In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-04-03 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >
Share
Shulou(Shulou.com)06/02 Report--
Kubernetes supports three types of Base authentication / Token authentication / CA authentication. This article is used to record the simplest level of commands required for CA authentication.
Kubernetes composition
The test version is 1.10, but it is not limited to this version, which is a more general way for openssl certificates.
Required certificate
The required certificate-related documents are described as follows:
CA certificate
CA certificate private key
Command: openssl genrsa-out ca.key 2048
[root@host121 k8scert] # openssl genrsa-out ca.key 2048Generating RSA private key, 2048 bit long modulus...+++.+++e is 65537 (0x10001) [root@host121 k8scert] #
CA certificate
Command: openssl genrsa-out ca.key 2048
[root@host121 k8scert] # openssl req-x509-new-nodes-key ca.key-subj "/ CN=host121"-days 5000-out ca.crt [root@host121 k8scert] # lsarchive ca.crt ca.key [root@host121 k8scert] #
Certificate for XXX
The required certificates such as apiserver/ControllerManager/kublet can be created in the following ways
Certificate private key
Command: openssl genrsa-out server.key 2048
[root@host121 k8scert] # openssl genrsa-out server.key 2048Generating RSA private key 2048 bit long modulus..+++....+++e is 65537 (0x10001) [root@host121 k8scert] #
Certificate signing request file
Command: openssl req-new-key server.key-subj "/ CN=host121"-out server.csr
[root@host121 k8scert] # openssl req-new-key server.key-subj "/ CN=host121"-out server.csr [root@host121 k8scert] #
The information of subject set in subj is the user's own data. Generally, CN is set to domain name / machine name / or IP name. For example, kubelet is the IP of the node in which it resides.
Certificat
Command: openssl x509-req-in server.csr-CA ca.crt-CAkey ca.key-CAcreateserial-out server.crt-days 5000
[root@host121 k8scert] # openssl x509-req-in server.csr-CA ca.crt-CAkey ca.key-CAcreateserial-out server.crt-days 5000Signature oksubject=/CN=host121Getting CA Private Key [root@host121 k8scert] #
Summary
The above is the whole content of this article. I hope the content of this article has a certain reference and learning value for everyone's study or work. Thank you for your support. If you want to know more about it, please see the relevant links below.
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.