K8S Certificates: Difference between revisions
Jump to navigation
Jump to search
Created page with "<syntaxhilight> for instance in us-wrk-01 us-wrk-02 us-wrk-03 us-wrk-04; do cat > ${instance}-csr.json <<EOF { "CN": "system:node:${instance}", "key": { "algo": "rsa",..." |
No edit summary |
||
| Line 1: | Line 1: | ||
<syntaxhilight> | <syntaxhilight> | ||
for instance in us-wrk-01 us-wrk-02 us-wrk-03 us-wrk-04; do | for instance in us-wrk-01 us-wrk-02 us-wrk-03 us-wrk-04; do | ||
cat > ${instance}-csr.json <<EOF | cat > ${instance}-csr.json <<EOF | ||
| Line 21: | Line 22: | ||
EXTERNAL_IP=$(dig +short ${instance}.node.8bitwizard.net) | EXTERNAL_IP=$(dig +short ${instance}.node.8bitwizard.net) | ||
INTERNAL_IP=${instance}.node.8bitwizard.net | INTERNAL_IP=${instance}.node.8bitwizard.net | ||
Revision as of 08:08, 22 May 2020
<syntaxhilight>
for instance in us-wrk-01 us-wrk-02 us-wrk-03 us-wrk-04; do cat > ${instance}-csr.json <<EOF {
"CN": "system:node:${instance}",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Nashville",
"O": "system:nodes",
"OU": "8 Bit Kubernetes",
"ST": "Tennessee"
}
]
} EOF
EXTERNAL_IP=$(dig +short ${instance}.node.8bitwizard.net) INTERNAL_IP=${instance}.node.8bitwizard.net
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-hostname=${instance},${INTERNAL_IP},${EXTERNAL_IP} \
-profile=kubernetes \
${instance}-csr.json | cfssljson -bare ${instance}
done </syntaxhilight>