k8s v1.20.9编译kubeadmin方法延期证书10年时间

1，这里使用一个master节点演示，延期证书操作方法。

2，查看kubectl,kubeadmin的相关版本。

[root@centos34 ~]#  kubectl get nodes
NAME       STATUS   ROLES                  AGE   VERSION

centos34   Ready    control-plane,master   27m   v1.20.9

[root@centos34 ~]#  kubectl version
Client Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.9", GitCommit:"7a576bc3935a6b555e33346fd73ad77c925e9e4a", GitTreeState:"clean", BuildDate:"2021-07-15T21:01:38Z", GoVersion:"go1.15.14", Compiler:"gc", Platform:"linux/amd64"}

Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.9", GitCommit:"7a576bc3935a6b555e33346fd73ad77c925e9e4a", GitTreeState:"clean", BuildDate:"2021-07-15T20:56:38Z", GoVersion:"go1.15.14", Compiler:"gc", Platform:"linux/amd64"}

[root@centos34 ~]# /usr/bin/kubeadm version
kubeadm version: &version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.9", GitCommit:"7a576bc3935a6b555e33346fd73ad77c925e9e4a", GitTreeState:"clean", BuildDate:"2021-07-15T21:00:30Z", GoVersion:"go1.15.14", Compiler:"gc", Platform:"linux/amd64"}
[root@centos34 ~]#

3，可以看出来使用的kubernetes v1.20.9，golang环境是1.15.14。

4，到官网下载最新版本的go语言包，并安装到/usr/local/go目录。

    wget https://studygolang.com/dl/golang/go1.17.7.linux-amd64.tar.gz

    tar -zxvf go1.17.7.linux-amd64.tar.gz -C /usr/local/

5，然后给系统添加go相关PATH信息，并全局系统加载环境变量
  echo "export PATH=$PATH:/usr/local/go/bin"  >> /etc/profile
  source /etc/profile

  [root@centos34 ~]# go version
go version go1.17.7 linux/amd64

6，github官网上下载对应版本的kubernetes源码包并解压软件包。

  wget https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.20.9.tar.gz
 
  tar -zxvf v1.20.9.tar.gz

7，修改两个文件中的日期信息，修改成10年。

   vi kubernetes-1.20.9/cmd/kubeadm/app/constants/constants.go

   vi kubernetes-1.20.9/staging/src/k8s.io/client-go/util/cert/cert.go

   找到文件中的内容，修改成如下：

 const duration365d = time.Hour * 24 * 365 * 10

8，编译生成kubeadmin相关执行程序。

需要先安装编译依赖软件，并修改目录权限。

   yum install automake make rsync -y

   chmod -R 777 kubernetes-1.20.9/
   cd kubernetes-1.20.9/
   make WHAT=cmd/kubeadm GOFLAGS=-v
  

[root@centos34 ~]# cd /opt/kubernetes-1.20.9/

[root@centos34 kubernetes-1.20.9]# ls _output/bin/
conversion-gen  deepcopy-gen  defaulter-gen  go2make  go-bindata  kubeadm  openapi-gen  prerelease-lifecycle-gen

9，备份kubeadmin与pki目录，然后将新生成的kubeadmin复制到目录。
   cp /usr/bin/kubeadm /usr/bin/kubeadm.20220219
   cp _output/bin/kubeadm /usr/bin/
   cd /etc/kubernetes/
   cp -R pki pki.20220219

10，证书更新。结果告诉你，需要重启那些服务，证书才生效。

  [root@centos34 ~]#  kubeadm certs renew all

 
[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
 
certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed
 
Done renewing certificates. You must restart the kube-apiserver, kube-controller-manager, kube-scheduler and etcd, so that they can use the new certificates.

11，重启kube-apiserver,kube-controller,kube-scheduler,etcd

这4个容器：

docker ps | grep -v pause | grep -E "etcd|scheduler|controller|apiserver" | awk '{print $1}' | awk '{print "docker","restart",$1}' | bash

或者重启docker

12，查看证书过期时间，已经显示还有10年时间。