// 就是这个常量定义CertificateValidity,改成*100年 (sysin) const ( // KubernetesDir is the directory Kubernetes owns for storing various configuration files KubernetesDir = "/etc/kubernetes" // ManifestsSubDirName defines directory name to store manifests ManifestsSubDirName = "manifests" // TempDirForKubeadm defines temporary directory for kubeadm // should be joined with KubernetesDir. TempDirForKubeadm = "tmp"
// CertificateValidity defines the validity for all the signed certificates generated by kubeadm // CertificateValidity = time.Hour * 24 * 365 CertificateValidity = time.Hour * 24 * 365 * 100
// CACertAndKeyBaseName defines certificate authority base name CACertAndKeyBaseName = "ca" // CACertName defines certificate name CACertName = "ca.crt" // CAKeyName defines certificate name CAKeyName = "ca.key"
[check-expiration] Reading configuration from the cluster... [check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED admin.conf Aug 08, 2120 05:35 UTC 99y no apiserver Aug 08, 2120 05:35 UTC 99y ca no apiserver-etcd-client Aug 08, 2120 05:35 UTC 99y etcd-ca no apiserver-kubelet-client Aug 08, 2120 05:35 UTC 99y ca no controller-manager.conf Aug 08, 2120 05:35 UTC 99y no etcd-healthcheck-client Aug 08, 2120 05:35 UTC 99y etcd-ca no etcd-peer Aug 08, 2120 05:35 UTC 99y etcd-ca no etcd-server Aug 08, 2120 05:35 UTC 99y etcd-ca no front-proxy-client Aug 08, 2120 05:35 UTC 99y front-proxy-ca no scheduler.conf Aug 08, 2120 05:35 UTC 99y no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED ca Aug 08, 2120 05:35 UTC 99y no etcd-ca Aug 08, 2120 05:35 UTC 99y no front-proxy-ca Aug 08, 2120 05:35 UTC 99y no
续订证书,查看可以使用的参数
1 2 3 4 5 6 7 8 9 10 11 12 13
kubeadm alpha certs renew --help Available Commands: admin.conf Renew the certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself all Renew all available certificates apiserver Renew the certificate for serving the Kubernetes API apiserver-etcd-client Renew the certificate the apiserver uses to access etcd apiserver-kubelet-client Renew the certificate for the API server to connect to kubelet controller-manager.conf Renew the certificate embedded in the kubeconfig file for the controller manager to use etcd-healthcheck-client Renew the certificate for liveness probes to healthcheck etcd etcd-peer Renew the certificate for etcd nodes to communicate with each other etcd-server Renew the certificate for serving etcd front-proxy-client Renew the certificate for the front proxy client scheduler.conf Renew the certificate embedded in the kubeconfig file for the scheduler manager to use