GOFLAGS=-v[[email protected] kubernetes]# cp /usr/bin/kubeadm /usr/bin/kubeadm.old[[email protected] kubernetes]# cp _output/bin/kubeadm /usr/bin/kubeadm[[email protected] kubernetes]# chmod a+x /usr/bin/kubeadm[[email protected] kubernetes]# cd /etc/kubernetes/[[email protected] kubernetes]# cp -r pki /pki.oldNew certificate generation[[email protected] ~]# kubeadm certs renew all --config=/root/kubeadm_init/kubeadm-config.yaml--config is the yaml file that originally installed the k8s cluster[[email protected] ~]# cd /etc/kubernetes/pkiView certificate age[[email protected] pki]# openssl x509 -in apiserver.crt -text -nooutView kubeadm-config.yaml location[[email protected] pki]# cd /etc/kubernetes/pki/openssl x509 -in apiserver.crt -text -nooutk8sv1.19.10 version:Need to add alpha commandkubeadm alpha certs renew all --config=/root/kubeadm_init/kubeadm-config.yamlYou also need to add alpha to view the expiration time of all certificateskubeadm alpha certs check-expiration边栏推荐
猜你喜欢
账号或密码多次输入错误,进行账号封禁
Interviewer: If the order is not paid within 30 minutes, it will be automatically canceled. How to do this?
If the account number or password is entered incorrectly for many times, the account will be banned.
Tapdata 与 Apache Doris 完成兼容性互认证,共建新一代数据架构
剑指offer专项突击版 --- 第 4 天
MySQL-如何分库分表?一看就懂
C语言实验三 选择结构程序设计
Anaconda配置环境指令
Refinement of the four major collection frameworks: Summary of List core knowledge
TOGAF之架构标准规范(一)
随机推荐
第7章 网络层第3次练习题答案(第三版)
The interviewer asked me how to divide the database and the table?Fortunately, I summed up a set of eight-part essays
剑指offer专项突击版 --- 第 4 天
三子棋讲解(C语言)
剑指offer基础版 ----第31天
剑指offer基础版 --- 第22天
Kubernetes 证书可用年限修改
Swordsman Offer Special Assault Edition --- Day 3
Apache DButils使用注意事项--with modifiers “public“
【一起学Rust】Rust的Hello Rust详细解析
可点击也可直接复制指定内容js
matlab simulink欠驱动水面船舶航迹自抗扰控制研究
MYSQL一站式学习,看完即学完
Distributed transaction processing solution big PK!
数据库上机实验4 数据更新和视图
Qt Creator + CMake 运行调试总会自动 build 所有目标
剑指offer基础版 ----- 第28天
Typec手机有线网卡网线转网口转接口快充方案
Sword Point Offer Special Assault Edition ---- Day 2
【C语言3个基本结构详解——顺序、选择、循环】