1、go 环境部署
到go中文社区https://studygolang.com/下载对应版本的go语言包,配置go环境
cd /usr/local/src
wget https://studygolang.com/dl/golang/go1.14.1.linux-amd64.tar.gz
tar -zxvf go1.14.1.linux-amd64.tar.gz -C /usr/local
vi /etc/profile
export PATH=/usr/local/go/bin:$PATH
source /etc/profile
2、下载k8s源码
cd /data && git clone https://github.com/kubernetes/kubernetes.git
cd kubernetes && git checkout -b remotes/origin/release-1.15.1 v1.15.1 # 切换到v1.15.1分支
3、修改 Kubeadm 源码包更新证书策略
vim staging/src/k8s.io/client-go/util/cert/cert.go # kubeadm 1.14 版本之前
vim cmd/kubeadm/app/util/pkiutil/pki_helpers.go # kubeadm 1.14 至今
const duration365d = time.Hour * 24 * 365 * 10
NotAfter: time.Now().Add(duration365d).UTC()
make WHAT=cmd/kubeadm GOFLAGS=-v # 编译kubeadm
cp _output/bin/kubeadm /root/kubeadm-new
4、更新 kubeadm
# 将 kubeadm 进行替换
cp /usr/bin/kubeadm /usr/bin/kubeadm.old
cp /root/kubeadm-new /usr/bin/kubeadm
chmod a+x /usr/bin/kubeadm
5、更新各节点证书至 Master 节点
cp -r /etc/kubernetes/pki /etc/kubernetes/pki.old
cd /etc/kubernetes/pki
kubeadm alpha certs renew all
openssl x509 -in apiserver.crt -text -noout
6、节点证书更新
scp ca.crt k8s-node1:/etc/kubernetes/pki
scp ca.crt k8s-node2:/etc/kubernetes/pki