Loading

k8s kubeadm编译修改证书默认期限

获取源码

k8s_version="v1.27.6"
git clone --depth=1 -b ${k8s_version} https://github.com/kubernetes/kubernetes.git

修改源码

sed -i 's/CertificateValidity = time.Hour \* 24 \* 365$/CertificateValidity = time.Hour \* 24 \* 365 \* 100/' ./cmd/kubeadm/app/constants/constants.go
sed -i 's/now.Add(duration365d \* 10)/now.Add(duration365d \* 100)/g' ./staging/src/k8s.io/client-go/util/cert/cert.go

git diff

[root@rocky kubernetes]# git diff
diff --git a/cmd/kubeadm/app/constants/constants.go b/cmd/kubeadm/app/constants/constants.go
index f316b9db8ce..9cc62f38d21 100644
--- a/cmd/kubeadm/app/constants/constants.go
+++ b/cmd/kubeadm/app/constants/constants.go
@@ -46,7 +46,7 @@ const (
        // CertificateBackdate defines the offset applied to notBefore for CA certificates generated by kubeadm
        CertificateBackdate = time.Minute * 5
        // CertificateValidity defines the validity for all the signed certificates generated by kubeadm
-       CertificateValidity = time.Hour * 24 * 365
+       CertificateValidity = time.Hour * 24 * 365 * 100
 
        // DefaultCertificateDir defines default certificate directory
        DefaultCertificateDir = "pki"
diff --git a/staging/src/k8s.io/client-go/util/cert/cert.go b/staging/src/k8s.io/client-go/util/cert/cert.go
index 91e171271af..8c7c914618b 100644
--- a/staging/src/k8s.io/client-go/util/cert/cert.go
+++ b/staging/src/k8s.io/client-go/util/cert/cert.go
@@ -77,7 +77,7 @@ func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, erro
                },
                DNSNames:              []string{cfg.CommonName},
                NotBefore:             notBefore,
-               NotAfter:              now.Add(duration365d * 10).UTC(),
+               NotAfter:              now.Add(duration365d * 100).UTC(),
                KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
                BasicConstraintsValid: true,
                IsCA:                  true,

拉取编译镜像

docker pull "registry.k8s.io/build-image/kube-cross:$(cat ./build/build-image/cross/VERSION)"

安装buildx

mkdir -p ~/.docker/cli-plugins
wget https://github.com/docker/buildx/releases/download/v0.11.2/buildx-v0.11.2.linux-amd64 -O ~/.docker/cli-plugins/docker-buildx
chmod +x ~/.docker/cli-plugins/docker-buildx

编译

bash build/run.sh make kubeadm

查看

_output/dockerized/bin/linux/amd64/kubeadm version
posted @ 2023-10-17 15:12  小维江湖  阅读(155)  评论(0)    收藏  举报