k8s学习(十一)-- 运维

学习目标:修改kubeadm,达到证书可用期限为十年   能够构建高可用的k8s集群

一、修改证书期限

  1. git clone https://github.com/kubernetes/kubernetes.git

  2. git checkout -b remotes/origin/release-1.15.1 v1.15.1

  3. vim cmd/kubeadm/app/util/pkiutil/pki_helpers.go

    func NewSignedCert ==> certTmpl==>NotAfter

  4. make WHAT=cmd/kubeadm GOFLAGS=-v

  5. cp _output/bin/kubeadm /usr/bin

  6. chmod a+x /usr/bin/kubeadm

  7. kubeadm alpha certs renew all --config=/usr/local/install-k8s/core/kubeadm-config.yaml

  8. 检查:cd /etc/kubernetes/pki

    openssl x509 -in apiserver.cert -text -noout

posted on 2019-11-26 10:44  DjanFey  阅读(163)  评论(0编辑  收藏  举报

导航