编译 kubeadm 99年证书

# wget -c https://go.dev/dl/go1.22.2.linux-amd64.tar.gz && rm -rf  /usr/local/go
wget -c https://golang.google.cn/dl/go1.22.2.linux-amd64.tar.gz  && rm -rf  /usr/local/go
tar zxf go1.22.2.linux-amd64.tar.gz -C /usr/local/
go version
go version go1.22.2 linux/amd64

 
vim /etc/profile
export GOROOT=/usr/local/go
export PATH=$PATH:/usr/local/go/bin
export GOPATH=/go
 

apt-get install gcc automake autoconf libtool make rsync

yum install gcc automake autoconf libtool make rsync

go version
go version go1.22.2 linux/amd64


wget -c https://github.com/kubernetes/kubernetes/archive/refs/tags/v1.26.8.zip  -O k8s-v1.26.8.zip
unzip k8s-v1.26.8.zip
cd k8s-v1.26.8/kubernetes-1.26.8


version=1.28.2
wget -c https://github.com/kubernetes/kubernetes/archive/refs/tags/v$version.tar.gz -O k8s-v$version.tgz
tar zxf  k8s-v$version.tgz
cd kubernetes-$version


version=1.30.0
wget -c https://github.com/kubernetes/kubernetes/archive/refs/tags/v$version.tar.gz -O k8s-v$version.tgz
tar zxf  k8s-v$version.tgz
cd kubernetes-$version

## 修改这两个文件即可
cp  cmd/kubeadm/app/constants/constants.go  cmd/kubeadm/app/constants/constants.go.origin
cp  staging/src/k8s.io/client-go/util/cert/cert.go  staging/src/k8s.io/client-go/util/cert/cert.go.origin
sed -i 's/= time.Hour/= 100 * time.Hour/g'  cmd/kubeadm/app/constants/constants.go
sed -i -e 's/duration365d \* 10)/duration365d * 100)/g'  -e 's/maxAge := time.Hour/maxAge := 100 * time.Hour/g' -e 's/maxAge = time.Hour/maxAge = 100 * time.Hour/g'  staging/src/k8s.io/client-go/util/cert/cert.go

grep '= 100 \* time.Hour' cmd/kubeadm/app/constants/constants.go    # 1处
grep '= 100 \* time.Hour' staging/src/k8s.io/client-go/util/cert/cert.go     #  2处
grep 'duration365d \* 100'  staging/src/k8s.io/client-go/util/cert/cert.go  # 1处

# 编译 
go env -w GO111MODULE=on
go env -w GOPROXY=https://goproxy.cn,direct

time make WHAT=cmd/kubeadm KUBE_BUILD_PLATFORMS=linux/amd64
time make WHAT=cmd/kubeadm KUBE_BUILD_PLATFORMS=linux/arm64
md5sum _output/local/bin/linux/amd64/kubeadm
md5sum _output/local/bin/linux/arm64/kubeadm

# 编译 kubectl kube-apiserver  kubelet 
time make WHAT=cmd/kubectl KUBE_BUILD_PLATFORMS=linux/amd64
time make WHAT=cmd/kubectl KUBE_BUILD_PLATFORMS=linux/arm64

time make WHAT=cmd/kube-apiserver KUBE_BUILD_PLATFORMS=linux/amd64
time make WHAT=cmd/kube-apiserver KUBE_BUILD_PLATFORMS=linux/arm64

time  make WHAT=cmd/kubelet KUBE_BUILD_PLATFORMS=linux/amd64
time  make WHAT=cmd/kubelet KUBE_BUILD_PLATFORMS=linux/arm64

# 编译 kubelet 需要 
yum install -y gcc-aarch64-linux-gnu


_output/local/bin/linux/amd64/kubeadm version

kubeadm version: &version.Info{Major:"1", Minor:"30", GitVersion:"v1.30.0", GitCommit:"7c48c2bd72b9bf5c44d21d7338cc7bea77d0ad2a", GitTreeState:"archive", BuildDate:"2024-04-30T12:40:56Z", GoVersion:"go1.22.2", Compiler:"gc", Platform:"linux/amd64"}

mkdir -p kubeadm1.30.0y99/arm64  kubeadm1.30.0y99/amd64 
\cp -f _output/local/bin/linux/amd64/kubeadm kubeadm1.30.0y99/amd64
\cp -f _output/local/bin/linux/arm64/kubeadm kubeadm1.30.0y99/arm64
tar czfv kubeadm1.30.0y99.tgz kubeadm1.30.0y99


# sed -i 's/365$/36500/g' cmd/kubeadm/app/constants/constants.go
#sed -i 's/duration365d \* 10)/duration365d * 100)/g'  ‘s/maxAge := 100 * time.Hour * 24 * 365/maxAge := time.Hour * 24 * 365/g’  staging/src/k8s.io/client-go/util/cert/cert.go
---
或自动打patch

cat > kubeadm-y99.patch <<EOF
--- cmd/kubeadm/app/constants/constants.go       2023-09-11 02:16:02.069251723 +0800
+++ cmd/kubeadm/app/constants/constants.go      2023-09-11 02:36:27.965169914 +0800
@@ -48,7 +48,7 @@ const (
        // CertificateBackdate defines the offset applied to notBefore for CA certificates generated by kubeadm
        CertificateBackdate = time.Minute * 5
        // CertificateValidity defines the validity for all the signed certificates generated by kubeadm
-       CertificateValidity = time.Hour * 24 * 365
+       CertificateValidity = time.Hour * 24 * 365 * 100
 
        // DefaultCertificateDir defines default certificate directory
        DefaultCertificateDir = "pki"
--- staging/src/k8s.io/client-go/util/cert/cert.go       2023-09-11 02:22:06.077237127 +0800
+++ staging/src/k8s.io/client-go/util/cert/cert.go      2023-09-11 02:38:01.553161287 +0800
@@ -77,7 +77,7 @@ func NewSelfSignedCACert(cfg Config, key
                },
                DNSNames:              []string{cfg.CommonName},
                NotBefore:             notBefore,
-               NotAfter:              now.Add(duration365d * 10).UTC(),
+               NotAfter:              now.Add(duration365d * 100).UTC(),
                KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
                BasicConstraintsValid: true,
                IsCA:                  true,

EOF

patch -p0 < kubeadm-y99.patch

# 手动修改
vi cmd/kubeadm/app/constants/constants.go
CertificateValidity = time.Hour * 24 * 365
CertificateValidity = 100 * time.Hour * 24 * 365

vi staging/src/k8s.io/client-go/util/cert/cert.go
NotAfter:              now.Add(duration365d * 10).UTC(),
NotAfter:              now.Add(duration365d * 100).UTC(),

vi staging/src/k8s.io/client-go/util/cert/cert.go
maxAge := time.Hour * 24 * 365 
maxAge := 100 * time.Hour * 24 * 365 

# 制作 patch
diff -up cmd/kubeadm/app/constants/constants.go.origin cmd/kubeadm/app/constants/constants.go > kubeadm-y99p.patch
diff -up staging/src/k8s.io/client-go/util/cert/cert.go.origin staging/src/k8s.io/client-go/util/cert/cert.go >> kubeadm-y99p.patch


补充说明:API 接口也有一个1年有效期的硬编码,以上修改也修复了 https://github.com/kubernetes/kubernetes/issues/86552
staging/src/k8s.io/client-go/util/cert/cert.go
maxAge := time.Hour * 24 * 365
最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
平台声明:文章内容(如有图片或视频亦包括在内)由作者上传并发布,文章内容仅代表作者本人观点,简书系信息发布平台,仅提供信息存储服务。

推荐阅读更多精彩内容