Created
June 23, 2018 15:48
-
-
Save thojkooi/20f1bbe5ea06f7a42ce277379a73847f to your computer and use it in GitHub Desktop.
Generate etcd certificates for kubeadm
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # First generate the config file | |
| cat >ca-config.json <<EOF | |
| { | |
| "signing": { | |
| "default": { | |
| "expiry": "43800h" | |
| }, | |
| "profiles": { | |
| "server": { | |
| "expiry": "43800h", | |
| "usages": [ | |
| "signing", | |
| "key encipherment", | |
| "server auth", | |
| "client auth" | |
| ] | |
| }, | |
| "client": { | |
| "expiry": "43800h", | |
| "usages": [ | |
| "signing", | |
| "key encipherment", | |
| "client auth" | |
| ] | |
| }, | |
| "peer": { | |
| "expiry": "43800h", | |
| "usages": [ | |
| "signing", | |
| "key encipherment", | |
| "server auth", | |
| "client auth" | |
| ] | |
| } | |
| } | |
| } | |
| } | |
| EOF | |
| # Next the CSR config | |
| cat >ca-csr.json <<EOF | |
| { | |
| "CN": "etcd", | |
| "key": { | |
| "algo": "rsa", | |
| "size": 2048 | |
| } | |
| } | |
| EOF | |
| cfssl gencert -initca ca-csr.json | cfssljson -bare ca - | |
| # Generate etcd client certificates | |
| cat >client.json <<EOF | |
| { | |
| "CN": "client", | |
| "key": { | |
| "algo": "ecdsa", | |
| "size": 256 | |
| } | |
| } | |
| EOF | |
| cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client client.json | cfssljson -bare client |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment