30 lines
1.4 KiB
Bash
Executable file
30 lines
1.4 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
HOME=$( cd "$(dirname "$0")" && pwd )
|
|
source $HOME/../config
|
|
|
|
cat <<EOF | tee $CA_DIR/admin-openssl.cnf
|
|
[req]
|
|
distinguished_name = req_distinguished_name
|
|
|
|
[req_distinguished_name]
|
|
|
|
[ v3_req_client ]
|
|
basicConstraints = CA:FALSE
|
|
keyUsage = critical, digitalSignature, keyEncipherment
|
|
extendedKeyUsage = clientAuth
|
|
EOF
|
|
|
|
#generate admin cert
|
|
openssl ecparam -name secp521r1 -genkey -noout -out ${CA_DIR}/admin.key
|
|
chmod 0600 ${CA_DIR}/admin.key
|
|
openssl req -new -key ${CA_DIR}/admin.key -subj "/CN=kubernetes-admin/O=system:masters" -out ${CA_DIR}/admin.csr
|
|
openssl x509 -req -in ${CA_DIR}/admin.csr -CA ${CA_DIR}/ca.crt -CAkey ${CA_DIR}/ca.key -CAcreateserial -out ${CA_DIR}/admin.crt -days 20000 -extensions v3_req_client -extfile ${CA_DIR}/admin-openssl.cnf
|
|
|
|
#generate admin kubeconfig
|
|
TOKEN=`cat ${CA_DIR}/admin.token`
|
|
kubectl config set-cluster ${CLUSTER_NAME}.virtual.local --certificate-authority=${CA_DIR}/ca.crt --embed-certs=true --server=https://localhost:16443 --kubeconfig=$ADMIN_KUBECONFIG
|
|
kubectl config set-credentials admin --client-certificate=${CA_DIR}/admin.crt --client-key=${CA_DIR}/admin.key --embed-certs=true --token=$TOKEN --kubeconfig=$ADMIN_KUBECONFIG
|
|
kubectl config set-context ${CLUSTER_NAME}.virtual.local --cluster=${CLUSTER_NAME}.virtual.local --user=admin --kubeconfig=$ADMIN_KUBECONFIG
|
|
kubectl config use-context ${CLUSTER_NAME}.virtual.local --kubeconfig=$ADMIN_KUBECONFIG
|