K8S Certificates
for instance in us-wrk-01 us-wrk-02 us-wrk-03 us-wrk-04; do
cat > ${instance}-csr.json <<EOF
{
"CN": "system:node:${instance}",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Nashville",
"O": "system:nodes",
"OU": "8 Bit Kubernetes",
"ST": "Tennessee"
}
]
}
EOF
EXTERNAL_IP=$(dig +short ${instance}.node.8bitwizard.net)
INTERNAL_IP=${instance}.node.8bitwizard.net
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-hostname=${instance},${INTERNAL_IP},${EXTERNAL_IP} \
-profile=kubernetes \
${instance}-csr.json | cfssljson -bare ${instance}
done
Foo
KUBERNETES_PUBLIC_ADDRESS=10.1.10.6
KUBERNETES_HOSTNAMES=us-ctrl-01,us-ctrl-01.nodes.8bitwizard.net,us-ctrl-02,us-ctrl-02.nodes.8bitwizard.net,us-k8s.svc.8bitwizard.net,kubernetes,kubernetes.default,kubernetes.default.svc,kubernetes.default.svc.cluster,kubernetes.svc.cluster.local
cat > kubernetes-csr.json <<EOF
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Nashville",
"O": "Kubernetes",
"OU": "8 Bit Kubernetes",
"ST": "Tennessee"
}
]
}
EOF
cfssl gencert \
-ca=ca.pem \
-ca-key=ca-key.pem \
-config=ca-config.json \
-hostname=10.1.42.1,10.1.20.13,10.1.20.14,${KUBERNETES_PUBLIC_ADDRESS},127.0.0.1,${KUBERNETES_HOSTNAMES} \
-profile=kubernetes \
kubernetes-csr.json | cfssljson -bare kubernetes