Modify Source Code ==== 1. Extend CA Expiration to 100 Years (Default is 10 Years) --------------------------- Edit file: `./staging/src/k8s.io/client-go/util/cert/cert.go````
// Locate the NotAfter field within this function: 
// NotAfter:              now.Add(duration365d * 10).UTC()
// Change default 10-year duration to 100 years (sysin)
// Use /NotAfter to search and jump to the line
func NewSelfSignedCACert(cfg Config, key crypto.Signer) (*x509.Certificate, error) {
        now := time.Now()
        tmpl := x509.Certificate{
                SerialNumber: new(big.Int).SetInt64(0),
                Subject: pkix.Name{
                        CommonName:   cfg.CommonName,
                        Organization: cfg.Organization,
                },
                NotBefore:             now.UTC(),
                // NotAfter:              now.Add(duration365d * 10).UTC(),
                NotAfter:              now.Add(duration365d * 100).UTC(),
                KeyUsage:              x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
                BasicConstraintsValid: true,
                IsCA:                  true,
        }

        certDERBytes, err := x509.CreateCertificate(cryptorand.Reader, &tmpl, &tmpl, key.Public(), key)
        if err != nil {
                return nil, err
        }
        return x509.ParseCertificate(certDERBytes)
}

2. Extend Certificate Expiration to 100 Years (Default is 1 Year) ------------------------- Edit file: `./cmd/kubeadm/app/constants/constants.go```` // Locate the CertificateValidity constant and update it to 100 years (sysin) // Search for CertificateValidity using /CertificateValidity const ( // KubernetesDir is the directory Kubernetes owns for storing various configuration files KubernetesDir = "/etc/kubernetes" // ManifestsSubDirName defines directory name to store manifests ManifestsSubDirName = "manifests" // TempDirForKubeadm defines temporary directory for kubeadm // should be joined with KubernetesDir. TempDirForKubeadm = "tmp"

    // CertificateValidity defines the validity for all the signed certificates generated by kubeadm
    // CertificateValidity = time.Hour * 24 * 365
    CertificateValidity = time.Hour * 24 * 365 * 100
   
    // CACertAndKeyBaseName defines certificate authority base name
    CACertAndKeyBaseName = "ca"
    // CACertName defines certificate name
    CACertName = "ca.crt"
    // CAKeyName defines certificate name
    CAKeyName = "ca.key"
   

Install Go Environment =========== ```
wget https://go.dev/dl/go1.20.5.linux-amd64.tar.gz
tar -xf go1.20.5.linux-amd64.tar.gz

export PATH=$PATH:/usr/local/go/bin
go version

Reocmpile kubeadm =========== ``` cd kubernetes-1.27.3/ make all WHAT=cmd/kubeadm GOFLAGS=-v

Output directory

cd _output/bin mv kubeadm /usr/bin/

Replace kubeadm to Initialize Cluster ============== ```
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -noout -text |grep ' Not '
kubeadm certs check-expiration