`
maosheng
  • 浏览: 573435 次
  • 性别: Icon_minigender_1
  • 来自: 北京
社区版块
存档分类
最新评论

Kubernetes 证书延期

k8s 
阅读更多
一、概述

kubeadm 是 kubernetes 提供的一个初始化集群的工具,使用起来非常方便,但是它创建的 apiserver、controller-manager 等证书默认只有一年的有效期,同时 kubelet 证书也只有一年有效期,一年之后 kubernetes 将停止服务

Kubernetes 集群根证书:
/etc/kubernetes/pki/ca.crt
/etc/kubernetes/pki/ca.key
......

kubeadm 默认生成的ca证书有效期是10年,其他证书(如etcd证书,apiserver证书)有效期均为1年。

二、准备工作

[root@k8s-master etcd]#  tree /etc/kubernetes/
/etc/kubernetes/
├── admin.conf
├── controller-manager.conf
├── kubelet.conf
├── manifests
│   ├── etcd.yaml
│   ├── kube-apiserver.yaml
│   ├── kube-controller-manager.yaml
│   └── kube-scheduler.yaml
├── pki
│   ├── apiserver.crt
│   ├── apiserver-etcd-client.crt
│   ├── apiserver-etcd-client.key
│   ├── apiserver.key
│   ├── apiserver-kubelet-client.crt
│   ├── apiserver-kubelet-client.key
│   ├── ca.crt
│   ├── ca.key
│   ├── etcd
│   │   ├── ca.crt
│   │   ├── ca.key
│   │   ├── healthcheck-client.crt
│   │   ├── healthcheck-client.key
│   │   ├── peer.crt
│   │   ├── peer.key
│   │   ├── server.crt
│   │   └── server.key
│   ├── front-proxy-ca.crt
│   ├── front-proxy-ca.key
│   ├── front-proxy-client.crt
│   ├── front-proxy-client.key
│   ├── sa.key
│   └── sa.pub
└── scheduler.conf

3 directories, 30 files

查看证书:

[root@k8s-master]# cd /etc/kubernetes/pki

[root@k8s-master pki]#  openssl x509 -in front-proxy-client.crt   -noout -text  |grep Not
            Not Before: Jul 29 12:07:53 2020 GMT
            Not After : Jul 29 12:07:54 2021 GMT

[root@k8s-master pki]#  openssl x509 -in apiserver.crt   -noout -text  |grep Not
            Not Before: Jul 29 12:07:52 2020 GMT
            Not After : Jul 29 12:07:53 2021 GMT

[root@k8s-master pki]#  openssl x509 -in front-proxy-client.crt   -noout -text  |grep Not
            Not Before: Aug  1 08:36:22 2019 GMT
            Not After : Jul 31 10:47:04 2021 GMT

[root@k8s-master pki]#  openssl x509 -in apiserver.crt   -noout -text  |grep Not
            Not Before: Aug  1 08:36:24 2019 GMT
            Not After : Jul 31 10:47:04 2021 GMT

............


[root@k8s-master kubernetes]#  find /etc/kubernetes/pki/ -type f -name "*.crt" -print|egrep -v 'ca.crt$'|xargs -L 1 -t  -i bash -c 'openssl x509  -noout -text -in {}|grep Not'
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/etcd/server.crt|grep Not
            Not Before: Aug  1 08:36:23 2019 GMT
            Not After : Jul 31 10:47:03 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/etcd/healthcheck-client.crt|grep Not
            Not Before: Aug  1 08:36:23 2019 GMT
            Not After : Jul 31 10:47:03 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/etcd/peer.crt|grep Not
            Not Before: Aug  1 08:36:23 2019 GMT
            Not After : Jul 31 10:47:03 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/apiserver-etcd-client.crt|grep Not
            Not Before: Aug  1 08:36:23 2019 GMT
            Not After : Jul 31 10:47:04 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/apiserver-kubelet-client.crt|grep Not
            Not Before: Aug  1 08:36:24 2019 GMT
            Not After : Jul 31 10:47:04 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/apiserver.crt|grep Not
            Not Before: Aug  1 08:36:24 2019 GMT
            Not After : Jul 31 10:47:04 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/front-proxy-client.crt|grep Not
            Not Before: Aug  1 08:36:22 2019 GMT
            Not After : Jul 31 10:47:04 2021 GMT


[root@k8s-master kubernetes]#  find /etc/kubernetes/pki/ -type f -name "*.crt" -print|egrep -v 'ca.crt$'|xargs -L 1 -t  -i bash -c 'openssl x509  -noout -text -in {}|grep After'
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/etcd/server.crt|grep After
            Not After : Jul 31 10:47:03 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/etcd/healthcheck-client.crt|grep After
            Not After : Jul 31 10:47:03 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/etcd/peer.crt|grep After
            Not After : Jul 31 10:47:03 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/apiserver-etcd-client.crt|grep After
            Not After : Jul 31 10:47:04 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/apiserver-kubelet-client.crt|grep After
            Not After : Jul 31 10:47:04 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/apiserver.crt|grep After
            Not After : Jul 31 10:47:04 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/front-proxy-client.crt|grep After
            Not After : Jul 31 10:47:04 2021 GMT

[root@k8s-master pki]#  ls -l
总用量 56
-rw-r--r-- 1 root root 1224 7月  31 18:47 apiserver.crt
-rw-r--r-- 1 root root 1090 7月  31 18:47 apiserver-etcd-client.crt
-rw------- 1 root root 1675 7月  31 18:47 apiserver-etcd-client.key
-rw------- 1 root root 1675 7月  31 18:47 apiserver.key
-rw-r--r-- 1 root root 1099 7月  31 18:47 apiserver-kubelet-client.crt
-rw------- 1 root root 1675 7月  31 18:47 apiserver-kubelet-client.key
-rw-r--r-- 1 root root 1025 8月   1 2019 ca.crt
-rw------- 1 root root 1675 8月   1 2019 ca.key
drwxr-xr-x 2 root root  162 7月  31 18:47 etcd
-rw-r--r-- 1 root root 1038 8月   1 2019 front-proxy-ca.crt
-rw------- 1 root root 1679 8月   1 2019 front-proxy-ca.key
-rw-r--r-- 1 root root 1058 7月  31 18:47 front-proxy-client.crt
-rw------- 1 root root 1675 7月  31 18:47 front-proxy-client.key
-rw------- 1 root root 1679 8月   1 2019 sa.key
-rw------- 1 root root  451 8月   1 2019 sa.pub
[root@k8s-master pki]#  openssl x509 -in ca.crt   -noout -text  |grep Not
            Not Before: Aug  1 08:36:24 2019 GMT
            Not After : Jul 29 08:36:24 2029 GMT

[root@k8s-master pki]#  cd etcd/
[root@k8s-master etcd]#  ls -l
总用量 32
-rw-r--r-- 1 root root 1017 8月   1 2019 ca.crt
-rw------- 1 root root 1679 8月   1 2019 ca.key
-rw-r--r-- 1 root root 1094 7月  31 18:47 healthcheck-client.crt
-rw------- 1 root root 1675 7月  31 18:47 healthcheck-client.key
-rw-r--r-- 1 root root 1135 7月  31 18:47 peer.crt
-rw------- 1 root root 1679 7月  31 18:47 peer.key
-rw-r--r-- 1 root root 1127 7月  31 18:47 server.crt
-rw------- 1 root root 1675 7月  31 18:47 server.key
[root@k8s-master etcd]#  openssl x509 -in ca.crt   -noout -text  |grep Not
            Not Before: Aug  1 08:36:23 2019 GMT
            Not After : Jul 29 08:36:23 2029 GMT


备份工作(非常重要):

[root@k8s-master ]# cd /etc/kubernetes
[root@k8s-master kubernetes]# mkdir ./pki_bak
[root@k8s-master kubernetes]# mkdir ./pki_bak/etcd
[root@k8s-master kubernetes]# mkdir ./conf_bak
[root@k8s-master kubernetes]# cp pki/apiserver* ./pki_bak/
[root@k8s-master kubernetes]# cp pki/front-proxy-client.* ./pki_bak/
[root@k8s-master kubernetes]# cp pki/etcd/healthcheck-client.* ./pki_bak/etcd/
[root@k8s-master kubernetes]# cp pki/etcd/peer.* ./pki_bak/etcd/
[root@k8s-master kubernetes]# cp pki/etcd/server.* ./pki_bak/etcd/
[root@k8s-master kubernetes]# cp ./admin.conf ./conf_bak/
[root@k8s-master kubernetes]# cp ./kubelet.conf ./conf_bak/
[root@k8s-master kubernetes]# cp ./controller-manager.conf ./conf_bak/
[root@k8s-master kubernetes]# cp ./scheduler.conf ./conf_bak/


三、证书类别

1、集群根证书:
[root@k8s-master images]#  ll /etc/kubernetes/pki/ca*
-rw-r--r-- 1 root root 1025 8月   1 2019 /etc/kubernetes/pki/ca.crt
-rw------- 1 root root 1675 8月   1 2019 /etc/kubernetes/pki/ca.key


2、由此集群根证书签发的证书有:

1)kube-apiserver 组件持有的服务端证书
[root@k8s-master pki]#  ll /etc/kubernetes/pki/apiserver.*
-rw-r--r-- 1 root root 1224 7月  31 18:47 /etc/kubernetes/pki/apiserver.crt
-rw------- 1 root root 1675 7月  31 18:47 /etc/kubernetes/pki/apiserver.key

2)kubelet 组件持有的客户端证书
[root@k8s-master pki]#  ll /etc/kubernetes/pki/apiserver-kubelet-client.*
-rw-r--r-- 1 root root 1099 7月  31 18:47 /etc/kubernetes/pki/apiserver-kubelet-client.crt
-rw------- 1 root root 1675 7月  31 18:47 /etc/kubernetes/pki/apiserver-kubelet-client.key
 
提示:kubelet的/var/lib/kubelet/config.yaml配置文件中一般不会明确指定服务端证书,而是只指定 ca 根证书, 让 kubelet 根据本地主机信息自动生成服务端证书并保存到配置的 cert-dir文件夹中。

[root@k8s-master kubelet]#  pwd
/var/lib/kubelet
[root@k8s-master kubelet]#  cat config.yaml
address: 0.0.0.0
apiVersion: kubelet.config.k8s.io/v1beta1
authentication:
  anonymous:
    enabled: false
  webhook:
    cacheTTL: 2m0s
    enabled: true
  x509:
    clientCAFile: /etc/kubernetes/pki/ca.crt
authorization:
  mode: Webhook
  webhook:
    cacheAuthorizedTTL: 5m0s
    cacheUnauthorizedTTL: 30s
cgroupDriver: cgroupfs
cgroupsPerQOS: true
clusterDNS:
- 10.96.0.10
clusterDomain: cluster.local
configMapAndSecretChangeDetectionStrategy: Watch
containerLogMaxFiles: 5
containerLogMaxSize: 10Mi
contentType: application/vnd.kubernetes.protobuf
cpuCFSQuota: true
cpuCFSQuotaPeriod: 100ms
cpuManagerPolicy: none
cpuManagerReconcilePeriod: 10s
enableControllerAttachDetach: true
enableDebuggingHandlers: true
enforceNodeAllocatable:
- pods
eventBurst: 10
eventRecordQPS: 5
evictionHard:
  imagefs.available: 15%
  memory.available: 100Mi
  nodefs.available: 10%
  nodefs.inodesFree: 5%
evictionPressureTransitionPeriod: 5m0s
failSwapOn: true
fileCheckFrequency: 20s
hairpinMode: promiscuous-bridge
healthzBindAddress: 127.0.0.1
healthzPort: 10248
httpCheckFrequency: 20s
imageGCHighThresholdPercent: 85
imageGCLowThresholdPercent: 80
imageMinimumGCAge: 2m0s
iptablesDropBit: 15
iptablesMasqueradeBit: 14
kind: KubeletConfiguration
kubeAPIBurst: 10
kubeAPIQPS: 5
makeIPTablesUtilChains: true
maxOpenFiles: 1000000
maxPods: 110
nodeLeaseDurationSeconds: 40
nodeStatusUpdateFrequency: 10s
oomScoreAdj: -999
podPidsLimit: -1
port: 10250
registryBurst: 10
registryPullQPS: 5
resolvConf: /etc/resolv.conf
rotateCertificates: true
runtimeRequestTimeout: 2m0s
serializeImagePulls: true
staticPodPath: /etc/kubernetes/manifests
streamingConnectionIdleTimeout: 4h0m0s
syncFrequency: 1m0s
volumeStatsAggPeriod: 1m0s

3)汇聚层证书
[root@k8s-master kubelet]#  ll /etc/kubernetes/pki/front-proxy-ca.*
-rw-r--r-- 1 root root 1038 8月   1 2019 /etc/kubernetes/pki/front-proxy-ca.crt
-rw------- 1 root root 1679 8月   1 2019 /etc/kubernetes/pki/front-proxy-ca.key

由此汇聚层根证书签发的证书有:
[root@k8s-master kubelet]#  ll /etc/kubernetes/pki/front-proxy-client.*
-rw-r--r-- 1 root root 1058 7月  31 18:47 /etc/kubernetes/pki/front-proxy-client.crt
-rw------- 1 root root 1675 7月  31 18:47 /etc/kubernetes/pki/front-proxy-client.key

3、etcd集群根证书:
[root@k8s-master kubelet]#  ll /etc/kubernetes/pki/etcd/ca.*
-rw-r--r-- 1 root root 1017 8月   1 2019 /etc/kubernetes/pki/etcd/ca.crt
-rw------- 1 root root 1679 8月   1 2019 /etc/kubernetes/pki/etcd/ca.key

由此etcd根证书签发的证书有:

etcd server服务端证书:
[root@k8s-master kubelet]#  ll /etc/kubernetes/pki/etcd/server.*
-rw-r--r-- 1 root root 1127 7月  31 18:47 /etc/kubernetes/pki/etcd/server.crt
-rw------- 1 root root 1675 7月  31 18:47 /etc/kubernetes/pki/etcd/server.key


etcd 集群中peer节点互相通信使用的客户端证书:
[root@k8s-master kubelet]#  ll /etc/kubernetes/pki/etcd/peer.*
-rw-r--r-- 1 root root 1135 7月  31 18:47 /etc/kubernetes/pki/etcd/peer.crt
-rw------- 1 root root 1679 7月  31 18:47 /etc/kubernetes/pki/etcd/peer.key


pod 中定义 Liveness 探针使用的客户端证书:
[root@k8s-master kubelet]#  ll /etc/kubernetes/pki/etcd/healthcheck-client.*
-rw-r--r-- 1 root root 1094 7月  31 18:47 /etc/kubernetes/pki/etcd/healthcheck-client.crt
-rw------- 1 root root 1675 7月  31 18:47 /etc/kubernetes/pki/etcd/healthcheck-client.key


配置在 kube-apiserver 中用来与 etcd server 做双向认证的客户端证书:
[root@k8s-master kubelet]#  ll /etc/kubernetes/pki/apiserver-etcd-client.*
-rw-r--r-- 1 root root 1090 7月  31 18:47 /etc/kubernetes/pki/apiserver-etcd-client.crt
-rw------- 1 root root 1675 7月  31 18:47 /etc/kubernetes/pki/apiserver-etcd-client.key

4、Serveice Account密钥:
[root@k8s-master kubelet]#  ll /etc/kubernetes/pki/sa.*
-rw------- 1 root root 1679 8月   1 2019 /etc/kubernetes/pki/sa.key
-rw------- 1 root root  451 8月   1 2019 /etc/kubernetes/pki/sa.pub
 
 
Serveice Account密钥对仅提供给 kube-controller-manager 使用. kube-controller-manager 通过 sa.key 对 token 进行签名, master 节点通过公钥 sa.pub 进行签名的验证。

API Server身份验证过程:
API Server的authenticating环节支持多种身份校验方式:client cert、bearer token、static password auth等,这些方式中只要有一种方式通过authenticating(Kubernetes API Server会逐个方式尝试),那么身份校验就会通过。
一旦API Server发现client发起的request使用的是service account token的方式,API Server就会自动采用signed bearer token方式进行身份校验。而request则使用携带的service account token参与验证。该token是API Server在创建service account时用API server启动参数:–service-account-key-file的值签署(sign)生成的。如果–service-account-key-file未传入任何值,那么将默认使用–tls-private-key-file的值,即API Server的私钥(server.key)。
通过authenticating后,API Server将根据Pod username所在的group:system:serviceaccounts和system:serviceaccounts:(NAMESPACE)的权限对其进行authority 和admission control两个环节的处理。在这两个环节中,cluster管理员可以对service account的权限进行细化设置。

kubeadm 创建的集群,kube-proxy、flannel、coreDNS是以 pod 形式运行的,在 pod 中,直接使用 service account 与 kube-apiserver 进行认证,此时就不需要再单独为 kube-proxy 创建证书。


---------------------------------------------kubernetes 1.15 版本 以下方案---------------------------------------------

提示:1.12.1 使用可用

1、查看kubeadm-config配置

提示:不同的master节点使用的kubeadm配置有细微的差异,执行更新证书是,每个master在--config后面使用原来集群创建时,当前master对应的kubeadm配置文件。

[root@k8s-master kubernetes]# kubectl -n kube-system get cm kubeadm-config -oyaml
apiVersion: v1
data:
  ClusterConfiguration: |
    apiServerExtraArgs:
      authorization-mode: Node,RBAC
    apiVersion: kubeadm.k8s.io/v1alpha3
    auditPolicy:
      logDir: /var/log/kubernetes/audit
      logMaxAge: 2
      path: ""
    certificatesDir: /etc/kubernetes/pki
    clusterName: kubernetes
    controlPlaneEndpoint: ""
    etcd:
      local:
        dataDir: /var/lib/etcd
        image: ""
    imageRepository: k8s.gcr.io
    kind: ClusterConfiguration
    kubernetesVersion: v1.12.1
    networking:
      dnsDomain: cluster.local
      podSubnet: 10.244.0.0/16
      serviceSubnet: 10.96.0.0/12
    unifiedControlPlaneImage: ""
  ClusterStatus: |
    apiEndpoints:
      k8s-master:
        advertiseAddress: 192.101.10.80
        bindPort: 6443
    apiVersion: kubeadm.k8s.io/v1alpha3
    kind: ClusterStatus
kind: ConfigMap
metadata:
  creationTimestamp: 2019-08-01T08:36:48Z
  name: kubeadm-config
  namespace: kube-system
  resourceVersion: "174"
  selfLink: /api/v1/namespaces/kube-system/configmaps/kubeadm-config
  uid: 80959d9d-b437-11e9-8e73-6c92bfa51bf6

2、创建kubeadm-cluster.yaml

# touch kubeadm-cluster.yaml
# vi kubeadm-cluster.yaml

apiServer:
  apiServerExtraArgs:
   authorization-mode: Node,RBAC
apiVersion: kubeadm.k8s.io/v1alpha3
auditPolicy:
  logDir: /var/log/kubernetes/audit
  logMaxAge: 2
  path: ""
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controlPlaneEndpoint: ""
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.12.1
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
unifiedControlPlaneImage: ""


3、查看帮助

提示:不同版本的kubeadm对于证书renew的命令有细微的差异,具体情况需要依据已经安装的kubeadm来判断。通过命令行kubeadm alpha --help输出类似如下信息:

[root@k8s-master yaml]# kubeadm alpha --help
Experimental sub-commands not yet fully functional.

Usage:
  kubeadm alpha [command]

Available Commands:
  phase       Invoke subsets of kubeadm functions separately for a manual install.

Flags:
  -h, --help   help for alpha

Global Flags:
      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.
  -v, --v Level         log level for V logs

Use "kubeadm alpha [command] --help" for more information about a command.


[root@k8s-master yaml]# kubeadm alpha phase certs --help
This command is not meant to be run on its own. See list of available subcommands.

Usage:
  kubeadm alpha phase certs [command]

Aliases:
  certs, certificates

Available Commands:
  all                      Generates all PKI assets necessary to establish the control plane
  apiserver                Generates the certificate for serving the kubernetes API
  apiserver-etcd-client    Generates the client apiserver uses to access etcd
  apiserver-kubelet-client Generates the Client certificate for the API server to connect to kubelet
  ca                       Generates the self-signed kubernetes CA to provision identities for other kuberenets components
  etcd-ca                  Generates the self-signed CA to provision identities for etcd
  etcd-healthcheck-client  Generates the client certificate for liveness probes to healtcheck etcd
  etcd-peer                Generates the credentials for etcd nodes to communicate with each other
  etcd-server              Generates the certificate for serving etcd
  front-proxy-ca           Generates the self-signed CA to provision identities for front proxy
  front-proxy-client       Generates the client for the front proxy
  renew                    Renews certificates for a Kubernetes cluster
  sa                       Generates a private key for signing service account tokens along with its public key

Flags:
  -h, --help   help for certs

Global Flags:
      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.
  -v, --v Level         log level for V logs

Use "kubeadm alpha phase certs [command] --help" for more information about a command.

[root@k8s-master yaml]# kubeadm alpha phase certs renew --help
This command is not meant to be run on its own. See list of available subcommands.

Usage:
  kubeadm alpha phase certs renew [flags]
  kubeadm alpha phase certs renew [command]

Available Commands:
  all                      renew all available certificates
  apiserver                Generates the certificate for serving the kubernetes API
  apiserver-etcd-client    Generates the client apiserver uses to access etcd
  apiserver-kubelet-client Generates the Client certificate for the API server to connect to kubelet
  etcd-healthcheck-client  Generates the client certificate for liveness probes to healtcheck etcd
  etcd-peer                Generates the credentials for etcd nodes to communicate with each other
  etcd-server              Generates the certificate for serving etcd
  front-proxy-client       Generates the client for the front proxy

Flags:
  -h, --help   help for renew

Global Flags:
      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.
  -v, --v Level         log level for V logs

Use "kubeadm alpha phase certs renew [command] --help" for more information about a command.


4、重新生成master各个证书

kubeadm alpha phase certs renew  etcd-healthcheck-client --config kubeadm-cluster.yaml
kubeadm alpha phase certs renew  etcd-peer --config kubeadm-cluster.yaml
kubeadm alpha phase certs renew  etcd-server --config kubeadm-cluster.yaml
kubeadm alpha phase certs renew front-proxy-client --config kubeadm-cluster.yaml
kubeadm alpha phase certs renew  apiserver-etcd-client --config kubeadm-cluster.yaml
kubeadm alpha phase certs renew  apiserver-kubelet-client --config kubeadm-cluster.yaml
kubeadm alpha phase certs renew  apiserver --config kubeadm-cluster.yaml


5、验证证书有效期更新

[root@k8s-master images]# find /etc/kubernetes/pki/ -type f -name "*.crt" -print|egrep -v 'ca.crt$'|xargs -L 1 -t  -i bash -c 'openssl x509  -noout -text -in {}|grep After'
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/etcd/server.crt|grep After
            Not After : Aug  1 10:20:09 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/etcd/healthcheck-client.crt|grep After
            Not After : Aug  1 10:19:54 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/etcd/peer.crt|grep After
            Not After : Aug  1 10:20:02 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/apiserver-etcd-client.crt|grep After
            Not After : Aug  1 10:20:25 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/apiserver-kubelet-client.crt|grep After
            Not After : Aug  1 10:20:32 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/apiserver.crt|grep After
            Not After : Aug  1 10:20:39 2021 GMT
bash -c openssl x509  -noout -text -in /etc/kubernetes/pki/front-proxy-client.crt|grep After
            Not After : Aug  1 10:20:18 2021 GMT


6、更新各个配置文件

1)查看帮助:

[root@k8s-master manifests]# kubeadm alpha phase kubeconfig --help
This command is not meant to be run on its own. See list of available subcommands.

Usage:
  kubeadm alpha phase kubeconfig [command]

Available Commands:
  admin              Generates a kubeconfig file for the admin to use and for kubeadm itself
  all                Generates all kubeconfig files necessary to establish the control plane and the admin kubeconfig file
  controller-manager Generates a kubeconfig file for the controller manager to use
  kubelet            Generates a kubeconfig file for the kubelet to use. Please note that this should be used *only* for bootstrapping purposes
  scheduler          Generates a kubeconfig file for the scheduler to use
  user               Outputs a kubeconfig file for an additional user

Flags:
  -h, --help   help for kubeconfig

Global Flags:
      --rootfs string   [EXPERIMENTAL] The path to the 'real' host root filesystem.
  -v, --v Level         log level for V logs

Use "kubeadm alpha phase kubeconfig [command] --help" for more information about a command.


2)备份集群配置文件并重新生成:

[root@k8s-master yaml]# find /etc/kubernetes/ -name '*.conf'|xargs -i mv {}{,bak}

[root@k8s-master yaml]# kubeadm alpha phase kubeconfig all --config kubeadm-cluster.yaml
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/admin.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/kubelet.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/controller-manager.conf"
[kubeconfig] Wrote KubeConfig file to disk: "/etc/kubernetes/scheduler.conf"
或者分步执行:
kubeadm alpha phase kubeconfig kubelet --config kubeadm-cluster.yaml
kubeadm alpha phase kubeconfig  admin --config kubeadm-cluster.yaml
kubeadm alpha phase kubeconfig  scheduler --config kubeadm-cluster.yaml
kubeadm alpha phase kubeconfig  controller-manager --config kubeadm-cluster.yaml


3)重新配置kubectl权限信息:

mv $HOME/.kube/config $HOME/.kube/config.old
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config


7、更新集群验证

验证kubernetes 集群:运行 kubectl cluster-info 和 kubectl get nodes 符合预期

[root@k8s-master images]# kubectl get nodes
NAME         STATUS    ROLES     AGE       VERSION
k8s-master   Ready     master    1y        v1.12.1
k8s-node1    Ready     <none>    1y        v1.12.1
k8s-node2    Ready     <none>    1y        v1.12.1

确性kubernetes 系统相关的服务运行正常(核心是kube-apiserver,kube-controller-manager,kube-proxy, kube-flannel):kubectl get pods -n kube-system

[root@k8s-master images]# kubectl get pods -n kube-system
NAME                                    READY     STATUS    RESTARTS   AGE
coredns-576cbf47c7-fk7j9                1/1       Running   0          1y
coredns-576cbf47c7-p4f4q                1/1       Running   0          1y
etcd-k8s-master                         1/1       Running   2          1y
kube-apiserver-k8s-master               1/1       Running   0          2h
kube-controller-manager-k8s-master      1/1       Running   1          2h
kube-flannel-ds-amd64-f2csl             1/1       Running   0          1y
kube-flannel-ds-amd64-wm2b6             1/1       Running   0          1y
kube-flannel-ds-amd64-wrnnk             1/1       Running   1          1y
kube-proxy-cz5xg                        1/1       Running   0          1y
kube-proxy-fnr96                        1/1       Running   0          1y
kube-proxy-xbrcb                        1/1       Running   0          1y
kube-scheduler-k8s-master               1/1       Running   1          1y
kubernetes-dashboard-77fd78f978-jl98q   1/1       Running   0          218d

检查pod的运行状态:kubectl get pods --all-namespaces

[root@k8s-master images]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                    READY     STATUS             RESTARTS   AGE
default       bbcx-service-7c4bb5456-bksqb            1/1       Running            0          7h
default       bbcx-vue-5569488679-zd75m               1/1       Running            1          7h
default       cip-data-service-66ffd668dd-2l4wv       1/1       Running            0          17d
default       cip-job-5fb59f9d84-4lrb4                1/1       Running            0          17d
default       consul-0                                1/1       Running            0          193d
...................


---------------------------------------------kubernetes 1.15 版本 以上方案---------------------------------------------

提示:kubernetes 1.16.3 ;1.18.2 使用可用,1.12.1 使用不可用

第一种方案:

1、查看具体过期时间

kubeadm alpha certs check-expiration
CERTIFICATE                EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
admin.conf                 Jul 29, 2021 12:07 UTC   362d            no     
apiserver                  Jul 29, 2021 12:07 UTC   362d            no     
apiserver-etcd-client      Jul 29, 2021 12:07 UTC   362d            no     
apiserver-kubelet-client   Jul 29, 2021 12:07 UTC   362d            no     
controller-manager.conf    Jul 29, 2021 12:07 UTC   362d            no     
etcd-healthcheck-client    Jul 29, 2021 12:07 UTC   362d            no     
etcd-peer                  Jul 29, 2021 12:07 UTC   362d            no     
etcd-server                Jul 29, 2021 12:07 UTC   362d            no     
front-proxy-client         Jul 29, 2021 12:07 UTC   362d            no     
scheduler.conf             Jul 29, 2021 12:07 UTC   362d            no  

2、查看帮助

[root@hadoop009 images]# kubeadm alpha certs renew --help
This command is not meant to be run on its own. See list of available subcommands.

Usage:
  kubeadm alpha certs renew [flags]
  kubeadm alpha certs renew [command]

Available Commands:
  admin.conf               Renew the certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself
  all                      Renew all available certificates
  apiserver                Renew the certificate for serving the Kubernetes API
  apiserver-etcd-client    Renew the certificate the apiserver uses to access etcd
  apiserver-kubelet-client Renew the certificate for the API server to connect to kubelet
  controller-manager.conf  Renew the certificate embedded in the kubeconfig file for the controller manager to use
  etcd-healthcheck-client  Renew the certificate for liveness probes to healthcheck etcd
  etcd-peer                Renew the certificate for etcd nodes to communicate with each other
  etcd-server              Renew the certificate for serving etcd
  front-proxy-client       Renew the certificate for the front proxy client
  scheduler.conf           Renew the certificate embedded in the kubeconfig file for the scheduler manager to use

Flags:
  -h, --help   help for renew

Global Flags:
      --add-dir-header           If true, adds the file directory to the header
      --log-file string          If non-empty, use this log file
      --log-file-max-size uint   Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --rootfs string            [EXPERIMENTAL] The path to the 'real' host root filesystem.
      --skip-headers             If true, avoid header prefixes in the log messages
      --skip-log-headers         If true, avoid headers when opening log files
  -v, --v Level                  number for the log level verbosity

Use "kubeadm alpha certs renew [command] --help" for more information about a command.

提示:由help可知,证书更新可针对单个证书更新


3、更新证书

更新所有证书,对证书进行续期,续期一年:
$ kubeadm alpha  certs renew all

[renew] Reading configuration from the cluster...
[renew] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'

certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself renewed
certificate for serving the Kubernetes API renewed
certificate the apiserver uses to access etcd renewed
certificate for the API server to connect to kubelet renewed
certificate embedded in the kubeconfig file for the controller manager to use renewed
certificate for liveness probes to healthcheck etcd renewed
certificate for etcd nodes to communicate with each other renewed
certificate for serving etcd renewed
certificate for the front proxy client renewed
certificate embedded in the kubeconfig file for the scheduler manager to use renewed

提示:更新操作需要在所有master节点执行

4、验证续期

# ls -l
总用量 56
-rw-r--r-- 1 root root 1220 7月  31 22:48 apiserver.crt
-rw-r--r-- 1 root root 1090 7月  31 22:48 apiserver-etcd-client.crt
-rw------- 1 root root 1679 7月  31 22:48 apiserver-etcd-client.key
-rw------- 1 root root 1675 7月  31 22:48 apiserver.key
-rw-r--r-- 1 root root 1099 7月  31 22:48 apiserver-kubelet-client.crt
-rw------- 1 root root 1675 7月  31 22:48 apiserver-kubelet-client.key
-rw-r--r-- 1 root root 1025 7月  29 20:07 ca.crt
-rw------- 1 root root 1679 7月  29 20:07 ca.key
drwxr-xr-x 2 root root  162 7月  29 20:07 etcd
-rw-r--r-- 1 root root 1038 7月  29 20:07 front-proxy-ca.crt
-rw------- 1 root root 1675 7月  29 20:07 front-proxy-ca.key
-rw-r--r-- 1 root root 1058 7月  31 22:48 front-proxy-client.crt
-rw------- 1 root root 1679 7月  31 22:48 front-proxy-client.key
-rw------- 1 root root 1675 7月  29 20:07 sa.key
-rw------- 1 root root  451 7月  29 20:07 sa.pub

# kubeadm alpha certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -oyaml'

CERTIFICATE                EXPIRES                  RESIDUAL TIME   CERTIFICATE AUTHORITY   EXTERNALLY MANAGED
admin.conf                 Aug 01, 2021 07:38 UTC   364d                                    no     
apiserver                  Aug 01, 2021 07:38 UTC   364d            ca                      no     
apiserver-etcd-client      Aug 01, 2021 07:38 UTC   364d            etcd-ca                 no     
apiserver-kubelet-client   Aug 01, 2021 07:38 UTC   364d            ca                      no     
controller-manager.conf    Aug 01, 2021 07:38 UTC   364d                                    no     
etcd-healthcheck-client    Aug 01, 2021 07:38 UTC   364d            etcd-ca                 no     
etcd-peer                  Aug 01, 2021 07:38 UTC   364d            etcd-ca                 no     
etcd-server                Aug 01, 2021 07:38 UTC   364d            etcd-ca                 no     
front-proxy-client         Aug 01, 2021 07:38 UTC   364d            front-proxy-ca          no     
scheduler.conf             Aug 01, 2021 07:38 UTC   364d                                    no     

CERTIFICATE AUTHORITY   EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
ca                      Jul 27, 2030 13:01 UTC   9y              no     
etcd-ca                 Jul 27, 2030 13:01 UTC   9y              no     
front-proxy-ca          Jul 27, 2030 13:01 UTC   9y              no   

[root@hadoop010 etcd]# kubectl -n kube-system get cm kubeadm-config -oyaml
apiVersion: v1
data:
  ClusterConfiguration: |
    apiServer:
      extraArgs:
        authorization-mode: Node,RBAC
      timeoutForControlPlane: 4m0s
    apiVersion: kubeadm.k8s.io/v1beta2
    certificatesDir: /etc/kubernetes/pki
    clusterName: kubernetes
    controlPlaneEndpoint: 192.101.11.162:6443
    controllerManager: {}
    dns:
      type: CoreDNS
    etcd:
      local:
        dataDir: /var/lib/etcd
    imageRepository: k8s.gcr.io
    kind: ClusterConfiguration
    kubernetesVersion: v1.18.2
    networking:
      dnsDomain: cluster.local
      podSubnet: 10.244.0.0/16
      serviceSubnet: 10.96.0.0/12
    scheduler: {}
  ClusterStatus: |
    apiEndpoints:
      hadoop010:
        advertiseAddress: 192.101.11.162
        bindPort: 6443
    apiVersion: kubeadm.k8s.io/v1beta2
    kind: ClusterStatus
kind: ConfigMap
metadata:
  creationTimestamp: "2020-07-29T13:02:16Z"
  managedFields:
  - apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
      f:data:
        .: {}
        f:ClusterConfiguration: {}
        f:ClusterStatus: {}
    manager: kubeadm
    operation: Update
    time: "2020-07-29T13:02:16Z"
  name: kubeadm-config
  namespace: kube-system
  resourceVersion: "157"
  selfLink: /api/v1/namespaces/kube-system/configmaps/kubeadm-config
  uid: 2e049082-fa64-4e2e-ad73-af9fc94a051e


5、启用证书

在每台Master上执行重启kube-apiserver、kube-controller、kube-scheduler、etcd这4个容器,以便使证书生效。

# docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' |xargs docker restart
或者
# docker ps | grep -v pause | grep -E "etcd|scheduler|controller|apiserver" | awk '{print $1}' | awk '{print "docker","restart",$1}' | bash
 
提示:启用操作需要在所有master节点执行。

6、更新.kube下的配置文件

$ mv $HOME/.kube/config $HOME/.kube/config.old
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
$ kubectl get nodes


7、更新集群验证

验证kubernetes 集群:运行 kubectl cluster-info 和 kubectl get nodes 符合预期。
[root@k8s-master images]# kubectl get nodes
NAME         STATUS    ROLES     AGE       VERSION
k8s-master   Ready     master    1y        v1.12.1
k8s-node1    Ready     <none>    1y        v1.12.1
k8s-node2    Ready     <none>    1y        v1.12.1

确性kubernetes 系统相关的服务运行正常(核心是kube-apiserver,kube-controller-manager,kube-proxy, kube-flannel):kubectl get pods -n kube-system
[root@k8s-master images]# kubectl get pods -n kube-system
NAME                                    READY     STATUS    RESTARTS   AGE
coredns-576cbf47c7-fk7j9                1/1       Running   0          1y
coredns-576cbf47c7-p4f4q                1/1       Running   0          1y
etcd-k8s-master                         1/1       Running   2          1y
kube-apiserver-k8s-master               1/1       Running   0          2h
kube-controller-manager-k8s-master      1/1       Running   1          2h
kube-flannel-ds-amd64-f2csl             1/1       Running   0          1y
kube-flannel-ds-amd64-wm2b6             1/1       Running   0          1y
kube-flannel-ds-amd64-wrnnk             1/1       Running   1          1y
kube-proxy-cz5xg                        1/1       Running   0          1y
kube-proxy-fnr96                        1/1       Running   0          1y
kube-proxy-xbrcb                        1/1       Running   0          1y
kube-scheduler-k8s-master               1/1       Running   1          1y
kubernetes-dashboard-77fd78f978-jl98q   1/1       Running   0          218d

检查pod的运行状态:kubectl get pods --all-namespaces
[root@k8s-master images]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                    READY     STATUS             RESTARTS   AGE
default       bbcx-service-7c4bb5456-bksqb            1/1       Running            0          7h
default       bbcx-vue-5569488679-zd75m               1/1       Running            1          7h
default       cip-data-service-66ffd668dd-2l4wv       1/1       Running            0          17d
default       cip-job-5fb59f9d84-4lrb4                1/1       Running            0          17d
default       consul-0                                1/1       Running            0          193d
...................


第二种方案:

1、备份导出kubeadm集群配置

# kubeadm config view > kubeadm-cluster.yaml

apiServer:
  extraArgs:
    authorization-mode: Node,RBAC
  timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
  type: CoreDNS
etcd:
  local:
    dataDir: /var/lib/etcd
imageRepository: k8s.gcr.io
kind: ClusterConfiguration
kubernetesVersion: v1.16.3
networking:
  dnsDomain: cluster.local
  podSubnet: 10.244.0.0/16
  serviceSubnet: 10.96.0.0/12
scheduler: {}

2、查看具体过期时间

kubeadm alpha certs check-expiration
CERTIFICATE                EXPIRES                  RESIDUAL TIME   EXTERNALLY MANAGED
admin.conf                 Jul 29, 2021 12:07 UTC   362d            no     
apiserver                  Jul 29, 2021 12:07 UTC   362d            no     
apiserver-etcd-client      Jul 29, 2021 12:07 UTC   362d            no     
apiserver-kubelet-client   Jul 29, 2021 12:07 UTC   362d            no     
controller-manager.conf    Jul 29, 2021 12:07 UTC   362d            no     
etcd-healthcheck-client    Jul 29, 2021 12:07 UTC   362d            no     
etcd-peer                  Jul 29, 2021 12:07 UTC   362d            no     
etcd-server                Jul 29, 2021 12:07 UTC   362d            no     
front-proxy-client         Jul 29, 2021 12:07 UTC   362d            no     
scheduler.conf             Jul 29, 2021 12:07 UTC   362d            no  

3、查看帮助

[root@hadoop009 images]# kubeadm alpha certs renew --help
This command is not meant to be run on its own. See list of available subcommands.

Usage:
  kubeadm alpha certs renew [flags]
  kubeadm alpha certs renew [command]

Available Commands:
  admin.conf               Renew the certificate embedded in the kubeconfig file for the admin to use and for kubeadm itself
  all                      Renew all available certificates
  apiserver                Renew the certificate for serving the Kubernetes API
  apiserver-etcd-client    Renew the certificate the apiserver uses to access etcd
  apiserver-kubelet-client Renew the certificate for the API server to connect to kubelet
  controller-manager.conf  Renew the certificate embedded in the kubeconfig file for the controller manager to use
  etcd-healthcheck-client  Renew the certificate for liveness probes to healthcheck etcd
  etcd-peer                Renew the certificate for etcd nodes to communicate with each other
  etcd-server              Renew the certificate for serving etcd
  front-proxy-client       Renew the certificate for the front proxy client
  scheduler.conf           Renew the certificate embedded in the kubeconfig file for the scheduler manager to use

Flags:
  -h, --help   help for renew

Global Flags:
      --add-dir-header           If true, adds the file directory to the header
      --log-file string          If non-empty, use this log file
      --log-file-max-size uint   Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0, the maximum file size is unlimited. (default 1800)
      --rootfs string            [EXPERIMENTAL] The path to the 'real' host root filesystem.
      --skip-headers             If true, avoid header prefixes in the log messages
      --skip-log-headers         If true, avoid headers when opening log files
  -v, --v Level                  number for the log level verbosity

Use "kubeadm alpha certs renew [command] --help" for more information about a command.

提示:由help可知,证书更新可针对单个证书更新

4、更新证书

# kubeadm alpha certs renew all --config=kubeadm-cluster.yaml   #更新所有证书
提示:在保存kubeadm-cluster.yaml文件的目录下执行
提示:更新操作需要在所有master节点执行

5、确认验证

# kubeadm alpha certs check-expiration 


6、启用证书

在每台Master上执行重启kube-apiserver、kube-controller、kube-scheduler、etcd这4个容器,以便使证书生效。

# docker ps |grep -E 'k8s_kube-apiserver|k8s_kube-controller-manager|k8s_kube-scheduler|k8s_etcd_etcd' | awk -F ' ' '{print $1}' |xargs docker restart
或者
# docker ps | grep -v pause | grep -E "etcd|scheduler|controller|apiserver" | awk '{print $1}' | awk '{print "docker","restart",$1}' | bash
 
提示:启用操作需要在所有master节点执行。

7、更新.kube下的配置文件

$ mv $HOME/.kube/config $HOME/.kube/config.old
$ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
$ sudo chown $(id -u):$(id -g) $HOME/.kube/config
$ kubectl get nodes


8、更新集群验证

验证kubernetes 集群:运行 kubectl cluster-info 和 kubectl get nodes 符合预期。
[root@k8s-master images]# kubectl get nodes
NAME         STATUS    ROLES     AGE       VERSION
k8s-master   Ready     master    1y        v1.12.1
k8s-node1    Ready     <none>    1y        v1.12.1
k8s-node2    Ready     <none>    1y        v1.12.1

确性kubernetes 系统相关的服务运行正常(核心是kube-apiserver,kube-controller-manager,kube-proxy, kube-flannel):kubectl get pods -n kube-system
[root@k8s-master images]# kubectl get pods -n kube-system
NAME                                    READY     STATUS    RESTARTS   AGE
coredns-576cbf47c7-fk7j9                1/1       Running   0          1y
coredns-576cbf47c7-p4f4q                1/1       Running   0          1y
etcd-k8s-master                         1/1       Running   2          1y
kube-apiserver-k8s-master               1/1       Running   0          2h
kube-controller-manager-k8s-master      1/1       Running   1          2h
kube-flannel-ds-amd64-f2csl             1/1       Running   0          1y
kube-flannel-ds-amd64-wm2b6             1/1       Running   0          1y
kube-flannel-ds-amd64-wrnnk             1/1       Running   1          1y
kube-proxy-cz5xg                        1/1       Running   0          1y
kube-proxy-fnr96                        1/1       Running   0          1y
kube-proxy-xbrcb                        1/1       Running   0          1y
kube-scheduler-k8s-master               1/1       Running   1          1y
kubernetes-dashboard-77fd78f978-jl98q   1/1       Running   0          218d

检查pod的运行状态:kubectl get pods --all-namespaces
[root@k8s-master images]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                    READY     STATUS             RESTARTS   AGE
default       bbcx-service-7c4bb5456-bksqb            1/1       Running            0          7h
default       bbcx-vue-5569488679-zd75m               1/1       Running            1          7h
default       cip-data-service-66ffd668dd-2l4wv       1/1       Running            0          17d
default       cip-job-5fb59f9d84-4lrb4                1/1       Running            0          17d
default       consul-0                                1/1       Running            0          193d
...................









分享到:
评论

相关推荐

    kubeadm初始化的k8s集群,证书默认是1年的延期-详细笔记资料包

    但这需要对Kubernetes证书管理有深入理解,操作过程较复杂。 2. **使用kubeadm**:kubeadm提供了一个方便的命令`kubeadm alpha phase kubeconfig all --certificate-renewal=true`来尝试自动更新控制平面的证书。...

    所有的证书延期10年脚本

    【kubernetes】环境准备及K8S安装【最新完整版】 1.证书延期10年 2../update-kubeadm-cert.sh all

    计算机二级公共基础知识模 拟试题及答案详解.pdf

    计算机二级公共基础知识模 拟试题及答案详解.pdf

    电子工程领域的语音发射机电路设计与实现

    内容概要:本文档详细介绍了语音发射机的设计与实现,涵盖了从硬件电路到具体元件的选择和连接方式。文档提供了详细的电路图,包括电源管理、信号处理、音频输入输出接口以及射频模块等关键部分。此外,还展示了各个引脚的功能定义及其与其他组件的连接关系,确保了系统的稳定性和高效性能。通过这份文档,读者可以全面了解语音发射机的工作原理和技术细节。 适合人群:对电子工程感兴趣的初学者、从事嵌入式系统开发的技术人员以及需要深入了解语音发射机制的专业人士。 使用场景及目标:适用于希望构建自己的语音发射设备的研究人员或爱好者,帮助他们掌握相关技术和实际操作技能。同时,也为教学机构提供了一个很好的案例研究材料。 其他说明:文档不仅限于理论讲解,还包括具体的实施步骤,使读者能够动手实践并验证所学知识。

    易语言注册机源码详解:单线程架构下的接码、滑块验证与IP代理实现

    内容概要:本文详细介绍了用易语言编写的单线程全功能注册机源码,涵盖了接码平台对接、滑块验证处理、IP代理管理以及料子导入等多个核心功能。文章首先展示了主框架的初始化配置和事件驱动逻辑,随后深入探讨了接码平台(如打码兔)的API调用及其返回数据的处理方法。对于滑块验证部分,作者分享了如何利用易语言的绘图功能模拟真实用户的操作轨迹,并提高了验证通过率。IP代理模块则实现了智能切换策略,确保代理的有效性和稳定性。此外,料子导入功能支持多种格式的数据解析和去重校验,防止脏数据污染。最后,文章提到了状态机设计用于控制注册流程的状态持久化。 适合人群:有一定编程基础,尤其是熟悉易语言的开发者和技术爱好者。 使用场景及目标:适用于希望深入了解易语言注册机开发的技术细节,掌握接码、滑块验证、IP代理等关键技术的应用场景。目标是帮助读者理解并优化现有注册机的功能,提高其稳定性和效率。 其他说明:文中提到的部分技术和实现方式可能存在一定的风险,请谨慎使用。同时,建议读者在合法合规的前提下进行相关开发和测试。

    计算机绘图实用教程 第三章.pdf

    计算机绘图实用教程 第三章.pdf

    计算机辅助设计—AutoCAD 2018中文版基础教程 各章CAD图纸及相关说明汇总.pdf

    计算机辅助设计—AutoCAD 2018中文版基础教程 各章CAD图纸及相关说明汇总.pdf

    计算机类电子书集合PDF

    C++相关书籍,计算机相关书籍,linux相关及http等计算机学习、面试书籍。

    计算机二级mysql数据库程序设计练习题(一).pdf

    计算机二级mysql数据库程序设计练习题(一).pdf

    计算机发展史.pdf

    计算机发展史.pdf

    计算机二级课件.pdf

    计算机二级课件.pdf

    计算机概论第三讲:计算机组成.pdf

    计算机概论第三讲:计算机组成.pdf

    端侧算力网络白皮书:6G时代终端算力资源高效利用与应用场景解析

    内容概要:本文档由中国移动通信集团终端有限公司、北京邮电大学、中国信息通信研究院和中国通信学会共同发布,旨在探讨端侧算力网络(TCAN)的概念、架构、关键技术及其应用场景。文中详细分析了终端的发展现状、基本特征和发展趋势,阐述了端侧算力网络的定义、体系架构、功能架构及其主要特征。端侧算力网络通过整合海量泛在异构终端的算力资源,实现分布式多级端侧算力资源的高效利用,提升网络整体资源利用率和服务质量。关键技术涵盖层次化端算力感知图模型、资源虚拟化、数据压缩、多粒度多层次算力调度、现场级AI推理和算力定价机制。此外,还探讨了端侧算力网络在智能家居、智能医疗、车联网、智慧教育和智慧农业等领域的潜在应用场景。 适合人群:从事通信网络、物联网、边缘计算等领域研究和开发的专业人士,以及对6G网络和端侧算力网络感兴趣的学者和从业者。 使用场景及目标:适用于希望深入了解端侧算力网络技术原理、架构设计和应用场景的读者。目标是帮助读者掌握端侧算力网络的核心技术,理解其在不同行业的应用潜力,推动端侧算力网络技术的商业化和产业化。 其他说明:本文档不仅提供了端侧算力网络的技术细节,还对其隐私与安全进行了深入探讨

    学习java的心得体会.docx

    学习java的心得体会.docx

    计算机二级考试(南开100题齐全).pdf

    计算机二级考试(南开100题齐全).pdf

    计算机二级C语言考试通关宝典:全面解析核心知识点与解题技巧

    内容概要:本文详细介绍了计算机二级C语言考试的内容和备考方法。首先概述了计算机二级考试的意义及其在计算机技能认证中的重要性,重点讲解了C语言的基础语法,包括程序结构、数据类型、运算符和表达式等。接着深入探讨了进阶知识,如函数、数组、指针、结构体和共用体的应用。最后分享了针对选择题、填空题和编程题的具体解题技巧,强调了复习方法和实战演练的重要性。 适合人群:准备参加计算机二级C语言考试的学生和技术爱好者。 使用场景及目标:①帮助考生系统地掌握C语言的核心知识点;②提供有效的解题策略,提高应试能力;③指导考生制定合理的复习计划,增强实战经验。 其他说明:本文不仅涵盖了理论知识,还提供了大量实例代码和详细的解释,有助于读者更好地理解和应用所学内容。此外,文中提到的解题技巧和复习建议对实际编程也有很大帮助。

    论文格式及要求.doc

    论文格式及要求.doc

    三菱FX3U与台达变频器RS485通信程序设置及应用实例

    内容概要:本文详细介绍了如何使用三菱FX3U PLC及其485BD通信板与四台台达VFD-M系列变频器进行通信的设置与应用。主要内容涵盖硬件连接注意事项、通信参数配置、RS指令的应用、CRC校验算法的实现以及频率给定和状态读取的具体方法。文中提供了多个实用的编程示例,展示了如何通过梯形图和结构化文本编写通信程序,并讨论了常见的调试技巧和优化建议。此外,还提到了系统的扩展性和稳定性措施,如增加温度传感器通信功能和应对电磁干扰的方法。 适合人群:从事工业自动化领域的工程师和技术人员,尤其是那些熟悉三菱PLC和台达变频器的使用者。 使用场景及目标:适用于需要实现多台变频器联动控制的工业应用场景,旨在提高生产效率和系统可靠性。通过学习本文,读者可以掌握如何构建稳定的RS485通信网络,确保变频器之间的高效协同工作。 其他说明:本文不仅提供了详细的理论指导,还包括了许多来自实际项目的经验教训,帮助读者避免常见错误并提升编程技能。

    计算机服务规范.pdf

    计算机服务规范.pdf

    Discuz-X3.2-TC-UTF8.zip

    Discuz_X3.2_TC_UTF8.zip LNMP搭建安装包

Global site tag (gtag.js) - Google Analytics