Skip to content

Instantly share code, notes, and snippets.

@kairen
Last active Nov 2, 2017
Embed
What would you like to do?
Kubernetes hard way

Kubelet certificate

下載kubelet-csr.json檔案,並產生 master node certificate 簽證:

$ wget "${PKI_URL}/kubelet-csr.json"
$ sed -i 's/$NODE/master1/g' kubelet-csr.json
$ cfssl gencert \
  -ca=ca.pem \
  -ca-key=ca-key.pem \
  -config=ca-config.json \
  -hostname=master1,172.16.35.12 \
  -profile=kubernetes \
  kubelet-csr.json | cfssljson -bare kubelet

$ ls kubelet*.pem

這邊$NODE需要隨節點名稱不同而改變。

接著透過以下指令產生名稱為 kubelet.conf 的 kubeconfig 檔:

# set-cluster
$ kubectl config set-cluster kubernetes \
    --certificate-authority=/etc/kubernetes/pki/ca.pem \
    --embed-certs=true \
    --server="https://172.16.35.12:6443" \
    --kubeconfig=../kubelet.conf

# set-credentials
$ kubectl config set-credentials system:node:master1 \
    --client-certificate=/etc/kubernetes/pki/kubelet.pem \
    --embed-certs=true \
    --client-key=/etc/kubernetes/pki/kubelet-key.pem \
    --kubeconfig=../kubelet.conf

# set-context
$ kubectl config set-context system:node:master1@kubernetes \
    --cluster=kubernetes \
    --user=system:node:master1 \
    --kubeconfig=../kubelet.conf

# set default context
$ kubectl config use-context system:node:master1@kubernetes --kubeconfig=../kubelet.conf
@kairen

This comment has been minimized.

Copy link
Owner Author

@kairen kairen commented Nov 2, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment