k8s_version="v1.25.15"
git clone --depth=1 -b ${k8s_version} https://github.com/kubernetes/kubernetes.git
或者自己找源码下载:https://github.com/kubernetes/kubernetes/tags
改为100年:
sed -i 's/CertificateValidity = time.Hour \* 24 \* 365$/CertificateValidity = time.Hour \* 24 \* 365 \* 100/' ./cmd/kubeadm/app/constants/constants.go
sed -i 's/now.Add(duration365d \* 10)/now.Add(duration365d \* 100)/g' ./staging/src/k8s.io/client-go/util/cert/cert.go
查看改之后的变化:
[root@kubernetes]# git diff
diff --git a/cmd/kubeadm/app/constants/constants.go b/cmd/kubeadm/app/constants/constants.go
index f316b9db8ce..9cc62f38d21 100644
--- a/cmd/kubeadm/app/constants/constants.go
+++ b/cmd/kubeadm/app/constants/constants.go
@@ -46,7 +46,7 @@ const (
// CertificateBackdate defines the offset applied to notBefore for CA certificates generated by kubeadm
CertificateBackdate = time.Minute * 5
// CertificateValidity defines the validity for all the signed certificates generated by kubeadm
- CertificateValidity = time.Hour * 24 * 365
+ CertificateValidity = time.Hour * 24 * 365 * 100
// DefaultCertificateDir defines default certificate directory
DefaultCertificateDir = "pki"
diff --git a/staging/src/k8s.io/client-go/util/cert/cert.go b/staging/src/k8s.io/client-go/util/cert/cert.go
index 91e171271af..8c7c914618b 100644
--- a/staging/src/k8s.io/client-go/util/cert/cert.go
+++ b/staging/src/k8s.io/client-go/util/cert/cert.go
@@ -77,7 +77,7 @@ func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, erro
},
DNSNames: []string{cfg.CommonName},
NotBefore: notBefore,
- NotAfter: now.Add(duration365d * 10).UTC(),
+ NotAfter: now.Add(duration365d * 100).UTC(),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
IsCA: true,
docker pull "registry.k8s.io/build-image/kube-cross:$(cat ./build/build-image/cross/VERSION)"
mkdir -p ~/.docker/cli-plugins
wget https://github.com/docker/buildx/releases/download/v0.11.2/buildx-v0.11.2.linux-amd64 -O ~/.docker/cli-plugins/docker-buildx
chmod +x ~/.docker/cli-plugins/docker-buildx
bash build/run.sh make kubeadm
查看编译好的kubeadm版本:
_output/dockerized/bin/linux/amd64/kubeadm version
把编译好的kubeadm,覆盖原有的,然后执行:
kubeadm certs renew all