使用kubeadm部署k8s集群默认证书是一年期限,每年需要更换
可通过设置调整成100年期限
检查证书过期时间
# For kubeadm provisioned clusters
kubeadm certs check-expiration
# For all clusters
cd /etc/kubernetes/pki
openssl x509 -noout -dates -in /etc/kubernetes/pki/apiserver.crt
查看当前证书时间
for item in `find /etc/kubernetes/pki -maxdepth 2 -name "*.crt"`;do openssl x509 -in $item -text -noout| grep Not;echo ======================$item===================;done
kubeadm certs check-expiration
克隆并修改源码
git clone -b v1.24.0 --depth=1 https://github.com/kubernetes/kubernetes.git
git clone -b v1.24.0 --depth=1 https://hub.fastgit.xyz/kubernetes/kubernetes.git
sed -ri 's#time.Hour \* 24 \* 365#time.Hour \* 24 \* 365 \* 100#' ~/kubernetes/cmd/kubeadm/app/constants/constants.go
time.Hour * 24 * 365 默认一年
time.Hour * 24 * 365 * 100 换成100年