1、安装go

tar zxf go1.14.6.linux-amd64.tar.gz -C /usr/local

export PATH=/usr/local/go/bin:$PATH

2、下载源码

wget https://github.com/kubernetes/kubernetes/archive/master.zip

#解压

unzip master.zip

3、修改 时间

cd kubernetes-master/cmd/kubeadm/app/constants

sed -i 's/CertificateValidity = time.Hour \* 24 \* 365/CertificateValidity = time.Hour \* 24 \* 365 \* 10/g' constants.go

4、编译

 cd ~/kubernetes-master

 make WHAT=cmd/kubeadm GOFLAGS=-v

 # 新生成的kubeadm在 _output/bin/ 目录下

5、备份替换kubeadm

# 备份
cp /usr/bin/kubeadm{,.bak}

# 替换
cp ~/kubernetes-master/_output/bin/kubeadm /usr/bin/kubeadm

6、更新证书

cp -r /etc/kubernetes/pki{,.bak}
cd /etc/kubernetes/pki

kubeadm alpha certs renew all

7、验证查看结果

kubeadm alpha certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Jul 20, 2030 09:49 UTC   9y                                      no
apiserver                  Jul 20, 2030 09:49 UTC   9y              ca                      no
apiserver-etcd-client      Jul 20, 2030 09:49 UTC   9y              etcd-ca                 no
apiserver-kubelet-client   Jul 20, 2030 09:49 UTC   9y              ca                      no
controller-manager.conf    Jul 20, 2030 09:49 UTC   9y                                      no
etcd-healthcheck-client    Jul 20, 2030 09:49 UTC   9y              etcd-ca                 no
etcd-peer                  Jul 20, 2030 09:49 UTC   9y              etcd-ca                 no
etcd-server                Jul 20, 2030 09:49 UTC   9y              etcd-ca                 no
front-proxy-client         Jul 20, 2030 09:49 UTC   9y              front-proxy-ca          no
scheduler.conf             Jul 20, 2030 09:49 UTC   9y                                      no

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Jul 20, 2030 05:45 UTC   9y              no
etcd-ca                 Jul 20, 2030 05:45 UTC   9y              no
front-proxy-ca          Jul 20, 2030 05:45 UTC   9y              no

版权声明:如无特殊说明,文章均为本站原创,转载请注明出处

本文链接:http://jiazone.cn:8848/article/5/