github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Make server certs accessible to apiserver user.

pull/6/head
Eric Tune 2014-11-13 13:02:48 -08:00
parent e9aadcaf44
commit 19ec2234f9
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
cluster/saltbase/salt/generate-cert/make-ca-cert.sh
View File

@ -20,6 +20,7 @@ set -o pipefail
cert_ip=$1 cert_ip=$1
cert_dir=/srv/kubernetes cert_dir=/srv/kubernetes
cert_file_owner=apiserver.apiserver
mkdir -p "$cert_dir" mkdir -p "$cert_dir"
@ -61,3 +62,5 @@ cp -p pki/private/kubernetes-master.key "${cert_dir}/server.key" > /dev/null 2>&
cp -p pki/ca.crt "${cert_dir}/ca.crt" cp -p pki/ca.crt "${cert_dir}/ca.crt"
cp -p pki/issued/kubecfg.crt "${cert_dir}/kubecfg.crt" cp -p pki/issued/kubecfg.crt "${cert_dir}/kubecfg.crt"
cp -p pki/private/kubecfg.key "${cert_dir}/kubecfg.key" cp -p pki/private/kubecfg.key "${cert_dir}/kubecfg.key"
# Make server certs accessible to apiserver.
chown $cert_file_owner "${cert_dir}/server.key" "${cert_dir}/server.cert" "${cert_dir}/ca.cert"

2
cluster/saltbase/salt/generate-cert/make-cert.sh
View File

@ -15,7 +15,9 @@
# limitations under the License. # limitations under the License.
cert_dir=/srv/kubernetes cert_dir=/srv/kubernetes
cert_file_owner=apiserver.apiserver
openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \ openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
-subj "/CN=kubernetes.invalid/O=Kubernetes" \ -subj "/CN=kubernetes.invalid/O=Kubernetes" \
-keyout "${cert_dir}/server.key" -out "${cert_dir}/server.cert" -keyout "${cert_dir}/server.key" -out "${cert_dir}/server.cert"
chown $cert_file_owner "${cert_dir}/server.key" "${cert_dir}/server.cert"