Peter Grace PeterGrace
Oats87
/ generate_new_kubeconfig.sh
Created
October 27, 2018 05:19
This bash script will sign an x509 certificate using the kube-ca located on any rancher node. This allows you to gain access back to your RKE-created kubernetes cluster should you lose the kube_config and cluster.yml for it, but still have SSH access to the hosts.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| echo "This will generate a new kube config for accessing your RKE-created kubernetes cluster. This script MUST be run on a Kubernetes node." | |
| echo "Please enter the IP of one of your control plane hosts, followed by [ENTER]:" | |
| read cphost | |
| openssl genrsa -out kube-admin.key 2048 | |
| openssl req -new -sha256 -key kube-admin.key -subj "/O=system:masters/CN=kube-admin" -out kube-admin.csr | |
| sudo openssl x509 -req -in kube-admin.csr -CA /etc/kubernetes/ssl/kube-ca.pem -CAcreateserial -CAkey /etc/kubernetes/ssl/kube-ca-key.pem -out kube-admin.crt -days 365 -sha256 | |
| sudo rm -f /etc/kubernetes/ssl/kube-ca.srl |