K8S(二)——签发证书

来自视频https://www.bilibili.com/video/BV1PJ411h7Sw?p=14

在sx7-200(Harbor)主机上

签发证书

一、安装CFSSL

wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/bin/cfssl
wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/bin/cfssl-json wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/bin/cfssl-certinfo
如果出现get: unable to resolve host address ‘pkg.cfssl.org’,由于我的sx7-200主机依赖于sx7-11解析,所以需要保证sx7-11先能够ping通百度

实在下载不下来,可以将上地址粘贴到浏览器下载后在再上传到服务器
 

chmod +x cfssl*

 二、创建生成CA证书签名请求( csr )的JSON配置文件

 

 1 mkdir /opt/certs
 2 vim /opt/certs/ca-csr.json
 3 {
 4     "CN": "xyly",
 5     "hosts": [ 
 6     ],
 7     "key": {  
 8         "algo": "rsa",
 9         "size": 2048
10     },
11     "names": [ 
12         {
13             "C": "CN",
14             "ST": "ShangHai",
15             "L": "ShangHai",
16             "O": "xy",
17             "OU": "ops"
18         }
19     ],
20     "ca": {
21         "expiry": "175200h"
22     }
23 }

三、生成证书和私钥

 

cd /opt/certs/
cfssl gencert -initca ca-csr.json | cfssl-json -bare ca

 

2020-05-15  10:21:35

posted @ 2020-05-15 10:22  跑起来啊  阅读(504)  评论(0编辑  收藏  举报