{"id":28960229,"url":"https://github.com/lework/kubeadm-certs","last_synced_at":"2026-04-18T05:09:05.890Z","repository":{"id":45511423,"uuid":"304198139","full_name":"lework/kubeadm-certs","owner":"lework","description":"kubeadm-certs sets the validity period of kubeadm certificate to 10 years. kubeadm-certs 将 kubeadm 的证书有效期设置为10年。","archived":false,"fork":false,"pushed_at":"2026-03-19T03:46:51.000Z","size":98,"stargazers_count":49,"open_issues_count":0,"forks_count":16,"subscribers_count":1,"default_branch":"master","last_synced_at":"2026-03-19T18:55:52.114Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/lework.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2020-10-15T03:19:47.000Z","updated_at":"2026-03-19T03:46:54.000Z","dependencies_parsed_at":"2023-02-15T15:31:04.270Z","dependency_job_id":"081ce52d-e715-432d-9a77-74d42bf9dcd2","html_url":"https://github.com/lework/kubeadm-certs","commit_stats":null,"previous_names":[],"tags_count":261,"template":false,"template_full_name":null,"purl":"pkg:github/lework/kubeadm-certs","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lework%2Fkubeadm-certs","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lework%2Fkubeadm-certs/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lework%2Fkubeadm-certs/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lework%2Fkubeadm-certs/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/lework","download_url":"https://codeload.github.com/lework/kubeadm-certs/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/lework%2Fkubeadm-certs/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31957158,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-18T00:39:45.007Z","status":"online","status_checked_at":"2026-04-18T02:00:07.018Z","response_time":103,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-06-24T01:10:52.826Z","updated_at":"2026-04-18T05:09:05.872Z","avatar_url":"https://github.com/lework.png","language":null,"funding_links":[],"categories":[],"sub_categories":[],"readme":"# kubeadm-certs\n\nkubeadm-certs 只将 kubeadm 的证书有效期设置为10年，未对源码做任何其他修改。编译脚本见 [.build.yml](.github/workflows/build.yml) , CI 见 \n[![Build](https://github.com/lework/kubeadm-certs/actions/workflows/build.yml/badge.svg?branch=master)](https://github.com/lework/kubeadm-certs/actions/workflows/build.yml)\n\n\n## go 版本\n\n\u003e [编译最低版本源文件](https://github.com/kubernetes/kubernetes/blob/f28b4c9efbca5c5c0af716d9f2d5702667ee8a45/hack/lib/golang.sh#L571)\n\n```bash\nv1.15.12 go1.12.1\nv1.16.15 go1.13.4\nv1.17.12 go1.13.4\nv1.18.9  go1.13.4\nv1.19.3  go1.15.0\nv1.20.0  go1.15.0\nv1.21.0  go1.16.0\nv1.22.0  go1.16.0\nv1.23.0  go1.17.0\nv1.24.0  go1.18.1\nv1.25.0  go1.19\nv1.26.0  go1.19\nv1.27.0  go1.20\nv1.28.0  go1.20\nv1.29.0  go1.21\nv1.30.0  go1.22\nv1.31.0  go1.22\nv1.32.0  go1.23\nv1.33.0  go1.24\nv1.34.0  go1.24\n```\n\n## 证书有效期文件\n\nCA 证书\n\n- https://github.com/kubernetes/kubernetes/blob/v1.34.0/staging/src/k8s.io/client-go/util/cert/cert.go#L79-L80\n\n签发证书\n\n- https://github.com/kubernetes/kubernetes/blob/v1.34.0/cmd/kubeadm/app/constants/constants.go#L48\n- https://github.com/kubernetes/kubernetes/blob/v1.34.0/cmd/kubeadm/app/util/pkiutil/pki_helpers.go#L659\n\n## 使用\n\n项目release版本与kubernetes发布版本一致，可以在 [releases](https://github.com/lework/kubeadm-certs/releases) 页面直接查看\n\n```bash\n[ -f /usr/bin/kubeadm ] \u0026\u0026 mv /usr/bin/kubeadm{,_src}\nwget https://github.com/lework/kubeadm-certs/releases/download/v1.21.0/kubeadm-linux-amd64 -O /usr/bin/kubeadm\nchmod +x /usr/bin/kubeadm\n```\n\n版本信息差异\n\n```bash\n# 文件大小差异\n$ls -al /usr/bin/kubeadm*\n-rwxr-xr-x 1 root root 44613632 4月  12 17:30 /usr/bin/kubeadm\n-rwxr-xr-x 1 root root 44625920 4月   9 01:54 /usr/bin/kubeadm_src\n\n# sha256sum\n$ sha256sum /usr/bin/kubeadm* \n3994974fdf4ab235d15151dee18caf9224e910d83dcc4606263c5129d89ea9bd  /usr/bin/kubeadm\n7bdaf0d58f0d286538376bc40b50d7e3ab60a3fe7a0709194f53f1605129550f  /usr/bin/kubeadm_src\n\n# 官方发布的版本\n$ kubeadm_src version\nkubeadm version: \u0026version.Info{Major:\"1\", Minor:\"21\", GitVersion:\"v1.21.0\", GitCommit:\"cb303e613a121a29364f75cc67d3d580833a7479\", GitTreeState:\"clean\", BuildDate:\"2021-04-08T16:30:03Z\", GoVersion:\"go1.16.1\", Compiler:\"gc\", Platform:\"linux/amd64\"}\n\n# 修改后的版本\n$ kubeadm version\nkubeadm version: \u0026version.Info{Major:\"1\", Minor:\"21+\", GitVersion:\"v1.21.0-dirty\", GitCommit:\"cb303e613a121a29364f75cc67d3d580833a7479\", GitTreeState:\"dirty\", BuildDate:\"2021-04-12T09:23:51Z\", GoVersion:\"go1.16.1\", Compiler:\"gc\", Platform:\"linux/amd64\"}\n```\n\n\u003e `dirty` 标记代表 `GitCommit` 版本后有修改源代码。\n\n生成证书\n\n```bash\nkubeadm init phase certs all\nkubeadm init phase kubeconfig all\n```\n\n检查证书过期时间\n\n```bash\n$ kubeadm certs check-expiration\n[check-expiration] Reading configuration from the cluster...\n[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'\n[check-expiration] Error reading configuration from the Cluster. Falling back to default configuration\n\nCERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED\nadmin.conf                 Apr 10, 2031 10:02 UTC   9y                                      no      \napiserver                  Apr 10, 2031 10:02 UTC   9y              ca                      no      \napiserver-etcd-client      Apr 10, 2031 10:02 UTC   9y              etcd-ca                 no      \napiserver-kubelet-client   Apr 10, 2031 10:02 UTC   9y              ca                      no      \ncontroller-manager.conf    Apr 10, 2031 10:02 UTC   9y                                      no      \netcd-healthcheck-client    Apr 10, 2031 10:02 UTC   9y              etcd-ca                 no      \netcd-peer                  Apr 10, 2031 10:02 UTC   9y              etcd-ca                 no      \netcd-server                Apr 10, 2031 10:02 UTC   9y              etcd-ca                 no      \nfront-proxy-client         Apr 10, 2031 10:02 UTC   9y              front-proxy-ca          no      \nscheduler.conf             Apr 10, 2031 10:02 UTC   9y                                      no      \n\nCERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED\nca                      Apr 10, 2031 10:02 UTC   9y              no      \netcd-ca                 Apr 10, 2031 10:02 UTC   9y              no      \nfront-proxy-ca          Apr 10, 2031 10:02 UTC   9y              no      \n```\n\n## LICENSE\n\nMIT\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flework%2Fkubeadm-certs","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flework%2Fkubeadm-certs","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flework%2Fkubeadm-certs/lists"}