升级k8s证书有效期为100年
安装go环境(1.12版本)
wget https://storage.googleapis.com/golang/go1.12.5.linux-amd64.tar.gz
tar -C /root -xzf go1.12.5.linux-amd64.tar.gz
vim ~/.bashrc
export GOPATH=/root/Go
export GOROOT=/root/go
export PATH=$PATH:$GOROOT/bin
source ~/.bashrc
重新编译kubernetes
cd /root/go/src
git clone https://github.com/kubernetes/kubernetes.git
git checkout v1.16.3#对应自己的版本
vim cmd/kubeadm/app/constants/constants.go #修改源代码
CertificateValidity = time.Hour * 24 * 365 * 100
make WHAT=cmd/kubeadm
备份原有的配置文件
cp /usr/bin/kubeadm{,.bak20210707}
cp -r /etc/kubernetes/pki{,.bak20210707}
替换原有的kubeadm
cp _output/bin/kubeadm /usr/bin/kubeadm
生成新的证书
cd /etc/kubernetes/pki
kubeadm alpha certs renew all
验证结果
[root@k8s-master-01 ~]# kubeadm alpha certs check-expiration
CERTIFICATE EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
admin.conf Jun 13, 2121 09:31 UTC 99y no
apiserver Jun 13, 2121 09:31 UTC 99y no
apiserver-etcd-client Jun 13, 2121 09:31 UTC 99y no
apiserver-kubelet-client Jun 13, 2121 09:31 UTC 99y no
controller-manager.conf Jun 13, 2121 09:31 UTC 99y no
etcd-healthcheck-client Jun 13, 2121 09:31 UTC 99y no
etcd-peer Jun 13, 2121 09:31 UTC 99y no
etcd-server Jun 13, 2121 09:31 UTC 99y no
front-proxy-client Jun 13, 2121 09:31 UTC 99y no
scheduler.conf Jun 13, 2121 09:31 UTC 99y no
其他两个master节点更新(分别在两个节点执行)
scp /usr/bin/kubeadm k8s-master-02:/usr/bin/
kubeadm alpha certs renew all
其他两个node更新
scp /etc/kubernetes/pki/ca.crt k8s-node-01:/etc/kubernetes/pki/
-
