zoukankan      html  css  js  c++  java

  • ③.cfssl 签发client 用于集群通讯

    所有组件用一个client证书找其他server证书的组件通讯
    PS: apiserver拿着client证书 用于和etcd kubelete kube-proxy的server 通讯

    [root@rstx-53 certs]# cat client-csr.json 
{
    "CN": "k8s-node",
    "hosts": [
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "ST": "beijing",
            "L": "beijing",
            "O": "od",
            "OU": "ops"
        }
    ]
}

    生成证书

    cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json  -profile=client client-csr.json |cfssl-json -bare client

    验证

    [root@rstx-53 certs]# ls client*
client.csr  client-csr.json  client-key.pem  client.pem


[root@rstx-53 certs]# cfssl-certinfo -cert client.pem
{
  "subject": {
    "common_name": "k8s-node",
    "country": "CN",
    "organization": "od",
    "organizational_unit": "ops",
    "locality": "beijing",
    "province": "beijing",
    "names": [
      "CN",
      "beijing",
      "beijing",
      "od",
      "ops",
      "k8s-node"
    ]
  },
  • 相关阅读:
    ROSBAG的使用以及TF_OLD_DATA问题
    cmake 编译安装库到指定目录
    QT 文件夹内文件查询与删除
    数组直接写入vector向量的方法与问题
    github上下载开源项目
    组件
    对象(二)
    对象(一)
    事件
    rem 、em
  • 原文地址:https://www.cnblogs.com/yangtao416/p/15019268.html
Copyright © 2011-2022 走看看