K8S(二)——签发证书
来自视频https://www.bilibili.com/video/BV1PJ411h7Sw?p=14
在sx7-200(Harbor)主机上
签发证书
一、安装CFSSL
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/bin/cfssl
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/bin/cfssl-json wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/bin/cfssl-certinfo
如果出现get: unable to resolve host address ‘pkg.cfssl.org’,由于我的sx7-200主机依赖于sx7-11解析,所以需要保证sx7-11先能够ping通百度
实在下载不下来,可以将上地址粘贴到浏览器下载后在再上传到服务器
chmod +x cfssl*
二、创建生成CA证书签名请求( csr )的JSON配置文件
1 mkdir /opt/certs
2 vim /opt/certs/ca-csr.json
3 {
4 "CN": "xyly",
5 "hosts": [
6 ],
7 "key": {
8 "algo": "rsa",
9 "size": 2048
10 },
11 "names": [
12 {
13 "C": "CN",
14 "ST": "ShangHai",
15 "L": "ShangHai",
16 "O": "xy",
17 "OU": "ops"
18 }
19 ],
20 "ca": {
21 "expiry": "175200h"
22 }
23 }
三、生成证书和私钥
cd /opt/certs/
cfssl gencert -initca ca-csr.json | cfssl-json -bare ca
2020-05-15 10:21:35