zoukankan      html  css  js  c++  java
  • k8s集群———etcd-ssl自签名证书

    etcd集群master节点安装
    1,自签名SSL证书
    ##安装工具cfssl
    $ cat cfssl.sh 
    curl -L https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -o /usr/local/bin/cfssl
    curl -L https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -o /usr/local/bin/cfssljson
    curl -L https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -o /usr/local/bin/cfssl-certinfo
    chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson /usr/local/bin/cfssl-certinfo
    
    ##自签名证书脚本详解
    root@k8s-master: ~/k8s/etcd-cert 16:56:21
    $ cat etcd-cert.sh
    #ca办法证书机构
    cat > ca-config.json <<EOF
    {
      "signing": {
        "default": {
          "expiry": "87600h"  #证书过期时间h单位
        },
        "profiles": {
          "www": {
             "expiry": "87600h",
             "usages": [
                "signing",
                "key encipherment",
                "server auth",
                "client auth"
            ]
          }
        }
      }
    }
    EOF
    #ca机构请求
    cat > ca-csr.json <<EOF
    {
        "CN": "etcd CA",
        "key": {
            "algo": "rsa",
            "size": 2048
        },
        "names": [
            {
                "C": "CN",
                "L": "Beijing",
                "ST": "Beijing"
            }
        ]
    }
    EOF
    #生成证书:读取上边两个文件生成证书
    cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
    
    #-----------------------
    #etcd域名证书,需要把etcd节点ip都写进去,多写点备份用
    cat > server-csr.json <<EOF
    {
        "CN": "etcd",
        "hosts": [
        "192.168.1.63",
        "192.168.1.65",
        "192.168.1.66"
        ],
        "key": {
            "algo": "rsa",
            "size": 2048
        },
        "names": [
            {
                "C": "CN",
                "L": "BeiJing",
                "ST": "BeiJing"
            }
        ]
    }
    EOF
    
    cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=www server-csr.json | cfssljson -bare server
  • 相关阅读:
    html之colspan && rowspan讲解
    html之cellspacing && cellpadding讲解
    JavaScript之setcookie()讲解
    Tomcat漏洞说明与安全加固
    ActionScript基本语法讲解
    2014年03月09日攻击百度贴吧的XSS蠕虫源码
    Samy XSS Worm之源码讲解
    新浪微博之XSS蠕虫脚本源码讲解
    JavaScript之match()方法讲解
    JavaScript之substring()方法讲解
  • 原文地址:https://www.cnblogs.com/Carr/p/10553471.html
Copyright © 2011-2022 走看看