获取源码
k8s_version="v1.27.6"
git clone --depth=1 -b ${k8s_version} https://github.com/kubernetes/kubernetes.git
修改源码
sed -i 's/CertificateValidity = time.Hour \* 24 \* 365$/CertificateValidity = time.Hour \* 24 \* 365 \* 100/' ./cmd/kubeadm/app/constants/constants.go
sed -i 's/now.Add(duration365d \* 10)/now.Add(duration365d \* 100)/g' ./staging/src/k8s.io/client-go/util/cert/cert.go
git diff
[root@rocky kubernetes]# git diff
diff --git a/cmd/kubeadm/app/constants/constants.go b/cmd/kubeadm/app/constants/constants.go
index f316b9db8ce..9cc62f38d21 100644
--- a/cmd/kubeadm/app/constants/constants.go
+++ b/cmd/kubeadm/app/constants/constants.go
@@ -46,7 +46,7 @@ const (
// CertificateBackdate defines the offset applied to notBefore for CA certificates generated by kubeadm
CertificateBackdate = time.Minute * 5
// CertificateValidity defines the validity for all the signed certificates generated by kubeadm
- CertificateValidity = time.Hour * 24 * 365
+ CertificateValidity = time.Hour * 24 * 365 * 100
// DefaultCertificateDir defines default certificate directory
DefaultCertificateDir = "pki"
diff --git a/staging/src/k8s.io/client-go/util/cert/cert.go b/staging/src/k8s.io/client-go/util/cert/cert.go
index 91e171271af..8c7c914618b 100644
--- a/staging/src/k8s.io/client-go/util/cert/cert.go
+++ b/staging/src/k8s.io/client-go/util/cert/cert.go
@@ -77,7 +77,7 @@ func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, erro
},
DNSNames: []string{cfg.CommonName},
NotBefore: notBefore,
- NotAfter: now.Add(duration365d * 10).UTC(),
+ NotAfter: now.Add(duration365d * 100).UTC(),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
IsCA: true,
拉取编译镜像
K8S_IMG="k8s.gcr.io/kube-cross:$(cat ./build/build-image/cross/VERSION)"
docker pull $K8S_IMG
编译
cd build/ && ./run.sh make kubeadm