Article Directory
1. Centennial kubeadm
1.1 Source code modification
- Source code download
cd /usr/local/src/
git clone -b release-1.15 https://github.com/kubernetes/kubernetes.git
- Confirm the branch again
cd kubernetes
git branch -a
- Modify cert.go
vim ./staging/src/k8s.io/client-go/util/cert/cert.go
NotBefore: now.UTC(),
#修改下边的10为100
NotAfter: now.Add(duration365d * 10).UTC(),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
IsCA:
- Modify constants.go
vim ./cmd/kubeadm/app/constants/constants.go
// CertificateValidity defines the validity for all the signed certificates generated by kubeadm
#将下边time.Hour * 100
CertificateValidity = time.Hour * 24 * 365
The modification is as follows:
vim ./cmd/kubeadm/app/constants/constants.go
// CertificateValidity defines the validity for all the signed certificates generated by kubeadm
CertificateValidity = time.Hour * 24 * 365 * 100
1.2 Prepare to mirror
docker pull mirrorgooglecontainers/kube-cross:v1.12.10-1
Officially provided compiled image, just get it on the server anyway
1.3 compile
docker run --rm -it -v /usr/local/src/k8s.io/kubernetes:/go/src/k8s.io/kubernetes \
mirrorgooglecontainers/kube-cross:v1.12.10-1 bash
cd /go/src/k8s.io/kubernetes
make all WHAT=cmd/kubeadm GOFLAGS=-v
exit
1.4 Finished product backup
-
Finished product location
The compiled finished product is in: _output/local/bin/linux/amd64/kubeadm -
Finished product test
cp _output/local/bin/linux/amd64/kubeadm /usr/bin/
chmod a+x /usr/bin/kubeadm
kubeadm version
- Cost saving
has been uploaded to the ftp server, ftp://10.252.97.213/soft/kubeadm
2. Generate a certificate
2.1 master master node
- Copy the previously prepared kubeadm to the server
cd /usr/local/src
wget ftp://10.252.97.213/soft/kubeadm
- Replace the original kubeadm file
cp /usr/bin/kubeadm /usr/bin/kubeadm_back
cp /usr/local/src/kubeadm /usr/bin/kubeadm
chmod 755 /usr/bin/kubeadm
- Backup configuration files and certificates
cp -ra /etc/kubernetes /etc/kubernetes_back
- View certificate expiration time
kubeadm alpha certs check-expiration
- Update certificates and configuration files
kubeadm alpha certs renew all
- Confirm certificate expiration time
[root@AiK8sM2 ~]# kubeadm alpha certs check-expiration
CERTIFICATE EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
admin.conf Apr 03, 2120 06:46 UTC 99y no
apiserver Apr 03, 2120 09:36 UTC 99y no
apiserver-etcd-client Apr 03, 2120 09:36 UTC 99y no
apiserver-kubelet-client Apr 03, 2120 09:36 UTC 99y no
controller-manager.conf Apr 03, 2120 09:36 UTC 99y no
etcd-healthcheck-client Apr 03, 2120 09:36 UTC 99y no
etcd-peer Apr 03, 2120 09:36 UTC 99y no
etcd-server Apr 03, 2120 09:36 UTC 99y no
front-proxy-client Apr 03, 2120 06:47 UTC 99y no
scheduler.conf Apr 03, 2120 09:36 UTC 99y no
- restart docker
Description: Mainly to restart proxy and etcd
service docker restart
- restart kubelet
service kubelet restart
2.2 Other master nodes
- Copy 100 years of kubeadmin files
- Copy the previously prepared kubeadm to the server
cd /usr/local/src
wget ftp://10.252.97.213/soft/kubeadm
- Replace the original kubeadm file
cp /usr/bin/kubeadm /usr/bin/kubeadm_back
cp /usr/local/src/kubeadm /usr/bin/kubeadm
chmod 755 /usr/bin/kubeadm
- Backup configuration files and certificates
cp -ra /etc/kubernetes /etc/kubernetes_back
- View certificate expiration time
kubeadm alpha certs check-expiration
- Update certificates and configuration files
kubeadm alpha certs renew all
- Confirm certificate expiration time
[root@AiK8sM2 ~]# kubeadm alpha certs check-expiration
CERTIFICATE EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
admin.conf Apr 03, 2120 06:46 UTC 99y no
apiserver Apr 03, 2120 09:36 UTC 99y no
apiserver-etcd-client Apr 03, 2120 09:36 UTC 99y no
apiserver-kubelet-client Apr 03, 2120 09:36 UTC 99y no
controller-manager.conf Apr 03, 2120 09:36 UTC 99y no
etcd-healthcheck-client Apr 03, 2120 09:36 UTC 99y no
etcd-peer Apr 03, 2120 09:36 UTC 99y no
etcd-server Apr 03, 2120 09:36 UTC 99y no
front-proxy-client Apr 03, 2120 06:47 UTC 99y no
scheduler.conf Apr 03, 2120 09:36 UTC 99y no
- Copy the certificate file from master-01
Copy the certificate from master01
ssh 10.251.137.187 "mkdir -p /etc/kubernetes/pki/etcd"
ssh 10.251.137.188 "mkdir -p /etc/kubernetes/pki/etcd"
scp -r /etc/kubernetes/admin.conf 10.251.137.187:/etc/kubernetes/admin.conf
scp -r /etc/kubernetes/admin.conf 10.251.137.188:/etc/kubernetes/admin.conf
scp -r /etc/kubernetes/pki/{
ca.*,sa.*,front*} 10.251.137.187:/etc/kubernetes/pki/
scp -r /etc/kubernetes/pki/{
ca.*,sa.*,front*} 10.251.137.188:/etc/kubernetes/pki/
scp -r /etc/kubernetes/pki/etcd/ca.* 10.251.137.187:/etc/kubernetes/pki/etcd/
scp -r /etc/kubernetes/pki/etcd/ca.* 10.251.137.188:/etc/kubernetes/pki/etcd/
- restart docker
Description: Mainly to restart proxy and etcd
service docker restart
- restart kubelet
service kubelet restart