CENTOS7 deploying kubernetes Cluster CA certificate creation and distribution (ii)

Source: Internet
Author: User
Tags k8s

1. Unpack the package[[email protected] ~]# cd/usr/local/src/[[email protected] src]# lsk8s-v1.10.1-manual.zip[[email  Protected] src]# unzip k8s-v1.10.1-manual.zip[[email protected] src]# CD k8s-v1.10.1-manual[[email  Protected] k8s-v1.10.1-manual]# CD k8s-v1.10.1/[[email protected] k8s-v1.10.1]# MV */usr/local/src/[[email  protected] k8s-v1.10.1]# cd/usr/local/src/[[email protected] src]# lltotal 1178908-rw-r--r--1 root root 6595195 Mar cfssl-certinfo_linux-amd64-rw-r--r--1 root root 2277873 Mar cfssljson_linux-amd64-rw-r--r--1 Root root 10376657 Mar cfssl_linux-amd64-rw-r--r--1 root root 17108856 Apr 17:35 cni-plugins-amd64-v0.7.1.tgz -rw-r--r--1 root root 10562874 Mar 01:58 etcd-v3.2.18-linux-amd64.tar.gz-rw-r--r--1 root root 9706487 Jan 02:58 fl Annel-v0.10.0-linux-amd64.tar.gzdrwxr-xr-x 3 root-root Apr 20:19 k8s-v1.10.1-manual-rw-r--r--1 root root 593725046 June 11:32 k8s-v1.10.1-manual.zip-rw-r--r--1 root root 13344537 Apr 01:51 kubernetes-client-linux-amd64.tar.gz-rw-r--r--1 root root 112427817 Apr 01:51 kubernetes-node-linux -amd64.tar.gz-rw-r--r--1 root root 428337777 Apr 01:51 kubernetes-server-linux-amd64.tar.gz-rw-r--r--1 root root 2716 855 APR 01:51 kubernetes.tar.gz [[email protected] src]# tar-zxvf kubernetes.tar.gz[[email  Protected] src]# TAR-ZXVF kubernetes-client-linux-amd64.tar.gz[[email protected] src]# TAR-ZXVF Kubernetes-node-linux-amd64.tar.gz[[email protected] src]# tar-zxvf kubernetes-server-linux-amd64.tar.gz  2, three machines set kubernetes environment variables[[email protected] ~]# vim. Bash_profile #在原有的PATH路径在后面加上即可. Path= $PATH: $HOME/bin:/opt/kubernetes/bin[[email protected] ~]# source. Bash_profile[[email protected] ~]# vim. Bash_ Profile #在原有的PATH路径在后面加上即可. Path= $PATH: $HOME/bin:/opt/kubernetes/bin[[email protected] ~]# source. Bash_profile[[email protected] ~]# vim. Bash_ Profile #在原有的PATH路径在后面加上即可. Path= $PATH: $HOME/bin:/opt/kubernetes/bin[[email protected] ~]# source. bash_profile3, installation Cfssl[Email protected] src]# chmod +x cfssl*[[email protected] src]# mv cfssl-certinfo_linux-amd64/opt/kubernetes/bin/ Cfssl-certinfo[[email protected] src]# mv Cfssljson_linux-amd64/opt/kubernetes/bin/cfssljson[[email protected] src]# MV Cfssl_linux-amd64/opt/kubernetes/bin/cfssl4, three machines free key login; Copy the Cfssl command file to Node1 and Node2[[email protected] ~]# ssh-keygen-t rsa[[email protected] ~]# ssh-copy-id linux-node1[[email protected] ~]# Ssh-copy-id L Inux-node2[[email protected] ~]# ssh-copy-id linux-node3[[email protected] src]# scp/opt/kubernetes/bin/cfssl* 192.168.43.22:/opt/kubernetes/bin[[email protected] src]# scp/opt/kubernetes/bin/cfssl* 192.168.43.23:/opt/ Kubernetes/bin5. Initialize Cfssl[[email protected] ~]# cd/usr/local/src/[[email protected] src]# mkdir ssl[[email protected] src]# CD Ssl[[email protecte D] ssl]# Pwd/usr/local/src/ssl6. Create a JSON configuration file to generate the CA file[[email protected] ssl]# vim ca-config.json{"signing": {"default": {"expiry": "8760h"}, "profiles": {"kubernetes": {" Usages ": [" Signing "," Key Encipherment "," Server Auth "," client Auth "]," expiry ":" 8760h "}}}7. Create a JSON configuration file to generate a CA certificate signing request (CSR)[[email protected] ssl]# vim ca-csr.json{"cn": "Kubernetes", "key": {"Algo": "RSA", "Size": 2048}, "names": [{"C": "cn", "ST ":" Beijing "," L ":" Beijing "," O ":" K8s "," OU ":" System "}]}8. Generate CA certificate (CA.PEM) and key (CA-KEY.PEM)[Email protected] ssl]# Cfssl GENCERT-INITCA Ca-csr.json | Cfssljson-bare Ca[[email protected] ssl]# lltotal 20-rw-r--r--1 root root 290 June 23:58 ca-config.json-rw-r--r--1 ro OT root 1001 June 00:02 ca.csr-rw-r--r--1 root root 208 June 00:00 ca-csr.json-rw-------1 root root 1679 June 11 00:0 2 ca-key.pem-rw-r--r--1 root root 1359 June 00:02 Ca.pem9. Distribution of certificates[[email protected] ssl]# cp CA.CSR CA.PEM CA-KEY.PEM ca-config.json/opt/kubernetes/ssl[[email protected] ssl]# SCP CA.CSR Ca.pem Ca-key.pem Ca-config.json 192.168.43.22:/opt/kubernetes/ssl[[email protected] ssl]# SCP CA.CSR CA.PEM CA-KEY.PEM Ca-config.json 192.168.43.23:/opt/kubernetes/ssl

CENTOS7 deploying kubernetes Cluster CA certificate creation and distribution (ii)

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.