上一章:二进制部署K8s集群第2节之DNS服务初始化
部署于运维主机HDSS7-200.host.com上
一、安装cfssl证书签发工具linux
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/bin/cfssl wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/bin/cfssl-json wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/bin/cfssl-certinfo chmod +x /usr/bin/cfssl* which /usr/bin/cfssl which /usr/bin/cfssl-json which /usr/bin/cfssl-certinfo
二、建立生成CA证书签名(csr)的JSON配置文件docker
mkdir /opt/certs cat > /opt/certs/ca-csr.json <<EOF { "CN": "kubernetes", "hosts": [ ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "L": "GuangZhou", "ST": "GuangZhou", "O": "k8s", "OU": "yw" } ], "ca": { "expiry": "175200h" } } EOF
三、生成CA证书(ca.pem)和密钥(ca-key.pem)json
cd /opt/certs/ cfssl gencert -initca ca-csr.json | cfssl-json -bare ca [root@hdss7-200 certs]# ls ca.csr ca-csr.json ca-key.pem ca.pem