openssl命令查看证书有效期 |
您所在的位置:网站首页 › openssl查询证书有效期 › openssl命令查看证书有效期 |
[[email protected] pki]# cat csr.conf [ req ] default_bits = 2048 prompt = no default_md = sha256 req_extensions = req_ext distinguished_name = dn [ dn ] C = CN ST = BeiJing L = BeiJing O = k8s OU = System CN = kubernetes [ req_ext ] subjectAltName = @alt_names [ alt_names ] DNS.1 = kubernetes DNS.2 = kubernetes.default DNS.3 = kubernetes.default.svc DNS.4 = kubernetes.default.svc.cluster DNS.5 = kubernetes.default.svc.cluster.local DNS.6 = k8s-master01 DNS.7 = k8s-master02 DNS.8 = k8s-master03 IP.1 = 10.96.0.1 IP.2 = 100.82.200.190 IP.3 = 100.82.200.184 IP.4 = 100.82.200.187 IP.5 = 100.82.200.194 IP.6 = 10.220.8.184 IP.7 = 10.220.8.187 IP.8 = 10.220.8.190 IP.9 = 10.220.8.194 [ v3_ext ] authorityKeyIdentifier=keyid,issuer:always basicConstraints=CA:FALSE keyUsage=digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment extendedKeyUsage=serverAuth,clientAuth [email protected]_names openssl genrsa -out apiserver.key 2048 openssl req -new -key apiserver.key -out apiserver.csr -config csr.conf openssl x509 -req -in apiserver.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out apiserver.crt -days 10000 -extensions v3_ext -extfile csr.conf openssl x509 -noout -text -in ./apiserver.crt |grep "Not" openssl genrsa -out apiserver-kubelet-client.key 2048 openssl req -new -key apiserver-kubelet-client.key -out apiserver-kubelet-client.csr -config csr.conf openssl x509 -req -in apiserver-kubelet-client.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out apiserver-kubelet-client.crt -days 10000 -extensions v3_ext -extfile csr.conf openssl x509 -noout -text -in ./apiserver-kubelet-client.crt |grep "Not" openssl genrsa -out front-proxy-client.key 2048 openssl req -new -key front-proxy-client.key -out front-proxy-client.csr -config csr.conf openssl x509 -req -in front-proxy-client.csr -CA front-proxy-ca.crt -CAkey front-proxy-ca.key -CAcreateserial -out front-proxy-client.crt -days 10000 -extensions v3_ext -extfile csr.conf openssl x509 -noout -text -in ./front-proxy-client.crt |grep "Not" kubeadm alpha phase certs all --config kubeadm-config.yaml kubeadm alpha phase kubelet config write-to-disk --config kubeadm-config.yaml kubeadm alpha phase kubelet write-env-file --config kubeadm-config.yaml kubeadm alpha phase kubeconfig kubelet --config kubeadm-config.yaml kubeadm alpha phase kubeconfig all --config kubeadm-config.yaml kubeadm alpha phase controlplane all --config kubeadm-config.yaml systemctl restart kubelet kubeadm alpha phase mark-master --config kubeadm-config.yaml cp /etc/kubernetes/admin.conf ~/.kube/config 重启集群后,执行kubelet logs pods XXXX -n kube-system报错如下:Error from server (Forbidden): Forbidden (user=kubernetes, verb=get, resource=nodes, subresource=proxy) ( pods/log kube-scheduler-k8s-master01) 解决方案:kubectl create clusterrolebinding system:kubernetes --clusterrole=cluster-admin --user=system:kubernetes 原文:https://blog.51cto.com/strongit/2407732 |
今日新闻 |
推荐新闻 |
CopyRight 2018-2019 办公设备维修网 版权所有 豫ICP备15022753号-3 |