github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 20:24:09 +00:00
Code Issues Projects Releases Wiki Activity

Fix Jenkins GCE e2e failure and other errors in APPENDIX easyrsa section

Browse Source 
Modifications are as following(`APPENDIX` -> `**easyrsa**`):

1, fix Jenkins GCE e2e failure, mainly for markdown errors;
2, change `"${MASTER_IP}"`  to `"IP:${MASTER_IP}"` to keep align with `make-ca-cert.sh`
3, change `/pki/` to `pki/` for the generated certs/key
4, other tiny improvements

Please check, thanks.
This commit is contained in:
qiaolei 2015-08-29 11:27:26 +08:00
parent c17977b6dd
commit 29625a9ffe
1 changed files with 12 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
docs/admin/authentication.md
View File

@ -120,17 +120,20 @@ into apiserver start parameters.
**easyrsa** can be used to manually generate certificates for your cluster. **easyrsa** can be used to manually generate certificates for your cluster.
1. Download, unpack, and initialize the patched version of easyrsa3. 1. Download, unpack, and initialize the patched version of easyrsa3.
`curl -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz`
`tar xzf easy-rsa.tar.gz` curl -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz
`cd easy-rsa-master/easyrsa3` tar xzf easy-rsa.tar.gz
`./easyrsa init-pki` cd easy-rsa-master/easyrsa3
1. Generate a CA. (--batch set automatic mode. --req-cn default CN to use.) ./easyrsa init-pki
``./easyrsa --batch "--req-cn=${MASTER_IP}@`date +%s`" build-ca nopass`` 1. Generate a CA. (`--batch` set automatic mode. `--req-cn` default CN to use.)
./easyrsa --batch "--req-cn=${MASTER_IP}@`date +%s`" build-ca nopass
1. Generate server certificate and key. 1. Generate server certificate and key.
(build-server-full [filename]: Generate a keypair and sign locally for a client or server) (build-server-full [filename]: Generate a keypair and sign locally for a client or server)
`./easyrsa --subject-alt-name="${MASTER_IP}" build-server-full kubernetes-master nopass`
1. Copy /pki/ca.crt /pki/issued/kubernetes-master.crt ./easyrsa --subject-alt-name="IP:${MASTER_IP}" build-server-full kubernetes-master nopass
/pki/private/kubernetes-master.key to your directory. 1. Copy `pki/ca.crt` `pki/issued/kubernetes-master.crt`
`pki/private/kubernetes-master.key` to your directory.
1. Remember fill the parameters 1. Remember fill the parameters
`--client-ca-file=/yourdirectory/ca.crt` `--client-ca-file=/yourdirectory/ca.crt`
`--tls-cert-file=/yourdirectory/server.cert` `--tls-cert-file=/yourdirectory/server.cert`