kubeadm customized development, to extend the certificate

kubernetes offline installation package, only three steps

Modify kubeadm certificate expiration time

By modifying the source code to make kubeadm kubeadm default expiration time of year certificate changed to 99 years

I have compiled a good one on the github on, there is a need may direct

Instructions:

[root@dev-86-202 ~]# chmod +x kubeadm && cp kubeadm /usr/bin
[root@dev-86-202 ~]# rm /etc/kubernetes/pki/ -rf
[root@dev-86-202 ~]# kubeadm alpha phase certs all --config  kube/conf/kubeadm.yaml

Update kubeconfig

[root@dev-86-202 ~]# rm -rf /etc/kubernetes/*conf
[root@dev-86-202 ~]# kubeadm alpha phase kubeconfig all --config ~/kube/conf/kubeadm.yaml
[root@dev-86-202 ~]# cp /etc/kubernetes/admin.conf ~/.kube/config

verification:

$ cd /etc/kubernetes/pki
$ openssl x509 -in apiserver-etcd-client.crt -text -noout
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4701787282062078235 (0x41401a9f34c2711b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=etcd-ca
        Validity
            Not Before: Nov 22 11:58:50 2018 GMT
            Not After : Oct 29 11:58:51 2117 GMT   # 时间已经变成99年了

Similarly other certificate validation

Code compilation

I've put a mirror compiler environment on the dockerhub: fanux / kubernetes-build: v1.0.0

First clone k8s Code:

git clone https://github.com/kubernetes/kubernetes

Compile the mirror mount

docker run --rm -v yourcodedir:/go/src/k8s.io/kubernetes -it fanux/kubernetes-build:v1.0.0 bash
# cd /go/src/k8s.io/kubernetes
# make all WHAT=cmd/kubeadm GOFLAGS=-v

Compiled product at _output / local / bin / linux / amd64 / kubeadm directory

Modify the code

In fact, in the time code certificate client-go inside, files are:

vendor/k8s.io/client-go/util/cert/cert.go

Then see this NotAfter gave changed to:

NotAfter:  validFrom.Add(duration365d * longYear)

I am here longYear = 99

Then compile the completed

Finally paste the small ads in the code:

func main() {
    if err := app.Run(); err != nil {
        fmt.Fprintf(os.Stderr, "error: %v\n", err)
        os.Exit(1)
    }
    fmt.Println("*************************************************")
    fmt.Println("****         www.sealyun.com                  ***")
    fmt.Println("****         kubernetes install in 3 steps    ***")
    fmt.Println("****         provide by fanux                 ***")
    fmt.Println("*************************************************")
    os.Exit(0)
}

perfect

Scan code concern sealyun investigate can add QQ group: 98,488,045