更改k8s集群证书有效期时间

场景：k8s默认证书有效期为1年，时间太短，更改为100年

实现

kubeadm alpha certs check-expiration   检查各组件证书的有效期时间

 # wget https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.17.9.zip

 # unzip v1.17.9.zip && cd  kubernetes-1.17.9

 # vim cmd/kubeadm/app/util/pkiutil/pki_helpers.go

 546 后添加下行   const effectyear = time.Hour * 24 * 365 * 100

 注释568行

 后添加： NotAfter:     time.Now().Add(effectyear).UTC(),   // 修改行

 #  make WHAT=cmd/kubeadm GOFLAGS=-v

 # cp _output/bin/kubeadm /root/kubeadm-new

 # mv /usr/local/bin/kubeadm  /usr/local/bin/kubeadm.old

 # mv /root/kubeadm-new  /usr/local/bin/kubeadm

 # cp -r /etc/kubernetes/pki /etc/kubernetes/pki.old

 # cd /etc/kubernetes/pki

 # kubeadm alpha certs renew all --config=/etc/kubernetes/kubeadm-config.yaml

 # kubeadm alpha certs check-expiration  检查各证书的时间是否已更改  或 for i in $(ls *.crt); do echo "===== $i ====="; openssl x509 -in $i -text -noout | grep -A 3 'Validity' ; done

 vim zhengshu.sh

 #!/bin/bash

 for host in${172.16.32.11,172.16.32.5}; do

     scp -r  /etc/kubernetes/pki@$host:/etc/kubernetes

     scp /etc/kubernetes/admin.conf   $host:/etc/kubernetes

 Done

 参考文档：https://www.cnblogs.com/shetao/p/14339460.html

                   https://blog.csdn.net/qq_43164571/article/details/113930537