重新编译kubeadm,修改默认证书时间

准备go环境,由于我在github上下载,最新的代码,运行的时候报错

重新编译kubeadm,修改默认证书时间_第1张图片

 

所以准备了1.13.4和github上最新的k8s代码

[root@k8s-master mnt]# go version
go version go1.13.4 linux/amd64
[root@k8s-master mnt]# ll
总用量 117352
-rw-r--r--  1 root root        42 12月 24 23:38 auth
-rw-r--r--  1 root root       375 12月 23 20:46 cronjob.yaml
-rw-r--r--  1 root root       336 12月 23 20:00 daemonset.yaml
drwxr-xr-x  3 root root        60 1月   5 19:21 data
-rw-r--r--  1 root root       558 12月 24 22:46 deployment1.yaml
-rw-r--r--  1 root root       562 12月 24 22:49 deployment2.yaml
-rw-r--r--  1 root root       562 12月 24 23:16 deployment3.yaml
-rw-r--r--  1 root root       326 12月 20 15:10 deployment.yaml
-rw-r--r--  1 root root 120054682 1月   5 19:28 go1.13.4.linux-amd64.tar.gz
drwxr-xr-x. 2 root root         6 12月 18 09:31 hgfs
-rw-r--r--  1 root root       311 12月 24 23:35 https.ingress.yaml
-rw-r--r--  1 root root       231 12月 24 22:37 ingress1.yaml
-rw-r--r--  1 root root       454 12月 24 22:57 ingress2.yaml
-rw-r--r--  1 root root       365 12月 24 21:44 ingress-http.yaml
-rw-r--r--  1 root root       188 12月 24 21:54 ingress-svc.yaml
-rw-r--r--  1 root root       430 12月 24 23:46 ingress.yaml
-rw-r--r--  1 root root       260 12月 23 20:21 job.yaml
-rw-r--r--  1 root root      6940 12月 24 20:48 mandatory.yaml
-rw-r--r--  1 root root       201 12月 23 22:05 myapp-service.yaml
-rw-r--r--  1 root root       180 12月 24 21:51 NodePort.yaml
-rw-r--r--  1 root root       289 12月 27 15:26 pod1.yaml
drwxr-xr-x  2 root root        21 12月 30 22:35 pv
-rw-r--r--  1 root root       321 12月 24 23:56 re.yaml
-rw-r--r--  1 root root       391 12月 20 10:54 rs.yaml
-rw-r--r--  1 root root       492 12月 24 20:58 service-nodeport.yaml
-rw-r--r--  1 root root       466 12月 23 22:02 svc-deployment.yaml
-rw-r--r--  1 root root       177 12月 23 22:15 svc-headless.yaml
-rw-r--r--  1 root root      1143 12月 24 23:13 tls.crt
-rw-r--r--  1 root root      1704 12月 24 23:13 tls.key
drwxr-xr-x  2 root root         6 12月 27 10:40 volume
-rw-r--r--  1 root root       450 12月 27 13:44 volume.yaml
[root@k8s-master data]# cd /mnt/data
[root@k8s-master data]# ll
总用量 46292
drwxr-xr-x 20 root root     4096 1月   5 19:30 kubernetes-master
-rw-r--r--  1 root root 47397248 1月   5 19:04 kubernetes-master.zip
[root@k8s-master data]#

 有需要的朋友,留言找我,我发给你们

[root@k8s-master ~]# cd /etc/kubernetes/pki/
[root@k8s-master pki]# ll
总用量 56
-rw-r--r-- 1 root root 1224 12月 19 22:20 apiserver.crt
-rw-r--r-- 1 root root 1090 12月 19 22:20 apiserver-etcd-client.crt
-rw------- 1 root root 1675 12月 19 22:20 apiserver-etcd-client.key
-rw------- 1 root root 1675 12月 19 22:20 apiserver.key
-rw-r--r-- 1 root root 1099 12月 19 22:20 apiserver-kubelet-client.crt
-rw------- 1 root root 1679 12月 19 22:20 apiserver-kubelet-client.key
-rw-r--r-- 1 root root 1025 12月 19 22:20 ca.crt
-rw------- 1 root root 1679 12月 19 22:20 ca.key
drwxr-xr-x 2 root root  162 12月 19 22:20 etcd
-rw-r--r-- 1 root root 1038 12月 19 22:20 front-proxy-ca.crt
-rw------- 1 root root 1679 12月 19 22:20 front-proxy-ca.key
-rw-r--r-- 1 root root 1058 12月 19 22:20 front-proxy-client.crt
-rw------- 1 root root 1675 12月 19 22:20 front-proxy-client.key
-rw------- 1 root root 1679 12月 19 22:20 sa.key
-rw------- 1 root root  451 12月 19 22:20 sa.pub
[root@k8s-master pki]# openssl x509 -in apiserver.crt -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1083424880364463114 (0xf0919303ef1a40a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=kubernetes
        Validity
            Not Before: Dec 19 14:20:08 2019 GMT
            Not After : Dec 18 14:20:08 2020 GMT
        Subject: CN=kube-apiserver
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:b4:fb:44:e4:5a:2f:fd:9a:3e:9b:55:d4:02:39:
                    ca:bf:17:cb:45:f0:a9:44:10:77:0b:db:60:89:46:
                    a2:8a:cf:11:94:f1:0c:2d:a0:9f:5b:3f:95:cd:9f:
                    79:1b:b1:30:7b:64:e8:c3:bc:dd:14:c0:ec:b3:17:
                    ac:03:53:97:12:4b:f3:a6:d1:7d:f1:ea:6f:91:68:
                    45:46:2c:cd:78:b8:97:1a:61:e3:fe:57:5f:b6:df:
                    7f:86:49:21:2d:57:52:fa:0d:49:f2:18:57:5a:74:
                    82:98:cb:5d:e4:1c:cf:98:5b:b4:52:fe:26:d2:fd:
                    e5:e2:93:30:f7:c4:dd:f0:df:09:f0:1e:ec:dc:e0:
                    43:8b:89:77:04:b5:05:ab:a9:a3:65:0b:33:33:2d:
                    90:14:0f:f4:87:13:fc:07:67:b7:42:98:2c:33:6f:
                    e9:6f:31:e6:55:9f:af:45:82:7f:49:bc:9b:75:2c:
                    de:32:76:2d:29:3c:33:51:2f:9e:02:b1:c4:e2:bd:
                    3d:20:c6:bc:8b:a1:55:04:43:09:1a:b2:0f:2e:c6:
                    8e:d1:53:39:1d:92:8a:62:36:9b:7a:2c:0f:9d:63:
                    34:6f:f6:0a:86:92:c1:0e:10:8b:2d:22:dd:99:db:
                    83:6b:cd:24:d0:cd:39:10:9f:9a:94:93:fb:f1:0a:
                    67:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage:
                TLS Web Server Authentication
            X509v3 Subject Alternative Name:
                DNS:k8s-master, DNS:kubernetes, DNS:kubernetes.default, DNS:kube                                                                               rnetes.default.svc, DNS:kubernetes.default.svc.cluster.local, IP Address:10.96.0                                                                               .1, IP Address:192.168.180.130
    Signature Algorithm: sha256WithRSAEncryption
         1c:0e:1b:03:3b:31:bc:8f:47:84:36:58:86:8b:67:25:c8:23:
         23:a2:d3:ef:6d:9e:b0:79:2a:cd:8a:cc:c9:31:a5:25:ca:a6:
         5e:c9:5c:33:f7:d0:a6:d5:df:f9:d3:73:67:b0:93:e8:33:24:
         68:8f:98:5e:57:c9:7c:bc:38:6f:8c:9e:5e:df:a3:42:d0:8f:
         1c:14:40:36:77:37:ad:30:88:c0:97:83:a8:ec:6b:7f:b8:71:
         5d:e6:c7:25:11:84:97:49:69:fd:3e:e8:4c:26:91:6b:07:e8:
         c6:87:20:75:cc:f5:61:ab:d5:f9:78:00:ff:c5:75:d0:0f:b9:
         a3:b4:5d:05:8a:67:7e:1d:3e:b9:c3:7e:f5:db:48:9a:4e:0d:
         2d:5a:06:f4:40:c7:c9:d7:d0:bd:cc:f9:7e:4d:82:73:70:cc:
         df:45:ea:40:22:86:43:5f:8c:99:a4:63:40:f5:4a:88:c1:67:
         69:70:08:99:07:3b:f7:a9:14:d4:ae:a0:aa:a6:12:fe:d8:48:
         f8:f8:b2:af:c2:32:25:8b:c9:ef:5a:48:85:d0:c9:aa:d6:06:
         4b:7a:a8:e7:67:a9:86:aa:40:7a:e1:1d:67:3f:2e:d9:0f:34:
         29:93:e8:8f:10:1d:90:b9:61:a6:86:8c:b4:e6:b2:bd:97:b1:
         e5:f6:2f:67
[root@k8s-master pki]# openssl x509 -in ca.crt -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 0 (0x0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=kubernetes
        Validity
            Not Before: Dec 19 14:20:08 2019 GMT
            Not After : Dec 16 14:20:08 2029 GMT
        Subject: CN=kubernetes
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e4:b7:02:93:76:07:53:b3:1b:00:c2:01:35:45:
                    8f:03:b8:5a:51:69:e1:45:fa:6b:4d:58:ac:c6:7d:
                    3c:ae:92:9d:85:1a:10:fa:a9:ae:1f:65:9d:e6:ee:
                    df:52:b3:84:c8:c0:55:09:35:6c:0c:5a:ab:7a:67:
                    ad:7f:15:53:2c:1e:d2:c1:4b:aa:e9:52:cb:a2:65:
                    be:f6:e7:45:05:ea:17:aa:01:e2:93:b9:66:6d:db:
                    c9:88:9f:7b:1e:d7:5e:4c:dc:58:5a:31:f5:d9:e9:
                    60:52:c9:d8:13:35:08:00:91:8b:1d:1d:15:40:af:
                    ad:85:6e:26:8c:eb:87:b8:a2:1e:88:51:97:81:fa:
                    d5:6a:17:d9:dc:8f:e0:5f:6d:31:23:a1:31:ec:ed:
                    95:db:aa:e1:c2:d8:c4:34:a4:2f:e3:81:ae:b5:7b:
                    e5:9d:d8:7d:f2:3c:79:83:70:12:39:bd:87:d2:7e:
                    49:fc:20:95:60:80:be:bb:cb:12:c6:7b:1e:db:29:
                    ef:ba:ec:24:72:3c:29:c5:72:c2:cc:8c:8d:f0:f3:
                    79:8d:e5:fb:0e:bb:82:60:ac:86:7a:94:ec:bf:33:
                    04:23:e2:09:ac:aa:fe:9f:d9:2f:43:dd:ae:8d:a5:
                    4c:1d:d0:af:71:b0:3a:be:10:d2:4d:26:92:06:9a:
                    87:1b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment, Certificate Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
    Signature Algorithm: sha256WithRSAEncryption
         4b:7b:b5:d6:18:6f:13:e3:ae:c2:0b:0b:75:61:7c:74:b4:5f:
         10:59:06:af:65:a3:b0:5e:5e:e3:25:c9:ff:e9:2f:59:6f:1c:
         7c:e2:69:cb:32:03:3a:40:e4:bd:43:1e:0e:a5:9a:96:e3:5f:
         81:24:e3:13:53:46:3c:bd:31:29:c3:e1:17:77:bf:e9:7f:20:
         21:32:e5:90:a9:b4:e0:3c:b9:63:41:a5:10:d9:3d:ff:3c:c3:
         71:e8:52:1e:84:c3:76:cc:26:54:65:d6:d2:13:b7:54:42:b8:
         b9:a2:ff:6f:4a:9f:fc:6a:10:7c:22:99:20:04:c4:51:86:8a:
         23:2d:0a:e7:ae:86:74:52:76:a6:f6:7c:57:e4:2a:e6:f4:7c:
         5a:10:69:44:e6:3b:67:01:ff:60:d8:05:6c:31:8a:ad:19:14:
         b2:f4:20:17:b4:8d:37:a6:86:e7:85:20:f7:b3:45:b7:b4:fb:
         a4:43:88:db:bd:fd:af:17:45:5f:bf:2c:3a:5e:7a:ae:0e:73:
         c3:a4:42:39:04:d7:66:c9:8e:25:e7:0c:7f:b5:52:0e:ec:0c:
         0a:60:fe:33:be:15:5c:81:9a:e1:81:3e:d5:4b:29:71:ee:a0:
         a5:94:a9:b9:a7:43:43:29:85:84:fb:96:c4:45:0b:20:88:2b:
         54:2d:6b:e8
[root@k8s-master pki]# ll

 其中以apiserver为例,就只有1年的有效期。

准备go语言环境

tar -zxvf go1.13.4.linux-amd64.tar.gz -C /usr/local
vi /etc/profile
export PATH=$PATH:/usr/local/go/bin
source /etc/profile

由于我虚拟机网络没有代理也没有软路由,所以就在windows下载了压缩包

重新编译kubeadm,修改默认证书时间_第2张图片

 

 

[root@k8s-master data]# cd /mnt/data
[root@k8s-master data]# ll
总用量 46292
drwxr-xr-x 20 root root     4096 1月   5 19:30 kubernetes-master
-rw-r--r--  1 root root 47397248 1月   5 19:04 kubernetes-master.zip
[root@k8s-master data]# cd kubernetes-master
[root@k8s-master kubernetes-master]# ll
总用量 4076
drwxr-xr-x  4 root root     57 1月   3 15:39 api
drwxr-xr-x 13 root root   4096 1月   3 15:39 build
lrwxrwxrwx  1 root root     21 1月   5 19:05 BUILD.bazel -> build/root/BUILD.root
-rw-r--r--  1 root root 350046 1月   3 15:39 CHANGELOG-1.10.md
-rw-r--r--  1 root root 336236 1月   3 15:39 CHANGELOG-1.11.md
-rw-r--r--  1 root root 300828 1月   3 15:39 CHANGELOG-1.12.md
-rw-r--r--  1 root root 279663 1月   3 15:39 CHANGELOG-1.13.md
-rw-r--r--  1 root root 278008 1月   3 15:39 CHANGELOG-1.14.md
-rw-r--r--  1 root root 246699 1月   3 15:39 CHANGELOG-1.15.md
-rw-r--r--  1 root root 249565 1月   3 15:39 CHANGELOG-1.16.md
-rw-r--r--  1 root root 203477 1月   3 15:39 CHANGELOG-1.17.md
-rw-r--r--  1 root root  22372 1月   3 15:39 CHANGELOG-1.18.md
-rw-r--r--  1 root root  42481 1月   3 15:39 CHANGELOG-1.2.md
-rw-r--r--  1 root root  86133 1月   3 15:39 CHANGELOG-1.3.md
-rw-r--r--  1 root root 136777 1月   3 15:39 CHANGELOG-1.4.md
-rw-r--r--  1 root root 139742 1月   3 15:39 CHANGELOG-1.5.md
-rw-r--r--  1 root root 311353 1月   3 15:39 CHANGELOG-1.6.md
-rw-r--r--  1 root root 316110 1月   3 15:39 CHANGELOG-1.7.md
-rw-r--r--  1 root root 319627 1月   3 15:39 CHANGELOG-1.8.md
-rw-r--r--  1 root root 324052 1月   3 15:39 CHANGELOG-1.9.md
-rw-r--r--  1 root root   1652 1月   3 15:39 CHANGELOG.md
drwxr-xr-x 11 root root   4096 1月   3 15:39 cluster
drwxr-xr-x 23 root root   4096 1月   3 15:39 cmd
-rw-r--r--  1 root root    148 1月   3 15:39 code-of-conduct.md
-rw-r--r--  1 root root    493 1月   3 15:39 CONTRIBUTING.md
drwxr-xr-x  2 root root     51 1月   3 15:39 docs
drwxr-xr-x  2 root root     36 1月   3 15:39 Godeps
-rw-r--r--  1 root root  38953 1月   3 15:39 go.mod
-rw-r--r--  1 root root  60970 1月   3 15:39 go.sum
drwxr-xr-x 11 root root   4096 1月   3 15:39 hack
-rw-r--r--  1 root root  11358 1月   3 15:39 LICENSE
drwxr-xr-x  2 root root    323 1月   3 15:39 logo
lrwxrwxrwx  1 root root     19 1月   5 19:05 Makefile -> build/root/Makefile
lrwxrwxrwx  1 root root     35 1月   5 19:05 Makefile.generated_files -> build/root/Makefile.generated_files
drwxr-xr-x  3 root root    173 1月   5 19:36 _output
-rw-r--r--  1 root root    806 1月   3 15:39 OWNERS
-rw-r--r--  1 root root   9075 1月   3 15:39 OWNERS_ALIASES
drwxr-xr-x 33 root root   4096 1月   3 15:39 pkg
drwxr-xr-x  3 root root     44 1月   3 15:39 plugin
-rw-r--r--  1 root root   3468 1月   3 15:39 README.md
-rw-r--r--  1 root root    563 1月   3 15:39 SECURITY_CONTACTS
drwxr-xr-x  4 root root    106 1月   3 15:39 staging
-rw-r--r--  1 root root   1110 1月   3 15:39 SUPPORT.md
drwxr-xr-x 17 root root    263 1月   3 15:39 test
drwxr-xr-x  7 root root    134 1月   3 15:39 third_party
drwxr-xr-x  4 root root     95 1月   3 15:39 translations
drwxr-xr-x 18 root root   4096 1月   3 15:39 vendor
lrwxrwxrwx  1 root root     20 1月   5 19:05 WORKSPACE -> build/root/WORKSPACE
[root@k8s-master kubernetes-master]#
vim cmd/kubeadm/app/util/pkiutil/pki_helpers.g

重新编译kubeadm,修改默认证书时间_第3张图片

 

 更新证书的策略,从新生成kubeadm

[root@k8s-master kubernetes-master]# make WHAT=cmd/kubeadm GOFLAGS=-v
k8s.io/kubernetes/vendor/github.com/spf13/pflag
k8s.io/kubernetes/hack/make-rules/helpers/go2make
+++ [0105 19:30:48] Building go targets for linux/amd64:
    ./vendor/k8s.io/code-generator/cmd/deepcopy-gen
k8s.io/kubernetes/vendor/golang.org/x/tools/internal/semver
k8s.io/kubernetes/vendor/golang.org/x/tools/go/ast/astutil
k8s.io/kubernetes/vendor/golang.org/x/tools/go/internal/gcimporter
k8s.io/kubernetes/vendor/golang.org/x/tools/go/internal/packagesdriver
k8s.io/kubernetes/vendor/golang.org/x/tools/internal/fastwalk
k8s.io/kubernetes/vendor/golang.org/x/tools/internal/gopathwalk
k8s.io/kubernetes/vendor/golang.org/x/tools/go/gcexportdata
k8s.io/kubernetes/vendor/golang.org/x/tools/internal/module
[root@k8s-master kubernetes-master]# cp _output/bin/kubeadm /root
[root@k8s-master kubernetes-master]# cp /usr/bin/kubeadm /usr/bin/kubeadm.old
[root@k8s-master kubernetes-master]# cd
[root@k8s-master ~]# ll
总用量 38424
-rw-------. 1 root root     1731 12月 18 00:07 anaconda-ks.cfg
-rw-r--r--. 1 root root     1779 12月 18 00:11 initial-setup-ks.cfg
-rwxr-xr-x  1 root root 39305216 1月   5 19:40 kubeadm
-rw-r--r--  1 root root     1028 12月 19 22:26 kubeadm-config.yaml
-rw-r--r--  1 root root     4668 12月 19 22:20 kubeadm-init.log
-rw-r--r--  1 root root    14416 12月 19 22:36 kube-flannel.yml
-rw-r--r--. 1 root root      484 12月 18 09:40 kubernetes.conf
[root@k8s-master ~]# cp kubeadm /usr/bin/
cp:是否覆盖"/usr/bin/kubeadm"? y
[root@k8s-master ~]# chmod a+x /usr/bin/kubeadm
[root@k8s-master ~]# cd /etc/kubernetes/
[root@k8s-master kubernetes]# cp -r pki/ pki.old
ll[root@k8s-master kubernetes]# ll
总用量 40
-rw-------  1 root root 5455 12月 19 22:20 admin.conf
-rw-------  1 root root 5491 12月 19 22:20 controller-manager.conf
-rw-------  1 root root 5479 12月 19 22:20 kubelet.conf
drwxr-xr-x. 2 root root  113 12月 19 22:20 manifests
drwxr-xr-x  3 root root 4096 12月 19 22:20 pki
drwxr-xr-x  3 root root 4096 1月   5 19:43 pki.old
-rw-------  1 root root 5439 12月 19 22:20 scheduler.conf
[root@k8s-master kubernetes]# cd
[root@k8s-master ~]# ll
总用量 38424
-rw-------. 1 root root     1731 12月 18 00:07 anaconda-ks.cfg
-rw-r--r--. 1 root root     1779 12月 18 00:11 initial-setup-ks.cfg
-rwxr-xr-x  1 root root 39305216 1月   5 19:40 kubeadm
-rw-r--r--  1 root root     1028 12月 19 22:26 kubeadm-config.yaml
-rw-r--r--  1 root root     4668 12月 19 22:20 kubeadm-init.log
-rw-r--r--  1 root root    14416 12月 19 22:36 kube-flannel.yml
-rw-r--r--. 1 root root      484 12月 18 09:40 kubernetes.conf
[root@k8s-master ~]# kubeadm alpha certs renew all --config=/root/kubeadm-config.yaml
[config] WARNING: Ignored YAML document with GroupVersionKind kubeproxy.config.k8s.io/v1alpha1, Kind=KubeProxyConfiguration
W0105 19:44:53.169768   39248 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed
[root@k8s-master ~]# cd /etc/kubernetes/pki
[root@k8s-master pki]# ll
总用量 56
-rw-r--r-- 1 root root 1224 1月   5 19:44 apiserver.crt
-rw-r--r-- 1 root root 1090 1月   5 19:44 apiserver-etcd-client.crt
-rw------- 1 root root 1675 1月   5 19:44 apiserver-etcd-client.key
-rw------- 1 root root 1675 1月   5 19:44 apiserver.key
-rw-r--r-- 1 root root 1099 1月   5 19:44 apiserver-kubelet-client.crt
-rw------- 1 root root 1679 1月   5 19:44 apiserver-kubelet-client.key
-rw-r--r-- 1 root root 1025 12月 19 22:20 ca.crt
-rw------- 1 root root 1679 12月 19 22:20 ca.key
drwxr-xr-x 2 root root  162 12月 19 22:20 etcd
-rw-r--r-- 1 root root 1038 12月 19 22:20 front-proxy-ca.crt
-rw------- 1 root root 1679 12月 19 22:20 front-proxy-ca.key
-rw-r--r-- 1 root root 1058 1月   5 19:44 front-proxy-client.crt
-rw------- 1 root root 1675 1月   5 19:44 front-proxy-client.key
-rw------- 1 root root 1679 12月 19 22:20 sa.key
-rw------- 1 root root  451 12月 19 22:20 sa.pub

重新编译kubeadm,修改默认证书时间_第4张图片

 

 时间已经发生改变,以上就为全部的详细代码

你可能感兴趣的:(重新编译kubeadm,修改默认证书时间)