According to Chart, our apiserver deployed on hdss7-21 and hdss7-22:
First, the application certificate and copied to hdss7-200 21 and 22:
Create a certificate file:
# Cd / etc / certain # vi client-csr.json
{ "CN": "k8s-node", "hosts": [ ], "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "beijing", "L": "beijing", "O": "od", "OU": "ops" } ] }
Application for a certificate:
# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client client-csr.json |cfssl-json -bare client