CENTOS7 deploying kubernetes Cluster CA certificate creation and distribution (ii)

Last Update:2018-06-11 Source: Internet

Author: User

Tags k8s

Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more ＞

1. Unpack the package[[email protected] ~]# cd/usr/local/src/[[email protected] src]# lsk8s-v1.10.1-manual.zip[[email Protected] src]# unzip k8s-v1.10.1-manual.zip[[email protected] src]# CD k8s-v1.10.1-manual[[email Protected] k8s-v1.10.1-manual]# CD k8s-v1.10.1/[[email protected] k8s-v1.10.1]# MV */usr/local/src/[[email protected] k8s-v1.10.1]# cd/usr/local/src/[[email protected] src]# lltotal 1178908-rw-r--r--1 root root 6595195 Mar cfssl-certinfo_linux-amd64-rw-r--r--1 root root 2277873 Mar cfssljson_linux-amd64-rw-r--r--1 Root root 10376657 Mar cfssl_linux-amd64-rw-r--r--1 root root 17108856 Apr 17:35 cni-plugins-amd64-v0.7.1.tgz -rw-r--r--1 root root 10562874 Mar 01:58 etcd-v3.2.18-linux-amd64.tar.gz-rw-r--r--1 root root 9706487 Jan 02:58 fl Annel-v0.10.0-linux-amd64.tar.gzdrwxr-xr-x 3 root-root Apr 20:19 k8s-v1.10.1-manual-rw-r--r--1 root root 593725046 June 11:32 k8s-v1.10.1-manual.zip-rw-r--r--1 root root 13344537 Apr 01:51 kubernetes-client-linux-amd64.tar.gz-rw-r--r--1 root root 112427817 Apr 01:51 kubernetes-node-linux -amd64.tar.gz-rw-r--r--1 root root 428337777 Apr 01:51 kubernetes-server-linux-amd64.tar.gz-rw-r--r--1 root root 2716 855 APR 01:51 kubernetes.tar.gz [[email protected] src]# tar-zxvf kubernetes.tar.gz[[email Protected] src]# TAR-ZXVF kubernetes-client-linux-amd64.tar.gz[[email protected] src]# TAR-ZXVF Kubernetes-node-linux-amd64.tar.gz[[email protected] src]# tar-zxvf kubernetes-server-linux-amd64.tar.gz 2, three machines set kubernetes environment variables[[email protected] ~]# vim. Bash_profile #在原有的PATH路径在后面加上即可. Path= $PATH: $HOME/bin:/opt/kubernetes/bin[[email protected] ~]# source. Bash_profile[[email protected] ~]# vim. Bash_ Profile #在原有的PATH路径在后面加上即可. Path= $PATH: $HOME/bin:/opt/kubernetes/bin[[email protected] ~]# source. Bash_profile[[email protected] ~]# vim. Bash_ Profile #在原有的PATH路径在后面加上即可. Path= $PATH: $HOME/bin:/opt/kubernetes/bin[[email protected] ~]# source. bash_profile3, installation Cfssl[Email protected] src]# chmod +x cfssl*[[email protected] src]# mv cfssl-certinfo_linux-amd64/opt/kubernetes/bin/ Cfssl-certinfo[[email protected] src]# mv Cfssljson_linux-amd64/opt/kubernetes/bin/cfssljson[[email protected] src]# MV Cfssl_linux-amd64/opt/kubernetes/bin/cfssl4, three machines free key login; Copy the Cfssl command file to Node1 and Node2[[email protected] ~]# ssh-keygen-t rsa[[email protected] ~]# ssh-copy-id linux-node1[[email protected] ~]# Ssh-copy-id L Inux-node2[[email protected] ~]# ssh-copy-id linux-node3[[email protected] src]# scp/opt/kubernetes/bin/cfssl* 192.168.43.22:/opt/kubernetes/bin[[email protected] src]# scp/opt/kubernetes/bin/cfssl* 192.168.43.23:/opt/ Kubernetes/bin5. Initialize Cfssl[[email protected] ~]# cd/usr/local/src/[[email protected] src]# mkdir ssl[[email protected] src]# CD Ssl[[email protecte D] ssl]# Pwd/usr/local/src/ssl6. Create a JSON configuration file to generate the CA file[[email protected] ssl]# vim ca-config.json{"signing": {"default": {"expiry": "8760h"}, "profiles": {"kubernetes": {" Usages ": [" Signing "," Key Encipherment "," Server Auth "," client Auth "]," expiry ":" 8760h "}}}7. Create a JSON configuration file to generate a CA certificate signing request (CSR)[[email protected] ssl]# vim ca-csr.json{"cn": "Kubernetes", "key": {"Algo": "RSA", "Size": 2048}, "names": [{"C": "cn", "ST ":" Beijing "," L ":" Beijing "," O ":" K8s "," OU ":" System "}]}8. Generate CA certificate (CA.PEM) and key (CA-KEY.PEM)[Email protected] ssl]# Cfssl GENCERT-INITCA Ca-csr.json | Cfssljson-bare Ca[[email protected] ssl]# lltotal 20-rw-r--r--1 root root 290 June 23:58 ca-config.json-rw-r--r--1 ro OT root 1001 June 00:02 ca.csr-rw-r--r--1 root root 208 June 00:00 ca-csr.json-rw-------1 root root 1679 June 11 00:0 2 ca-key.pem-rw-r--r--1 root root 1359 June 00:02 Ca.pem9. Distribution of certificates[[email protected] ssl]# cp CA.CSR CA.PEM CA-KEY.PEM ca-config.json/opt/kubernetes/ssl[[email protected] ssl]# SCP CA.CSR Ca.pem Ca-key.pem Ca-config.json 192.168.43.22:/opt/kubernetes/ssl[[email protected] ssl]# SCP CA.CSR CA.PEM CA-KEY.PEM Ca-config.json 192.168.43.23:/opt/kubernetes/ssl

CENTOS7 deploying kubernetes Cluster CA certificate creation and distribution (ii)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

Sales Support

1 on 1 presale consultation

Chat Contact Sales
After-Sales Support

24/7 Technical Support 6 Free Tickets per Quarter Faster Response

Open a Ticket
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

Learn More