kubernetes之证书更新

  • 开发
  • 59

一、证书更新

kubernetes的证书存放在/etc/kubernetes/pki目录下,使用kubeadm alpha certs check-expiration,可查看证书有效时间

可以看出apiserver等证书有效期为一年,ca等证书有效期是10年.

二、重新编译kubeadm

部署go环境
打开Go下载 - Go语言中文网 - Golang中文社区(https://studygolang.com/dl)网站,下载一个最新版的。

或者linux服务器上执行

$ wget https://studygolang.com/dl/golang/go1.18.1.linux-amd64.tar.gz
$ tar -zxvf go1.18.1.linux-amd64.tar.gz -C /usr/local/
$ cp /usr/local/go/bin/go  /usr/local/bin/
$ cp /usr/local/go/bin/gofmt /usr/local/bin/
$ chown a+x /usr/local/bin/go
$ chown a+x /usr/local/bin/gofmt
#测试安装是否正常
$ go version
go version go1.18.1 linux/amd64

三、下载对应kubernetes源码

查看安装kubernetes版本

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.6", GitCommit:"dff82dc0de47299ab66c83c626e08b245ab19037", GitTreeState:"clean", BuildDate:"2020-07-15T16:58:53Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.6", GitCommit:"dff82dc0de47299ab66c83c626e08b245ab19037", GitTreeState:"clean", BuildDate:"2020-07-15T16:51:04Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"linux/amd64"}

kuberneted版本为1.18.6,所以下载源码,下载地址https://github.com/kubernetes/kubernetes


$ unzip kubernetes-1.18.6.zip
$ cd kubernetes-1.18.6
#修改文件
$ vim ./cmd/kubeadm/app/constants/constants.go
const (
......
        // CertificateValidity defines the validity for all the signed certificates generated by kubeadm
        CertificateValidity = time.Hour * 24 * 365 * 100
.......

$ vim ./staging/src/k8s.io/client-go/util/cert/cert.go
func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) {
      ....
                NotAfter:              now.Add(duration365d * 100).UTC(),
      ....
}
#编译文件
$ make WHAT=cmd/kubeadm GOFLAGS=-v
#编译完成后生成的kubeadm在/opt/kubernetes-1.18.6/_output/bin目录下
$  ll /opt/kubernetes-1.18.6/_output/bin/
total 65656
-rwxr-xr-x. 1 root root  6115328 May 10 11:12 conversion-gen
-rwxr-xr-x. 1 root root  5849088 May 10 11:11 deepcopy-gen
-rwxr-xr-x. 1 root root  5840896 May 10 11:12 defaulter-gen
-rwxr-xr-x. 1 root root  3388281 May 10 11:11 go2make
-rwxr-xr-x. 1 root root  1744896 May 10 11:14 go-bindata
-rwxr-xr-x. 1 root root 34365440 May 10 14:31 kubeadm
-rwxr-xr-x. 1 root root  9924608 May 10 11:13 openapi-gen

 四、更新证书

$ mv  /usr/bin/kubeadm /usr/bin/kubeadmold
$ cp -R /etc/kubernetes/pki /etc/kubernetes/pkiold
#将重新编译好的kubeadm文件上传至/usr/bin/目录下,授权。
#更新证书
$ kubeadm alpha certs renew all
#再次查看证书信息
$ kubeadm alpha certs check-expiration

阅读全部

相关推荐

  2. kubernets】kubelet证书单独更新

    2024-02-22 11:32:06       49 阅读

  5. k8s 证书更新

    2024-02-22 11:32:06       32 阅读

  10. KubernetesHeadless Services

    2024-02-22 11:32:06       28 阅读

最近更新

  3. docker php8.1+nginx base 镜像 dockerfile 配置

    2024-02-22 11:32:06       94 阅读

  4. Could not load dynamic library ‘cudart64_100.dll‘

    2024-02-22 11:32:06       100 阅读

  9. 在Django里面运行非项目文件

    2024-02-22 11:32:06       82 阅读

  19. Python语言-面向对象

    2024-02-22 11:32:06       91 阅读

  20. 如何分清楚常见的 Git 分支管理策略Git Flow、GitHub Flow 和 GitLab Flow

    2024-02-22 11:32:06       85 阅读

热门阅读

  2. 编程笔记 Golang基础 015 数据类型:布尔类型

    2024-02-22 11:32:06       52 阅读

  3. Go 1.22 对 net/http 包的路由增强功能详解

    2024-02-22 11:32:06       45 阅读

  6. go语言内存泄漏检查工具

    2024-02-22 11:32:06       47 阅读

  11. 无人值守称重系统是如何提取车辆数据的

    2024-02-22 11:32:06       47 阅读

  13. 嵌入式Linux下的多线程编程

    2024-02-22 11:32:06       40 阅读

  16. Spring Boot

    2024-02-22 11:32:06       47 阅读

  18. 关于postgresql数据库单独设置某个用户日志级别(日志审计)

    2024-02-22 11:32:06       60 阅读

  19. Redis 数据结构详解:底层实现与高效使用场景

    2024-02-22 11:32:06       48 阅读

  25. C语言之删除中间的*

    2024-02-22 11:32:06       56 阅读

  27. 「Python系列」Python输入输出

    2024-02-22 11:32:06       59 阅读

  29. 喝点小酒-胡诌“编程语言学习”

    2024-02-22 11:32:06       46 阅读

  30. MySQL物理拷贝一张Innodb表的方法

    2024-02-22 11:32:06       42 阅读