下载源码
1
2
3
4
5
6
7
8
9
10
|
分别以v1.14.0和v1.15.1为例
下载v1.14.0
[root@kube-mas ~]# yum -y install git
[root@kube-mas ~]# git clone --branch v1.14.0 --depth 1 https://gitee.com/mirrors/Kubernetes.git
--branch 制定tag或分支
--depth 1 表示--single-branch,因此不会将其他分支的任何信息带到克隆的存储库中
下载v1.15.1
[root@k8s-mas ~]# git clone --branch v1.15.1 --depth 1 https://gitee.com/mirrors/Kubernetes.git
|
修改源码
kubernetes-v1.14.0版本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
[root@kube-mas ~]# vim Kubernetes/cmd/kubeadm/app/util/pkiutil/pki_helpers.go
查找函数名NewSignedCert,可以找到如下函数
func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error) {
serial, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64))
if err != nil {
return nil, err
}
if len(cfg.CommonName) == 0 {
return nil, errors.New("must specify a CommonName")
}
if len(cfg.Usages) == 0 {
return nil, errors.New("must specify at least one ExtKeyUsage")
}
certTmpl := x509.Certificate{
Subject: pkix.Name{
CommonName: cfg.CommonName,
Organization: cfg.Organization,
},
DNSNames: cfg.AltNames.DNSNames,
IPAddresses: cfg.AltNames.IPs,
SerialNumber: serial,
NotBefore: caCert.NotBefore,
NotAfter: time.Now().Add(duration365d).UTC(),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: cfg.Usages,
}
certDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &certTmpl, caCert, key.Public(), caKey)
if err != nil {
return nil, err
}
return x509.ParseCertificate(certDERBytes)
}
|
重点关注NotAfter 终止日期
NotAfter: time.Now().Add(duration365d).UTC()
从这句源码可以看出终止日期是在当前时间 + duration365d这个变量的时间。
找到了变量那我们继续在当前文件查找,看能不能找到这个变量
1
2
3
4
5
6
7
8
9
10
11
12
|
const (
// PrivateKeyBlockType is a possible value for pem.Block.Type.
PrivateKeyBlockType = "PRIVATE KEY"
// PublicKeyBlockType is a possible value for pem.Block.Type.
PublicKeyBlockType = "PUBLIC KEY"
// CertificateBlockType is a possible value for pem.Block.Type.
CertificateBlockType = "CERTIFICATE"
// RSAPrivateKeyBlockType is a possible value for pem.Block.Type.
RSAPrivateKeyBlockType = "RSA PRIVATE KEY"
rsaKeySize = 2048
duration365d = time.Hour * 24 * 365
)
|
从这段代码可以看到duration365d变量就是代表一年,所以只要修改这个变量即可
1
|
duration365d = time.Hour * 24 * 365 * 100
|
kubernetes-v1.15.1版本
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
[root@kube-mas ~]# vim Kubernetes/cmd/kubeadm/app/util/pkiutil/pki_helpers.go
查找函数名NewSignedCert,可以找到如下函数
func NewSignedCert(cfg *certutil.Config, key crypto.Signer, caCert *x509.Certificate, caKey crypto.Signer) (*x509.Certificate, error) {
serial, err := cryptorand.Int(cryptorand.Reader, new(big.Int).SetInt64(math.MaxInt64))
if err != nil {
return nil, err
}
if len(cfg.CommonName) == 0 {
return nil, errors.New("must specify a CommonName")
}
if len(cfg.Usages) == 0 {
return nil, errors.New("must specify at least one ExtKeyUsage")
}
certTmpl := x509.Certificate{
Subject: pkix.Name{
CommonName: cfg.CommonName,
Organization: cfg.Organization,
},
DNSNames: cfg.AltNames.DNSNames,
IPAddresses: cfg.AltNames.IPs,
SerialNumber: serial,
NotBefore: caCert.NotBefore,
NotAfter: time.Now().Add(kubeadmconstants.CertificateValidity).UTC(),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: cfg.Usages,
}
certDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &certTmpl, caCert, key.Public(), caKey)
if err != nil {
return nil, err
}
return x509.ParseCertificate(certDERBytes)
}
|
和v1.14.0版本不同的是这里的变量是kubeadmconstants.CertificateValidity
在当前文件并没有此变量,可以通过find命令查找
1
2
3
4
5
6
7
|
[root@k8s-mas ~]# find Kubernetes/cmd/kubeadm/app/ -type f |xargs grep CertificateValidity
Kubernetes/cmd/kubeadm/app/constants/constants.go: // CertificateValidity defines the validity for all the signed certificates generated by kubeadm
Kubernetes/cmd/kubeadm/app/constants/constants.go: CertificateValidity = time.Hour * 24 * 365
Kubernetes/cmd/kubeadm/app/util/pkiutil/pki_helpers.go: NotAfter: time.Now().Add(kubeadmconstants.CertificateValidity).UTC(),
修改源码
[root@k8s-mas ~]# vim Kubernetes/cmd/kubeadm/app/constants/constants.go
CertificateValidity = time.Hour * 24 * 365 * 100
|
打包编译
官网原来有提供一个k8s.gcr.io/kube-cross的容器用于对代码做编译。
1
2
3
4
5
|
[root@kube-mas ~]# docker pull mirrorgooglecontainers/kube-cross:v1.12.10-1
[root@kube-mas ~]# docker run --rm -it -v /root/Kubernetes/:/go/src/k8s.io/kubernetes mirrorgooglecontainers/kube-cross:v1.12.10-1 bash
root@f6cc27e6ff7e:/go# cd /go/src/k8s.io/kubernetes
# 编译kubeadm, 这里主要编译kubeadm 即可
root@f6cc27e6ff7e:/go/src/k8s.io/kubernetes# make all WHAT=cmd/kubeadm GOFLAGS=-v
|
编译成功后,可以退出容器,能看到挂载路径中已经有编译好的kubeadm
路径./_output/local/bin/linux/amd64/kubeadm
1
2
3
4
|
[root@kube-mas ~]# which kubeadm
/usr/bin/kubeadm
[root@kube-mas ~]# mv /usr/bin/kubeadm{,.bak}
[root@kube-mas ~]# cp Kubernetes/_output/local/bin/linux/amd64/kubeadm /usr/bin/
|