Generate certificates by calling the script generate-tiller-certs.sh. This will provide a CA, server certs for tiller and client certs for helm / weave flux.
Next deploy Helm with TLS and RBAC enabled;
kubectl apply -f helm-rbac.yaml
Thomas Kooi thojkooi
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #cloud-config | |
| package_update: false | |
| package_upgrade: false | |
| chpasswd: | |
| expire: false | |
| users: | |
| - {name: demo, password: letmein, type: text} | |
| ssh_pwauth: true | |
| users: |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| apiVersion: v1 | |
| kind: Namespace | |
| metadata: | |
| name: echoserver | |
| --- | |
| apiVersion: apps/v1 | |
| kind: Deployment | |
| metadata: | |
| name: echoserver | |
| namespace: echoserver |
thojkooi
/ generate-etcd-certs.sh
Created
June 23, 2018 15:48
Generate etcd certificates for kubeadm
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # First generate the config file | |
| cat >ca-config.json <<EOF | |
| { | |
| "signing": { | |
| "default": { | |
| "expiry": "43800h" | |
| }, | |
| "profiles": { |
I hereby claim:
- I am thojkooi on github.
- I am thojkooi (https://keybase.io/thojkooi) on keybase.
- I have a public key ASBo--Wc5dJLpb5SmLl7bBvIQs6-zWiu0aMq9AN7GqnPiAo
To claim this, I am signing this object: