Created
January 27, 2024 09:09
-
-
Save meysam81/3529b536418bc41227907ce608e3c4ec to your computer and use it in GitHub Desktop.
Kubernetes API server certificate generation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- name: Generate API Server private key | |
community.crypto.openssl_privatekey: | |
path: /etc/kubernetes/pki/kube-apiserver.key | |
type: RSA | |
- name: Generate API Server CSR | |
community.crypto.openssl_csr: | |
basicConstraints_critical: true | |
basic_constraints: | |
- CA:FALSE | |
common_name: kube-apiserver | |
extKeyUsage_critical: false | |
extended_key_usage: | |
- clientAuth | |
- serverAuth | |
keyUsage: | |
- keyEncipherment | |
- dataEncipherment | |
keyUsage_critical: true | |
path: /etc/kubernetes/pki/kube-apiserver.csr | |
privatekey_path: /etc/kubernetes/pki/kube-apiserver.key | |
subject: | |
O: system:masters | |
OU: Kubernetes The Hard Way | |
subject_alt_name: | |
- IP:127.0.0.1 | |
- IP:{{ apiserver_ip }} | |
- DNS:localhost | |
- DNS:{{ inventory_hostname }} | |
- DNS:kubernetes | |
- DNS:kubernetes.default | |
- DNS:kubernetes.default.svc | |
- DNS:kubernetes.default.svc.cluster | |
- DNS:kubernetes.default.svc.cluster.local | |
- name: Create API Server TLS certificate using CA key and cert | |
community.crypto.x509_certificate: | |
path: /etc/kubernetes/pki/kube-apiserver.crt | |
csr_path: /etc/kubernetes/pki/kube-apiserver.csr | |
privatekey_path: /etc/kubernetes/pki/kube-apiserver.key | |
ownca_path: /vagrant/share/ca.crt | |
ownca_privatekey_path: /vagrant/share/ca.key | |
ownca_not_after: +365d | |
provider: ownca |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment