安装go
mkdir /opt/data
cd /opt/data
wget https://studygolang.com/dl/golang/go1.17.6.linux-amd64.tar.gz
tar -xvf go1.17.6.linux-amd64.tar.gz -C /usr/local/配置环境变量
echo "export PATH=$PATH:/usr/local/go/bin" >>/etc/profile
source /etc/profile验证go环境
go version
go version go1.17.6 linux/amd64下载对应版本kubernetes代码
以1.22.7为例
wget https://codeload.github.com/kubernetes/kubernetes/zip/refs/tags/v1.22.7解压
unzip v1.22.7
cd kubernetes-1.22.7/代码修改
修改cmd/kubeadm/app/constants/constants.go
此处可修改组件证书,例如apiserver,etcd等
//CertificateValidity = time.Hour * 24 * 365 //默认是1年
CertificateValidity = time.Hour * 24 * 365 * 10 //改为10年修改staging/src/k8s.io/client-go/util/cert/cert.go
此处可修改集群根证书
//NotAfter: now.Add(duration365d * 10).UTC(), //默认是10年
NotAfter: now.Add(duration365d * 100).UTC(), //改为100年编译
make WHAT=cmd/kubeadm GOFLAGS=-v得到可执行文件路径如下
_output/bin/kubeadm然后使用此kubeadm 启动集群
检查证书过期时间
kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-co
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY
admin.conf Feb 18, 2033 06:27 UTC 9y ca no
apiserver Feb 18, 2033 06:27 UTC 9y ca no
apiserver-etcd-client Feb 18, 2033 06:27 UTC 9y etcd-ca no
apiserver-kubelet-client Feb 18, 2033 06:27 UTC 9y ca no
controller-manager.conf Feb 18, 2033 06:27 UTC 9y ca no
etcd-healthcheck-client Feb 18, 2033 06:27 UTC 9y etcd-ca no
etcd-peer Feb 18, 2033 06:27 UTC 9y etcd-ca no
etcd-server Feb 18, 2033 06:27 UTC 9y etcd-ca no
front-proxy-client Feb 18, 2033 06:27 UTC 9y front-proxy-ca no
scheduler.conf Feb 18, 2033 06:27 UTC 9y ca no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Jan 28, 2123 06:27 UTC 99y no
etcd-ca Jan 28, 2123 06:27 UTC 99y no
front-proxy-ca Jan 28, 2123 06:27 UTC 99y no