k8s 簽發證書
3節點node
192.168.52.6 mastergit
192.168.52.7 node1github
192.168.52.8 node2api
CA 證書籤發server
/etc/ssl/k8sssl
git clone git@github.com:he-aook/k8s-certificate-issue-file.git openssl
openssl genrsa -out ca.key 3072kubernetes
openssl req -x509 -new -key ca.key -days 10950 -out ca.pem -subj "/CN=kubernetes/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=k8s" -config ca.cnf -extensions v3_reqit
api 證書籤發io
/etc/ssl/k8s
sed -i '9,10s/^/#/' api-server.cnf
openssl genrsa -out apiserver.key 3072
openssl req -new -key apiserver.key -out apiserver.csr -subj "/CN=kubernetes/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=k8s" -config api-server.cnf
sed -i '9,10s/^#//g' api-server.cnf
openssl x509 -req -in apiserver.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out apiserver.pem -days 10950 -extfile api-server.cnf -extensions v3_req
openssl x509 -noout -text -in apiserver.pem
kubelet 證書籤發
/etc/ssl/k8s
sed -i '$s/.[[:digit:]].$/.6/g' client.cnf
fn=52-6
openssl genrsa -out kubelet-$fn.key 3072
openssl req -new -key kubelet-$fn.key -out kubelet-$fn.csr -subj "/CN=admin/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=system:masters" -config client.cnf
openssl x509 -req -in kubelet-$fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kubelet-$fn.pem -days 10950 -extfile client.cnf -extensions v3_req
sed -i '$s/.[[:digit:]]$/.7/g' client.cnf
fn=52-7
openssl genrsa -out kubelet-$fn.key 3072
openssl req -new -key kubelet-$fn.key -out kubelet-$fn.csr -subj "/CN=admin/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=system:masters" -config client.cnf
openssl x509 -req -in kubelet-$fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kubelet-$fn.pem -days 10950 -extfile client.cnf -extensions v3_req
sed -i '$s/.[[:digit:]]$/.8/g' client.cnf
fn=52-8
openssl genrsa -out kubelet-$fn.key 3072
openssl req -new -key kubelet-$fn.key -out kubelet-$fn.csr -subj "/CN=admin/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=system:masters" -config client.cnf
openssl x509 -req -in kubelet-$fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kubelet-$fn.pem -days 10950 -extfile client.cnf -extensions v3_req
kube-proxy 簽發證書
/etc/ssl/k8s
sed -i '$s/.[[:digit:]]$/.6/g' client.cnf
fn=52-6
openssl genrsa -out kube-proxy-$fn.key 3072
openssl req -new -key kube-proxy-$fn.key -out kube-proxy-$fn.csr -subj "/CN=system:kube-proxy/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=k8s" -config client.cnf
openssl x509 -req -in kube-proxy-$fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kube-proxy-$fn.pem -days 10950 -extfile client.cnf -extensions v3_req
sed -i '$s/.[[:digit:]]$/.7/g' client.cnf
fn=52-7
openssl genrsa -out kube-proxy-$fn.key 3072
openssl req -new -key kube-proxy-$fn.key -out kube-proxy-$fn.csr -subj "/CN=system:kube-proxy/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=k8s" -config client.cnf
openssl x509 -req -in kube-proxy-$fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kube-proxy-$fn.pem -days 10950 -extfile client.cnf -extensions v3_req
sed -i '$s/.[[:digit:]]$/.8/g' client.cnf
fn=52-8
openssl genrsa -out kube-proxy-$fn.key 3072
openssl req -new -key kube-proxy-$fn.key -out kube-proxy-$fn.csr -subj "/CN=system:kube-proxy/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=k8s" -config client.cnf
openssl x509 -req -in kube-proxy-$fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kube-proxy-$fn.pem -days 10950 -extfile client.cnf -extensions v3_req
etcd 證書籤發
/etc/ssl/k8s
sed -i '$s/.[[:digit:]]$/.6/g' client.cnf
fn=52-6
openssl genrsa -out etcd-$fn.key 3072
openssl req -new -key etcd-$fn.key -out etcd-$fn.csr -subj "/CN=etcd/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=k8s" -config client.cnf
openssl x509 -req -in etcd-$fn.csr -out etcd-$fn.pem -CA ca.pem -CAkey ca.key -CAcreateserial -days 10950 -extfile client.cnf -extensions v3_req
sed -i '$s/.[[:digit:]]$/.7/g' client.cnf
fn=52-7
openssl genrsa -out etcd-$fn.key 3072
openssl req -new -key etcd-$fn.key -out etcd-$fn.csr -subj "/CN=etcd/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=k8s" -config client.cnf
openssl x509 -req -in etcd-$fn.csr -out etcd-$fn.pem -CA ca.pem -CAkey ca.key -CAcreateserial -days 10950 -extfile client.cnf -extensions v3_req
sed -i '$s/.[[:digit:]]$/.8/g' client.cnf
fn=52-8
openssl genrsa -out etcd-$fn.key 3072
openssl req -new -key etcd-$fn.key -out etcd-$fn.csr -subj "/CN=etcd/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=k8s" -config client.cnf
openssl x509 -req -in etcd-$fn.csr -out etcd-$fn.pem -CA ca.pem -CAkey ca.key -CAcreateserial -days 10950 -extfile client.cnf -extensions v3_req
flannel 證書籤發
sed -i '$s/.[[:digit:]]$/.6/g' client.cnf
fn=52-6
openssl genrsa -out flannel-$fn.key 3072
openssl req -new -key flannel-$fn.key -out flannel-$fn.csr -subj "/CN=flanneld/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=k8s" -config client.cnf
openssl x509 -req -in flannel-$fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out flannel-$fn.pem -days 10950 -extfile client.cnf -extensions v3_req
sed -i '$s/.[[:digit:]]$/.7/g' client.cnf
fn=52-7
openssl genrsa -out flannel-$fn.key 3072
openssl req -new -key flannel-$fn.key -out flannel-$fn.csr -subj "/CN=flanneld/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=k8s" -config client.cnf
openssl x509 -req -in flannel-$fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out flannel-$fn.pem -days 10950 -extfile client.cnf -extensions v3_req
sed -i '$s/.[[:digit:]]$/.8/g' client.cnf
fn=52-8
openssl genrsa -out flannel-$fn.key 3072
openssl req -new -key flannel-$fn.key -out flannel-$fn.csr -subj "/CN=flanneld/OU=System/C=CN/ST=Shanghai/L=Shanghai/O=k8s" -config client.cnf
openssl x509 -req -in flannel-$fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out flannel-$fn.pem -days 10950 -extfile client.cnf -extensions v3_req
QQ:1394466404
- 1. k8s 之證書籤發
- 2. 使用k8s給你的服務簽發證書
- 3. 爲IP簽發SSL證書
- 4. LetsEncrypt SSL 證書籤發(Nginx)
- 5. 使用 acme.sh 簽發續簽 Let‘s Encrypt 證書 泛域名證書
- 6. https自簽名 證書籤發
- 7. 證書籤名工具 CFSSL
- 8. SSL證書、代碼簽名證書、文檔簽名證書及郵件簽名證書有什麼區別
- 9. k8s 證書配置大全
- 10. openssl自簽證書
- 更多相關文章...
- • Eclipse 添加書籤 - Eclipse 教程
- • XML 驗證 - XML 教程
- • PHP開發工具
- • JDK13 GA發佈:5大特性解讀
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. python的安裝和Hello,World編寫
- 2. 重磅解讀:K8s Cluster Autoscaler模塊及對應華爲雲插件Deep Dive
- 3. 鴻蒙學習筆記2(永不斷更)
- 4. static關鍵字 和構造代碼塊
- 5. JVM筆記
- 6. 無法啓動 C/C++ 語言服務器。IntelliSense 功能將被禁用。錯誤: Missing binary at c:\Users\MSI-NB\.vscode\extensions\ms-vsc
- 7. 【Hive】Hive返回碼狀態含義
- 8. Java樹形結構遞歸(以時間換空間)和非遞歸(以空間換時間)
- 9. 數據預處理---缺失值
- 10. 都要2021年了,現代C++有什麼值得我們學習的?