Skip to content

Commit 635982c

Browse files
iKubernetesiKubernetes
committedOct 25, 2018
v0.7.0
1 parent ca1a044 commit 635982c

File tree

2 files changed

+19
-22
lines changed

2 files changed

+19
-22
lines changed
 

‎etcd-certs-gen.sh

+5-15
Original file line numberDiff line numberDiff line change
@@ -66,32 +66,22 @@ fi
6666
openssl_req $CERT_DIR peer "/CN=etcd"
6767
openssl_req $CERT_DIR server "/CN=etcd"
6868
openssl_req $CERT_DIR apiserver-etcd-client "/CN=etcd"
69+
openssl_req $CERT_DIR client "/CN=etcd"
6970

7071
openssl_sign $CERT_DIR/ca.crt $CERT_DIR/ca.key $CERT_DIR peer etcd_peer_cert
7172
openssl_sign $CERT_DIR/ca.crt $CERT_DIR/ca.key $CERT_DIR server etcd_server_cert
7273
openssl_sign $CERT_DIR/ca.crt $CERT_DIR/ca.key $CERT_DIR apiserver-etcd-client client_cert
73-
74-
cat $CERT_DIR/ca.crt > $CERT_DIR/ca_bundle.pem
74+
openssl_sign $CERT_DIR/ca.crt $CERT_DIR/ca.key $CERT_DIR client client_cert
7575

7676
# Add debug information to directories
77-
for CERT in $CERT_DIR/*.crt; do
78-
openssl x509 -in $CERT -noout -text > "${CERT%.crt}.txt"
79-
done
77+
#for CERT in $CERT_DIR/*.crt; do
78+
# openssl x509 -in $CERT -noout -text > "${CERT%.crt}.txt"
79+
#done
8080

8181
ETCD_PATCHES=$DIR/patches
8282
mkdir -p $ETCD_PATCHES
8383

8484
# kubectl apply
85-
cat > $ETCD_PATCHES/etcd-ca.patch << EOF
86-
apiVersion: v1
87-
kind: Secret
88-
metadata:
89-
name: kube-apiserver
90-
namespace: kube-system
91-
data:
92-
etcd-client-ca.crt: $( openssl base64 -A -in ${ETCD}/ca_bundle.pem )
93-
EOF
94-
9585
cat > $ETCD_PATCHES/etcd-client-cert.patch << EOF
9686
apiVersion: v1
9787
kind: Secret

‎k8s-certs-gen.sh

+14-7
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,7 @@
11
#!/bin/bash -e
22

3+
ETCD_CERTS_DIR="etcd"
4+
35
function usage() {
46
>&2 cat << EOF
57
Usage: ./k8s-certs-gen.sh
@@ -129,20 +131,25 @@ for master in $MASTERS; do
129131
openssl_sign $CA_CERT $CA_KEY "${master_dir}/pki" apiserver-kubelet-client client_cert
130132
rm -f ${master_dir}/pki/*.csr
131133

132-
echo "Copy CA key and cert file to ${master_dir}"
134+
# Copy CA key and cert file to ${master_dir}
133135
cp $CA_CERT $CA_KEY ${master_dir}/pki/
134136

135-
echo "Copy front-proxy CA key and cert file to ${master_dir}"
137+
# Copy front-proxy CA key and cert file to ${master_dir}
136138
cp $front_proxy_dir/front-proxy* ${master_dir}/pki/
137139

138-
echo "Generating the ServiceAccount key for apiserver"
140+
# echo "Generating the ServiceAccount key for apiserver"
139141
openssl ecparam -name secp521r1 -genkey -noout -out ${master_dir}/pki/sa.key
140142
openssl ec -in ${master_dir}/pki/sa.key -outform PEM -pubout -out ${master_dir}/pki/sa.pub
141143

142-
echo "Copy token file"
144+
# echo "Copy token file"
143145
cp /tmp/token.csv ${master_dir}/
146+
147+
if [ -d "$ETCD_CERTS_DIR" ]; then
148+
# echo "Copy etcd client key and certs"
149+
cp $ETCD_CERTS_DIR/pki/apiserver-etcd-client.{key,crt} ${master_dir}/pki/
150+
fi
144151

145-
echo "Generating kubeconfig for kube-controller-manager"
152+
# echo "Generating kubeconfig for kube-controller-manager"
146153
cat > ${master_dir}/auth/controller-manager.conf << EOF
147154
apiVersion: v1
148155
kind: Config
@@ -164,7 +171,7 @@ contexts:
164171
current-context: system:kube-controller-manager@${CLUSTER_NAME}
165172
EOF
166173

167-
echo "Generating kubeconfig for kube-scheduler"
174+
# echo "Generating kubeconfig for kube-scheduler"
168175
cat > ${master_dir}/auth/scheduler.conf << EOF
169176
apiVersion: v1
170177
kind: Config
@@ -186,7 +193,7 @@ contexts:
186193
current-context: system:kube-scheduler@${CLUSTER_NAME}
187194
EOF
188195

189-
echo "Generating kubeconfig for Cluster Admin"
196+
# echo "Generating kubeconfig for Cluster Admin"
190197
cat > ${master_dir}/auth/admin.conf << EOF
191198
apiVersion: v1
192199
kind: Config

0 commit comments

Comments
 (0)
Please sign in to comment.