k8s-18-api-server更换证书

企业开发 2018-10-27 11:51:12 阅读次数: 0

1 目前证书是信任三个master ip地址在加一个

[root@k8s-master seversslbak]# cfssl-certinfo -cert server.pem 
{
  "subject": {
    "common_name": "kubernetes",
    "country": "CN",
    "organization": "k8s",
    "organizational_unit": "System",
    "locality": "BeiJing",
    "province": "BeiJing",
    "names": [
      "CN",
      "BeiJing",
      "BeiJing",
      "k8s",
      "System",
      "kubernetes"
    ]
  },
  "issuer": {
    "common_name": "kubernetes",
    "country": "CN",
    "organization": "k8s",
    "organizational_unit": "System",
    "locality": "Beijing",
    "province": "Beijing",
    "names": [
      "CN",
      "Beijing",
      "Beijing",
      "k8s",
      "System",
      "kubernetes"
    ]
  },
  "serial_number": "591829917047207358591893406474948745207699905189",
  "sans": [
    "kubernetes",
    "kubernetes.default",
    "kubernetes.default.svc",
    "kubernetes.default.svc.cluster",
    "kubernetes.default.svc.cluster.local",
    "127.0.0.1",
    "192.168.56.10",
    "192.168.56.11",
    "192.168.56.12",
    "10.10.10.1"
  ],
  "not_before": "2018-10-02T02:52:00Z",
  "not_after": "2028-09-29T02:52:00Z",
  "sigalg": "SHA256WithRSA",
  "authority_key_id": "93:D5:D3:91:42:2C:22:45:E:EE:12:82:F8:78:9C:BA:D0:5:DE:43",
  "subject_key_id": "9E:76:4C:F7:24:11:E5:86:24:1:C2:DC:2D:F5:AA:3B:F0:B3:21:A5",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIEhTCCA22gAwIBAgIUZ6qSQldvDDFbFZ0mWhR30hU2mqUwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTE4MTAwMjAyNTIwMFoXDTI4MDkyOTAyNTIwMFowZTELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxDDAK\nBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJlcm5ldGVz\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyk0D+RlWUot1909wHhxs\n8gHESHGwjW85OyfN6qMwBeZbrLy9OJGWWADvxhLd5JXga+3ZMmyp979+RzDvTaoE\nFpOAaKzQBipWJguU2kP9PO/AGKePD7+sAHK8D09A6z9T7rFqr/ymALkDgtLG9xiG\nzLhJrdmZNjvGPB3RLFHtXt6RXR6vnXJ9JpQ90b1hmXsp8tRv0YNfaGA3KhOSNB6e\nXC0oTXNS/h4G1l0ee9x0BVYlwDCwL/7lSVF0E1lAcXzU8zqy4qY2815CHcHaTtxw\nMne6jSwh6DMfIdVuZSiLumgeLIRJZntRFwd8GqMmDGjCwomH+XutasJ8OGaApDh6\nxQIDAQABo4IBKzCCAScwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF\nBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSedkz3JBHlhiQB\nwtwt9ao78LMhpTAfBgNVHSMEGDAWgBST1dORQiwiRQ7uEoL4eJy60AXeQzCBpwYD\nVR0RBIGfMIGcggprdWJlcm5ldGVzghJrdWJlcm5ldGVzLmRlZmF1bHSCFmt1YmVy\nbmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVmYXVsdC5zdmMuY2x1c3Rl\ncoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FshwR/AAABhwTA\nqDgKhwTAqDgLhwTAqDgMhwQKCgoBMA0GCSqGSIb3DQEBCwUAA4IBAQCTT5vj/DYR\niPwJ3eXd48fK6GDtwtRlfs1XlDxjVRx77OOiw3L7f3D3+fExC5Zq9TffJ7r32NRp\n+FICkkmguYCmvZ5sohiiunDdVfeKDWxYT4LlqF1YX1Ta0D6bVyRdvr9lImaty+hS\nkyH3BFVocVSn2vdtGUSy2X8LRrEXNvdcRrrLihVWlZONCrAUV2pnyU8LWHhDEZak\n5H3aIlz7Eqr4/lcXytXjk1DiTGAi67fwLy4yiRvrPnpsYlp/Ee9gudlkysO7ArIi\nNBKK42nYU1pGXqIeOarrCH1WWDGMy2JHp/okSEVlktoy2gwGi7GembAf68x5viUM\ngoV9PpKjMgvD\n-----END CERTIFICATE-----\n"
}

2.

{
    "CN": "kubernetes",
    "hosts": [
      "127.0.0.1",
      "192.168.56.10",
      "192.168.56.11",
      "192.168.56.12",
      "192.168.56.13",
      "10.10.10.1",
      "kubernetes",
      "kubernetes.default",
      "kubernetes.default.svc",
      "kubernetes.default.svc.cluster",
      "kubernetes.default.svc.cluster.local"
    ],
    "key": {
        "algo": "rsa",
        "size": 2048
    },
    "names": [
        {
            "C": "CN",
            "L": "BeiJing",
            "ST": "BeiJing",
            "O": "k8s",
            "OU": "System"
        }
    ]
}

3.基于原来的ca证书重新生成server.perm  server-key.pem

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes server-csr.json | cfssljson -bare server

cp  server.pem  server-key.pem   /opt/kubernetes/ssl/

systemctl  restart kube-apiserver

[root@k8s-master ssl]# cfssl-certinfo  -cert  server.pem 
{
  "subject": {
    "common_name": "kubernetes",
    "country": "CN",
    "organization": "k8s",
    "organizational_unit": "System",
    "locality": "BeiJing",
    "province": "BeiJing",
    "names": [
      "CN",
      "BeiJing",
      "BeiJing",
      "k8s",
      "System",
      "kubernetes"
    ]
  },
  "issuer": {
    "common_name": "kubernetes",
    "country": "CN",
    "organization": "k8s",
    "organizational_unit": "System",
    "locality": "Beijing",
    "province": "Beijing",
    "names": [
      "CN",
      "Beijing",
      "Beijing",
      "k8s",
      "System",
      "kubernetes"
    ]
  },
  "serial_number": "508184769729075093485943956732747441633339345736",
  "sans": [
    "kubernetes",
    "kubernetes.default",
    "kubernetes.default.svc",
    "kubernetes.default.svc.cluster",
    "kubernetes.default.svc.cluster.local",
    "127.0.0.1",
    "192.168.56.10",
    "192.168.56.11",
    "192.168.56.12",
    "192.168.56.13",
    "10.10.10.1"
  ],
  "not_before": "2018-10-27T03:11:00Z",
  "not_after": "2028-10-24T03:11:00Z",
  "sigalg": "SHA256WithRSA",
  "authority_key_id": "93:D5:D3:91:42:2C:22:45:E:EE:12:82:F8:78:9C:BA:D0:5:DE:43",
  "subject_key_id": "7B:6E:13:B3:7A:31:84:E5:A4:9:87:64:8C:7D:EE:1:71:C2:EE:66",
  "pem": "-----BEGIN CERTIFICATE-----\nMIIEizCCA3OgAwIBAgIUWQPLDvnjyQgDePhdAwjioWv3i0gwDQYJKoZIhvcNAQEL\nBQAwZTELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB0JlaWppbmcxEDAOBgNVBAcTB0Jl\naWppbmcxDDAKBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwpr\ndWJlcm5ldGVzMB4XDTE4MTAyNzAzMTEwMFoXDTI4MTAyNDAzMTEwMFowZTELMAkG\nA1UEBhMCQ04xEDAOBgNVBAgTB0JlaUppbmcxEDAOBgNVBAcTB0JlaUppbmcxDDAK\nBgNVBAoTA2s4czEPMA0GA1UECxMGU3lzdGVtMRMwEQYDVQQDEwprdWJlcm5ldGVz\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzCpmf7s4P25vls5mPynl\nnxbdA3c8SrW54ZVPePk2LOJIFZl5CfqNoB5O4bNSgEVo8uTTLDDMab+H9XhqD2DO\ndpNrzfQ3oJbx5olodR8rph3BDP6RKSB8Mj9T6pbgcNXYWMvLrTbJahXfWzrxG/IN\nRaqgoUmuBomGN7xLbJpmEREmMzB4Q3/Cr0YZqkOgUiwgzuOwdfObzQ/JzWuZoQNw\n374QhaIqpVaH/ZIGHgL3XKblzuv3zhtLV9Vmi0/ST6+1m+yVS6fkvdiOHG2bXYFM\ng7seGd8ZU6dUV6sxMciAChsbWWPCHcYiqGO1C6Qa6ACJhlukDFhMzPvleI9ithuT\nLQIDAQABo4IBMTCCAS0wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF\nBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBR7bhOzejGE5aQJ\nh2SMfe4BccLuZjAfBgNVHSMEGDAWgBST1dORQiwiRQ7uEoL4eJy60AXeQzCBrQYD\nVR0RBIGlMIGiggprdWJlcm5ldGVzghJrdWJlcm5ldGVzLmRlZmF1bHSCFmt1YmVy\nbmV0ZXMuZGVmYXVsdC5zdmOCHmt1YmVybmV0ZXMuZGVmYXVsdC5zdmMuY2x1c3Rl\ncoIka3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FshwR/AAABhwTA\nqDgKhwTAqDgLhwTAqDgMhwTAqDgNhwQKCgoBMA0GCSqGSIb3DQEBCwUAA4IBAQA/\n3cMaOSScJL7g8O0iHhS0TFJ6qy1/RKYcq0Sr0cLAwP4z4OzMwdO7NF0U51VyjOLU\n81b3WCh1PHl7TV47ja2lP5fIe5+WCfnSRUMo66yRjItVFOqxQUzdD3v3YxaBuKou\npNbPlk8rUMs6a+6kUiN82QZjlAJZXWIdnxm+IkFHKLS/GCk9TemqhlMogejmYgUI\njBuZL3ZnkWX2QFMW13xEEs0pR+oxPsGaXu16UsRjhewVgZNNo5lHjn8Llgs2Nubk\nKzlVDm6NfZcac+UxOrfOaaHwXb6wSXYN/wIwrcCyjuy8Hq7aDV0glCf/WmMcJiGT\nStVwi1DLBdWkQNCcmkFN\n-----END CERTIFICATE-----\n"
}
[root@k8s-master ssl]#


猜你喜欢

转载自blog.51cto.com/wsxxsl/2309663
今日推荐
openKylin 社区生态委员会第六次会议圆满召开
阿里云正式发布通义千问 2.5
Python 3.13 发布首个 Beta:实验性自由线程模式和 JIT、改进交互式解释器
Stack Overflow 拿我的代码去训练 AI 大模型,还封了我的账号
Pop!_OS 的 COSMIC 桌面完成 App Store 上架工作
报告:Django 仍然是 74% 开发者的首选
《2024 年一季度互联网投融资运行情况》研究报告
15 年前上了“FFmpeg 耻辱柱”,今天他还得谢谢咱——腾讯QQPlayer一雪前耻?
TIOBE 5 月榜单:Fortran “复活”进入 Top 10
GCC 14.1 发布
面壁智能发布 Eurux-8x22B 开源大模型 —— 堪称「理科状元」
开源日报 | 谷歌扶持鸿蒙上位;开源Rabbit R1;Docker加持的安卓手机;微软的焦虑和野心;海尔电器把开放平台关了
周排行
计算机组成与设计(七)—— 除法器
Integer Approximation(分治+枚举)
大话数据库索引
windows10系统JDK的配置及下载地址
mysql实现秒值转换中原六仔平台搭建
Codeforces Round #556 (Div. 1)
百练1064 网线主管
Codeforces 995F Cowmpany Cowmpensation
子集生成之增量构造法,位向量法,二进制法
ERROR: cmd.exe failed with args /c "/APK\gradle\rungradle.bat...
每日归档
更多
2024-05-10(38)
2024-05-09(35)
2024-05-08(42)
2024-05-07(14)
2024-05-06(40)
2024-05-05(0)
2024-05-04(7)
2024-05-03(19)
2024-05-02(0)
2024-05-01(4)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022