重新编译kubeadm,修改默认证书时间
Posted dalianpai
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了重新编译kubeadm,修改默认证书时间相关的知识,希望对你有一定的参考价值。
准备go环境,由于我在github上下载,最新的代码,运行的时候报错
所以准备了1.13.4和github上最新的k8s代码
[root@k8s-master mnt]# go version go version go1.13.4 linux/amd64 [root@k8s-master mnt]# ll 总用量 117352 -rw-r--r-- 1 root root 42 12月 24 23:38 auth -rw-r--r-- 1 root root 375 12月 23 20:46 cronjob.yaml -rw-r--r-- 1 root root 336 12月 23 20:00 daemonset.yaml drwxr-xr-x 3 root root 60 1月 5 19:21 data -rw-r--r-- 1 root root 558 12月 24 22:46 deployment1.yaml -rw-r--r-- 1 root root 562 12月 24 22:49 deployment2.yaml -rw-r--r-- 1 root root 562 12月 24 23:16 deployment3.yaml -rw-r--r-- 1 root root 326 12月 20 15:10 deployment.yaml -rw-r--r-- 1 root root 120054682 1月 5 19:28 go1.13.4.linux-amd64.tar.gz drwxr-xr-x. 2 root root 6 12月 18 09:31 hgfs -rw-r--r-- 1 root root 311 12月 24 23:35 https.ingress.yaml -rw-r--r-- 1 root root 231 12月 24 22:37 ingress1.yaml -rw-r--r-- 1 root root 454 12月 24 22:57 ingress2.yaml -rw-r--r-- 1 root root 365 12月 24 21:44 ingress-http.yaml -rw-r--r-- 1 root root 188 12月 24 21:54 ingress-svc.yaml -rw-r--r-- 1 root root 430 12月 24 23:46 ingress.yaml -rw-r--r-- 1 root root 260 12月 23 20:21 job.yaml -rw-r--r-- 1 root root 6940 12月 24 20:48 mandatory.yaml -rw-r--r-- 1 root root 201 12月 23 22:05 myapp-service.yaml -rw-r--r-- 1 root root 180 12月 24 21:51 NodePort.yaml -rw-r--r-- 1 root root 289 12月 27 15:26 pod1.yaml drwxr-xr-x 2 root root 21 12月 30 22:35 pv -rw-r--r-- 1 root root 321 12月 24 23:56 re.yaml -rw-r--r-- 1 root root 391 12月 20 10:54 rs.yaml -rw-r--r-- 1 root root 492 12月 24 20:58 service-nodeport.yaml -rw-r--r-- 1 root root 466 12月 23 22:02 svc-deployment.yaml -rw-r--r-- 1 root root 177 12月 23 22:15 svc-headless.yaml -rw-r--r-- 1 root root 1143 12月 24 23:13 tls.crt -rw-r--r-- 1 root root 1704 12月 24 23:13 tls.key drwxr-xr-x 2 root root 6 12月 27 10:40 volume -rw-r--r-- 1 root root 450 12月 27 13:44 volume.yaml [root@k8s-master data]# cd /mnt/data [root@k8s-master data]# ll 总用量 46292 drwxr-xr-x 20 root root 4096 1月 5 19:30 kubernetes-master -rw-r--r-- 1 root root 47397248 1月 5 19:04 kubernetes-master.zip [root@k8s-master data]#
有需要的朋友,留言找我,我发给你们
[root@k8s-master ~]# cd /etc/kubernetes/pki/ [root@k8s-master pki]# ll 总用量 56 -rw-r--r-- 1 root root 1224 12月 19 22:20 apiserver.crt -rw-r--r-- 1 root root 1090 12月 19 22:20 apiserver-etcd-client.crt -rw------- 1 root root 1675 12月 19 22:20 apiserver-etcd-client.key -rw------- 1 root root 1675 12月 19 22:20 apiserver.key -rw-r--r-- 1 root root 1099 12月 19 22:20 apiserver-kubelet-client.crt -rw------- 1 root root 1679 12月 19 22:20 apiserver-kubelet-client.key -rw-r--r-- 1 root root 1025 12月 19 22:20 ca.crt -rw------- 1 root root 1679 12月 19 22:20 ca.key drwxr-xr-x 2 root root 162 12月 19 22:20 etcd -rw-r--r-- 1 root root 1038 12月 19 22:20 front-proxy-ca.crt -rw------- 1 root root 1679 12月 19 22:20 front-proxy-ca.key -rw-r--r-- 1 root root 1058 12月 19 22:20 front-proxy-client.crt -rw------- 1 root root 1675 12月 19 22:20 front-proxy-client.key -rw------- 1 root root 1679 12月 19 22:20 sa.key -rw------- 1 root root 451 12月 19 22:20 sa.pub [root@k8s-master pki]# openssl x509 -in apiserver.crt -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 1083424880364463114 (0xf0919303ef1a40a) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=kubernetes Validity Not Before: Dec 19 14:20:08 2019 GMT Not After : Dec 18 14:20:08 2020 GMT Subject: CN=kube-apiserver Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:b4:fb:44:e4:5a:2f:fd:9a:3e:9b:55:d4:02:39: ca:bf:17:cb:45:f0:a9:44:10:77:0b:db:60:89:46: a2:8a:cf:11:94:f1:0c:2d:a0:9f:5b:3f:95:cd:9f: 79:1b:b1:30:7b:64:e8:c3:bc:dd:14:c0:ec:b3:17: ac:03:53:97:12:4b:f3:a6:d1:7d:f1:ea:6f:91:68: 45:46:2c:cd:78:b8:97:1a:61:e3:fe:57:5f:b6:df: 7f:86:49:21:2d:57:52:fa:0d:49:f2:18:57:5a:74: 82:98:cb:5d:e4:1c:cf:98:5b:b4:52:fe:26:d2:fd: e5:e2:93:30:f7:c4:dd:f0:df:09:f0:1e:ec:dc:e0: 43:8b:89:77:04:b5:05:ab:a9:a3:65:0b:33:33:2d: 90:14:0f:f4:87:13:fc:07:67:b7:42:98:2c:33:6f: e9:6f:31:e6:55:9f:af:45:82:7f:49:bc:9b:75:2c: de:32:76:2d:29:3c:33:51:2f:9e:02:b1:c4:e2:bd: 3d:20:c6:bc:8b:a1:55:04:43:09:1a:b2:0f:2e:c6: 8e:d1:53:39:1d:92:8a:62:36:9b:7a:2c:0f:9d:63: 34:6f:f6:0a:86:92:c1:0e:10:8b:2d:22:dd:99:db: 83:6b:cd:24:d0:cd:39:10:9f:9a:94:93:fb:f1:0a: 67:5f Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Subject Alternative Name: DNS:k8s-master, DNS:kubernetes, DNS:kubernetes.default, DNS:kube rnetes.default.svc, DNS:kubernetes.default.svc.cluster.local, IP Address:10.96.0 .1, IP Address:192.168.180.130 Signature Algorithm: sha256WithRSAEncryption 1c:0e:1b:03:3b:31:bc:8f:47:84:36:58:86:8b:67:25:c8:23: 23:a2:d3:ef:6d:9e:b0:79:2a:cd:8a:cc:c9:31:a5:25:ca:a6: 5e:c9:5c:33:f7:d0:a6:d5:df:f9:d3:73:67:b0:93:e8:33:24: 68:8f:98:5e:57:c9:7c:bc:38:6f:8c:9e:5e:df:a3:42:d0:8f: 1c:14:40:36:77:37:ad:30:88:c0:97:83:a8:ec:6b:7f:b8:71: 5d:e6:c7:25:11:84:97:49:69:fd:3e:e8:4c:26:91:6b:07:e8: c6:87:20:75:cc:f5:61:ab:d5:f9:78:00:ff:c5:75:d0:0f:b9: a3:b4:5d:05:8a:67:7e:1d:3e:b9:c3:7e:f5:db:48:9a:4e:0d: 2d:5a:06:f4:40:c7:c9:d7:d0:bd:cc:f9:7e:4d:82:73:70:cc: df:45:ea:40:22:86:43:5f:8c:99:a4:63:40:f5:4a:88:c1:67: 69:70:08:99:07:3b:f7:a9:14:d4:ae:a0:aa:a6:12:fe:d8:48: f8:f8:b2:af:c2:32:25:8b:c9:ef:5a:48:85:d0:c9:aa:d6:06: 4b:7a:a8:e7:67:a9:86:aa:40:7a:e1:1d:67:3f:2e:d9:0f:34: 29:93:e8:8f:10:1d:90:b9:61:a6:86:8c:b4:e6:b2:bd:97:b1: e5:f6:2f:67 [root@k8s-master pki]# openssl x509 -in ca.crt -text -noout Certificate: Data: Version: 3 (0x2) Serial Number: 0 (0x0) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=kubernetes Validity Not Before: Dec 19 14:20:08 2019 GMT Not After : Dec 16 14:20:08 2029 GMT Subject: CN=kubernetes Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (2048 bit) Modulus: 00:e4:b7:02:93:76:07:53:b3:1b:00:c2:01:35:45: 8f:03:b8:5a:51:69:e1:45:fa:6b:4d:58:ac:c6:7d: 3c:ae:92:9d:85:1a:10:fa:a9:ae:1f:65:9d:e6:ee: df:52:b3:84:c8:c0:55:09:35:6c:0c:5a:ab:7a:67: ad:7f:15:53:2c:1e:d2:c1:4b:aa:e9:52:cb:a2:65: be:f6:e7:45:05:ea:17:aa:01:e2:93:b9:66:6d:db: c9:88:9f:7b:1e:d7:5e:4c:dc:58:5a:31:f5:d9:e9: 60:52:c9:d8:13:35:08:00:91:8b:1d:1d:15:40:af: ad:85:6e:26:8c:eb:87:b8:a2:1e:88:51:97:81:fa: d5:6a:17:d9:dc:8f:e0:5f:6d:31:23:a1:31:ec:ed: 95:db:aa:e1:c2:d8:c4:34:a4:2f:e3:81:ae:b5:7b: e5:9d:d8:7d:f2:3c:79:83:70:12:39:bd:87:d2:7e: 49:fc:20:95:60:80:be:bb:cb:12:c6:7b:1e:db:29: ef:ba:ec:24:72:3c:29:c5:72:c2:cc:8c:8d:f0:f3: 79:8d:e5:fb:0e:bb:82:60:ac:86:7a:94:ec:bf:33: 04:23:e2:09:ac:aa:fe:9f:d9:2f:43:dd:ae:8d:a5: 4c:1d:d0:af:71:b0:3a:be:10:d2:4d:26:92:06:9a: 87:1b Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Digital Signature, Key Encipherment, Certificate Sign X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: sha256WithRSAEncryption 4b:7b:b5:d6:18:6f:13:e3:ae:c2:0b:0b:75:61:7c:74:b4:5f: 10:59:06:af:65:a3:b0:5e:5e:e3:25:c9:ff:e9:2f:59:6f:1c: 7c:e2:69:cb:32:03:3a:40:e4:bd:43:1e:0e:a5:9a:96:e3:5f: 81:24:e3:13:53:46:3c:bd:31:29:c3:e1:17:77:bf:e9:7f:20: 21:32:e5:90:a9:b4:e0:3c:b9:63:41:a5:10:d9:3d:ff:3c:c3: 71:e8:52:1e:84:c3:76:cc:26:54:65:d6:d2:13:b7:54:42:b8: b9:a2:ff:6f:4a:9f:fc:6a:10:7c:22:99:20:04:c4:51:86:8a: 23:2d:0a:e7:ae:86:74:52:76:a6:f6:7c:57:e4:2a:e6:f4:7c: 5a:10:69:44:e6:3b:67:01:ff:60:d8:05:6c:31:8a:ad:19:14: b2:f4:20:17:b4:8d:37:a6:86:e7:85:20:f7:b3:45:b7:b4:fb: a4:43:88:db:bd:fd:af:17:45:5f:bf:2c:3a:5e:7a:ae:0e:73: c3:a4:42:39:04:d7:66:c9:8e:25:e7:0c:7f:b5:52:0e:ec:0c: 0a:60:fe:33:be:15:5c:81:9a:e1:81:3e:d5:4b:29:71:ee:a0: a5:94:a9:b9:a7:43:43:29:85:84:fb:96:c4:45:0b:20:88:2b: 54:2d:6b:e8 [root@k8s-master pki]# ll
其中以apiserver为例,就只有1年的有效期。
准备go语言环境
tar -zxvf go1.13.4.linux-amd64.tar.gz -C /usr/local vi /etc/profile export PATH=$PATH:/usr/local/go/bin source /etc/profile
由于我虚拟机网络没有代理也没有软路由,所以就在windows下载了压缩包
[root@k8s-master data]# cd /mnt/data [root@k8s-master data]# ll 总用量 46292 drwxr-xr-x 20 root root 4096 1月 5 19:30 kubernetes-master -rw-r--r-- 1 root root 47397248 1月 5 19:04 kubernetes-master.zip [root@k8s-master data]# cd kubernetes-master [root@k8s-master kubernetes-master]# ll 总用量 4076 drwxr-xr-x 4 root root 57 1月 3 15:39 api drwxr-xr-x 13 root root 4096 1月 3 15:39 build lrwxrwxrwx 1 root root 21 1月 5 19:05 BUILD.bazel -> build/root/BUILD.root -rw-r--r-- 1 root root 350046 1月 3 15:39 CHANGELOG-1.10.md -rw-r--r-- 1 root root 336236 1月 3 15:39 CHANGELOG-1.11.md -rw-r--r-- 1 root root 300828 1月 3 15:39 CHANGELOG-1.12.md -rw-r--r-- 1 root root 279663 1月 3 15:39 CHANGELOG-1.13.md -rw-r--r-- 1 root root 278008 1月 3 15:39 CHANGELOG-1.14.md -rw-r--r-- 1 root root 246699 1月 3 15:39 CHANGELOG-1.15.md -rw-r--r-- 1 root root 249565 1月 3 15:39 CHANGELOG-1.16.md -rw-r--r-- 1 root root 203477 1月 3 15:39 CHANGELOG-1.17.md -rw-r--r-- 1 root root 22372 1月 3 15:39 CHANGELOG-1.18.md -rw-r--r-- 1 root root 42481 1月 3 15:39 CHANGELOG-1.2.md -rw-r--r-- 1 root root 86133 1月 3 15:39 CHANGELOG-1.3.md -rw-r--r-- 1 root root 136777 1月 3 15:39 CHANGELOG-1.4.md -rw-r--r-- 1 root root 139742 1月 3 15:39 CHANGELOG-1.5.md -rw-r--r-- 1 root root 311353 1月 3 15:39 CHANGELOG-1.6.md -rw-r--r-- 1 root root 316110 1月 3 15:39 CHANGELOG-1.7.md -rw-r--r-- 1 root root 319627 1月 3 15:39 CHANGELOG-1.8.md -rw-r--r-- 1 root root 324052 1月 3 15:39 CHANGELOG-1.9.md -rw-r--r-- 1 root root 1652 1月 3 15:39 CHANGELOG.md drwxr-xr-x 11 root root 4096 1月 3 15:39 cluster drwxr-xr-x 23 root root 4096 1月 3 15:39 cmd -rw-r--r-- 1 root root 148 1月 3 15:39 code-of-conduct.md -rw-r--r-- 1 root root 493 1月 3 15:39 CONTRIBUTING.md drwxr-xr-x 2 root root 51 1月 3 15:39 docs drwxr-xr-x 2 root root 36 1月 3 15:39 Godeps -rw-r--r-- 1 root root 38953 1月 3 15:39 go.mod -rw-r--r-- 1 root root 60970 1月 3 15:39 go.sum drwxr-xr-x 11 root root 4096 1月 3 15:39 hack -rw-r--r-- 1 root root 11358 1月 3 15:39 LICENSE drwxr-xr-x 2 root root 323 1月 3 15:39 logo lrwxrwxrwx 1 root root 19 1月 5 19:05 Makefile -> build/root/Makefile lrwxrwxrwx 1 root root 35 1月 5 19:05 Makefile.generated_files -> build/root/Makefile.generated_files drwxr-xr-x 3 root root 173 1月 5 19:36 _output -rw-r--r-- 1 root root 806 1月 3 15:39 OWNERS -rw-r--r-- 1 root root 9075 1月 3 15:39 OWNERS_ALIASES drwxr-xr-x 33 root root 4096 1月 3 15:39 pkg drwxr-xr-x 3 root root 44 1月 3 15:39 plugin -rw-r--r-- 1 root root 3468 1月 3 15:39 README.md -rw-r--r-- 1 root root 563 1月 3 15:39 SECURITY_CONTACTS drwxr-xr-x 4 root root 106 1月 3 15:39 staging -rw-r--r-- 1 root root 1110 1月 3 15:39 SUPPORT.md drwxr-xr-x 17 root root 263 1月 3 15:39 test drwxr-xr-x 7 root root 134 1月 3 15:39 third_party drwxr-xr-x 4 root root 95 1月 3 15:39 translations drwxr-xr-x 18 root root 4096 1月 3 15:39 vendor lrwxrwxrwx 1 root root 20 1月 5 19:05 WORKSPACE -> build/root/WORKSPACE [root@k8s-master kubernetes-master]#
vim cmd/kubeadm/app/util/pkiutil/pki_helpers.g
更新证书的策略,从新生成kubeadm
[root@k8s-master kubernetes-master]# make WHAT=cmd/kubeadm GOFLAGS=-v k8s.io/kubernetes/vendor/github.com/spf13/pflag k8s.io/kubernetes/hack/make-rules/helpers/go2make +++ [0105 19:30:48] Building go targets for linux/amd64: ./vendor/k8s.io/code-generator/cmd/deepcopy-gen k8s.io/kubernetes/vendor/golang.org/x/tools/internal/semver k8s.io/kubernetes/vendor/golang.org/x/tools/go/ast/astutil k8s.io/kubernetes/vendor/golang.org/x/tools/go/internal/gcimporter k8s.io/kubernetes/vendor/golang.org/x/tools/go/internal/packagesdriver k8s.io/kubernetes/vendor/golang.org/x/tools/internal/fastwalk k8s.io/kubernetes/vendor/golang.org/x/tools/internal/gopathwalk k8s.io/kubernetes/vendor/golang.org/x/tools/go/gcexportdata k8s.io/kubernetes/vendor/golang.org/x/tools/internal/module
[root@k8s-master kubernetes-master]# cp _output/bin/kubeadm /root [root@k8s-master kubernetes-master]# cp /usr/bin/kubeadm /usr/bin/kubeadm.old [root@k8s-master kubernetes-master]# cd [root@k8s-master ~]# ll 总用量 38424 -rw-------. 1 root root 1731 12月 18 00:07 anaconda-ks.cfg -rw-r--r--. 1 root root 1779 12月 18 00:11 initial-setup-ks.cfg -rwxr-xr-x 1 root root 39305216 1月 5 19:40 kubeadm -rw-r--r-- 1 root root 1028 12月 19 22:26 kubeadm-config.yaml -rw-r--r-- 1 root root 4668 12月 19 22:20 kubeadm-init.log -rw-r--r-- 1 root root 14416 12月 19 22:36 kube-flannel.yml -rw-r--r--. 1 root root 484 12月 18 09:40 kubernetes.conf [root@k8s-master ~]# cp kubeadm /usr/bin/ cp:是否覆盖"/usr/bin/kubeadm"? y [root@k8s-master ~]# chmod a+x /usr/bin/kubeadm [root@k8s-master ~]# cd /etc/kubernetes/ [root@k8s-master kubernetes]# cp -r pki/ pki.old ll[root@k8s-master kubernetes]# ll 总用量 40 -rw------- 1 root root 5455 12月 19 22:20 admin.conf -rw------- 1 root root 5491 12月 19 22:20 controller-manager.conf -rw------- 1 root root 5479 12月 19 22:20 kubelet.conf drwxr-xr-x. 2 root root 113 12月 19 22:20 manifests drwxr-xr-x 3 root root 4096 12月 19 22:20 pki drwxr-xr-x 3 root root 4096 1月 5 19:43 pki.old -rw------- 1 root root 5439 12月 19 22:20 scheduler.conf [root@k8s-master kubernetes]# cd [root@k8s-master ~]# ll 总用量 38424 -rw-------. 1 root root 1731 12月 18 00:07 anaconda-ks.cfg -rw-r--r--. 1 root root 1779 12月 18 00:11 initial-setup-ks.cfg -rwxr-xr-x 1 root root 39305216 1月 5 19:40 kubeadm -rw-r--r-- 1 root root 1028 12月 19 22:26 kubeadm-config.yaml -rw-r--r-- 1 root root 4668 12月 19 22:20 kubeadm-init.log -rw-r--r-- 1 root root 14416 12月 19 22:36 kube-flannel.yml -rw-r--r--. 1 root root 484 12月 18 09:40 kubernetes.conf [root@k8s-master ~]# kubeadm alpha certs renew all --config=/root/kubeadm-config.yaml [config] WARNING: Ignored YAML document with GroupVersionKind kubeproxy.config.k8s.io/v1alpha1, Kind=KubeProxyConfiguration W0105 19:44:53.169768 39248 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io] certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed certificate for serving the Kubernetes API renewed certificate the apiserver uses to access etcd renewed certificate for the API server to connect to kubelet renewed certificate embedded in the kubeconfig file for the controller manager to use renewed certificate for liveness probes to healthcheck etcd renewed certificate for etcd nodes to communicate with each other renewed certificate for serving etcd renewed certificate for the front proxy client renewed certificate embedded in the kubeconfig file for the scheduler manager to use renewed [root@k8s-master ~]# cd /etc/kubernetes/pki [root@k8s-master pki]# ll 总用量 56 -rw-r--r-- 1 root root 1224 1月 5 19:44 apiserver.crt -rw-r--r-- 1 root root 1090 1月 5 19:44 apiserver-etcd-client.crt -rw------- 1 root root 1675 1月 5 19:44 apiserver-etcd-client.key -rw------- 1 root root 1675 1月 5 19:44 apiserver.key -rw-r--r-- 1 root root 1099 1月 5 19:44 apiserver-kubelet-client.crt -rw------- 1 root root 1679 1月 5 19:44 apiserver-kubelet-client.key -rw-r--r-- 1 root root 1025 12月 19 22:20 ca.crt -rw------- 1 root root 1679 12月 19 22:20 ca.key drwxr-xr-x 2 root root 162 12月 19 22:20 etcd -rw-r--r-- 1 root root 1038 12月 19 22:20 front-proxy-ca.crt -rw------- 1 root root 1679 12月 19 22:20 front-proxy-ca.key -rw-r--r-- 1 root root 1058 1月 5 19:44 front-proxy-client.crt -rw------- 1 root root 1675 1月 5 19:44 front-proxy-client.key -rw------- 1 root root 1679 12月 19 22:20 sa.key -rw------- 1 root root 451 12月 19 22:20 sa.pub
时间已经发生改变,以上就为全部的详细代码
以上是关于重新编译kubeadm,修改默认证书时间的主要内容,如果未能解决你的问题,请参考以下文章