Shulou(Shulou.com)06/02 Report--

Kubernetes supports three types of Base authentication / Token authentication / CA authentication. This article is used to record the simplest level of commands required for CA authentication.

Kubernetes composition

The test version is 1.10, but it is not limited to this version, which is a more general way for openssl certificates.

Required certificate

The required certificate-related documents are described as follows:

CA certificate

CA certificate private key

Command: openssl genrsa-out ca.key 2048

[root@host121 k8scert] # openssl genrsa-out ca.key 2048Generating RSA private key, 2048 bit long modulus...+++.+++e is 65537 (0x10001) [root@host121 k8scert] #

CA certificate

Command: openssl genrsa-out ca.key 2048

[root@host121 k8scert] # openssl req-x509-new-nodes-key ca.key-subj "/ CN=host121"-days 5000-out ca.crt [root@host121 k8scert] # lsarchive ca.crt ca.key [root@host121 k8scert] #

Certificate for XXX

The required certificates such as apiserver/ControllerManager/kublet can be created in the following ways

Certificate private key

Command: openssl genrsa-out server.key 2048

[root@host121 k8scert] # openssl genrsa-out server.key 2048Generating RSA private key 2048 bit long modulus..+++....+++e is 65537 (0x10001) [root@host121 k8scert] #

Certificate signing request file

Command: openssl req-new-key server.key-subj "/ CN=host121"-out server.csr

[root@host121 k8scert] # openssl req-new-key server.key-subj "/ CN=host121"-out server.csr [root@host121 k8scert] #

The information of subject set in subj is the user's own data. Generally, CN is set to domain name / machine name / or IP name. For example, kubelet is the IP of the node in which it resides.

Certificat

Command: openssl x509-req-in server.csr-CA ca.crt-CAkey ca.key-CAcreateserial-out server.crt-days 5000

[root@host121 k8scert] # openssl x509-req-in server.csr-CA ca.crt-CAkey ca.key-CAcreateserial-out server.crt-days 5000Signature oksubject=/CN=host121Getting CA Private Key [root@host121 k8scert] #

Summary

The above is the whole content of this article. I hope the content of this article has a certain reference and learning value for everyone's study or work. Thank you for your support. If you want to know more about it, please see the relevant links below.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.