ノード3
192.168.52.6マスター
192.168.52.7ノード1
192.168.52.8ノード2
の/ etc / SSL / K8S
opensslのgenrsa -out ca.key 3072
証明書Baiduのネットワークディスクを発行するために必要な解凍ファイルが提供さhttps://pan.baidu.com/s/1K_A6T8SwuinzQiOosCV6QA
OpenSSL REQ -x509 -new -key ca.key -days 10950アウトca.pem -subj "/ CN = kubernetes / OU =システム/ C = CN / ST =上海/ L =上海/ O = K8S" -config CA .cnfの-extensions v3_req
opensslのgenrsa -out apiserver.key 3072
OpenSSLのREQ -new -key apiserver.keyアウトapiserver.csr -subj "/ CN = kubernetes / OU =システム/ C = CN / ST =上海/ L =上海/ O = K8S" -config API-server.cnf
opensslのX509 -req -in apiserver.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out apiserver.pem -days 10950 -extfile API-server.cnf -extensions v3_req
opensslのX509 -noout -text -in apiserver.pem
kubelet証明書が発行され
の/ etc / SSL / K8S
FN = 52-6
opensslのgenrsa -out kubelet- $ fn.key 3072
opensslのREQ -new -key kubelet- $ fn.key -out kubelet- $ fn.csr -subj "/ CN =管理者/ OU =システム/ C = CN / ST =上海/ L =上海/ O =システム:巨匠" -config client.cnf
opensslのX509 -req -in kubelet- $ fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kubelet- $ fn.pem -days 10950 -extfile client.cnf -extensions v3_req
FN = 52-7
opensslのgenrsa -out kubelet- $ fn.key 3072
opensslのREQ -new -key kubelet- $ fn.key -out kubelet- $ fn.csr -subj "/ CN =管理者/ OU =システム/ C = CN / ST =上海/ L =上海/ O =システム:巨匠" -config client.cnf
opensslのX509 -req -in kubelet- $ fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kubelet- $ fn.pem -days 10950 -extfile client.cnf -extensions v3_req
FN = 52-8
opensslのgenrsa -out kubelet- $ fn.key 3072
opensslのREQ -new -key kubelet- $ fn.key -out kubelet- $ fn.csr -subj "/ CN =管理者/ OU =システム/ C = CN / ST =上海/ L =上海/ O =システム:巨匠" -config client.cnf
opensslのX509 -req -in kubelet- $ fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out kubelet- $ fn.pem -days 10950 -extfile client.cnf -extensions v3_req
KUBE-プロキシ証明書が発行され
の/ etc / SSL / K8S
FN = 52-6
opensslのgenrsa -out KUBE-proxy- $ fn.key 3072
OpenSSLが-new -key KUBE-proxy- $ fn.keyアウトKUBE-proxy- $ fn.csr -subj「/ CN =システムREQ:KUBE-プロキシ/ OU =システム/ C = CN / ST =上海/ L =上海/ O = K8S」-config client.cnf
opensslのX509 -req -in KUBE-proxy- $ fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out KUBE-proxy- $ fn.pem -days 10950 -extfile client.cnf -extensions v3_req
FN = 52-7
opensslのgenrsa -out KUBE-proxy- $ fn.key 3072
OpenSSLが-new -key KUBE-proxy- $ fn.keyアウトKUBE-proxy- $ fn.csr -subj「/ CN =システムREQ:KUBE-プロキシ/ OU =システム/ C = CN / ST =上海/ L =上海/ O = K8S」-config client.cnf
opensslのX509 -req -in KUBE-proxy- $ fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out KUBE-proxy- $ fn.pem -days 10950 -extfile client.cnf -extensions v3_req
FN = 52-8
opensslのgenrsa -out KUBE-proxy- $ fn.key 3072
OpenSSLが-new -key KUBE-proxy- $ fn.keyアウトKUBE-proxy- $ fn.csr -subj「/ CN =システムREQ:KUBE-プロキシ/ OU =システム/ C = CN / ST =上海/ L =上海/ O = K8S」-config client.cnf
opensslのX509 -req -in KUBE-proxy- $ fn.csr -CA ca.pem -CAkey ca.key -CAcreateserial -out KUBE-proxy- $ fn.pem -days 10950 -extfile client.cnf -extensions v3_req