config.json
{
"CN": "$HOSTNAME",
"hosts": [
"$HOSTNAME",
"PRIVATE_IP"
],
"key": {
"algo": "ecdsa",
"size": 256
},
"names": [
{
"C": "US",
"ST": "CA",
"L": "San Francisco"
}
]
}
本章涉及到的cfssl命令:
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server config.json | cfssljson -bare server
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer config.json | cfssljson -bare peer
cfssl gencert -ca=ca.crt -ca-key=ca.key -config=ca-config.json -profile=client client.json | cfssljson -bare client
clien.json
{
"CN": "client",
"key": {
"algo": "ecdsa",
"size": 256
}
}
config.yaml
config.yaml
apiVersion: kubeadm.k8s.io/v1alpha1
kind: MasterConfiguration
api:
advertiseAddress:
controlPlaneEndpoint:
etcd:
endpoints:
- https://:2379
- https://:2379
- https://:2379
caFile: /etc/kubernetes/pki/etcd/ca.crt
certFile: /etc/kubernetes/pki/etcd/client.crt
keyFile: /etc/kubernetes/pki/etcd/client.key
networking:
podSubnet:
apiServerCertSANs:
-
-
apiServerExtraArgs:
apiserver-count: "3"
内容来自:
https://coding.imooc.com/class/284.html
