@@ -39,20 +39,38 @@ echo DISCOVERY_ID:$DISCOVERY_ID >> index.txt
39
39
openssl genrsa -out ca-key.pem 2048
40
40
openssl req -x509 -new -nodes -key ca-key.pem -days 10000 -out ca.pem -subj " /CN=kube-ca"
41
41
42
+ # create etcd CA
43
+ openssl genrsa -out etcd-ca-key.pem 2048
44
+ openssl req -x509 -new -nodes -key etcd-ca-key.pem -days 10000 -out etcd-ca.pem -subj " /CN=etcd-ca"
45
+
46
+
42
47
sed -e s/K8S_SERVICE_IP/$K8S_SERVICE_IP / -e s/MASTER_HOST_IP/$MASTER_HOST_IP / -e s/FLOATING_IP/$FLOATING_IP / ../template/openssl.cnf > openssl.cnf
43
48
44
49
# create API certs
45
50
openssl genrsa -out apiserver-key.pem 2048
46
51
openssl req -new -key apiserver-key.pem -out apiserver.csr -subj " /CN=kube-apiserver" -config openssl.cnf
47
52
openssl x509 -req -in apiserver.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out apiserver.pem -days 365 -extensions v3_req -extfile openssl.cnf
48
53
54
+ # create ETCD-API-certs
55
+ openssl genrsa -out etcd-apiserver-key.pem 2048
56
+ openssl req -new -key etcd-apiserver-key.pem -out etcd-apiserver.csr -subj " /CN=etcd-kube-apiserver" -config openssl.cnf
57
+ openssl x509 -req -in etcd-apiserver.csr -CA etcd-ca.pem -CAkey etcd-ca-key.pem -CAcreateserial -out etcd-apiserver.pem -days 365 -extensions v3_req -extfile openssl.cnf
58
+
49
59
# create worker certs
50
60
for i in ${WORKER_HOSTS[@]} ; do
51
61
openssl genrsa -out ${i} -worker-key.pem 2048
52
62
WORKER_IP=${i} openssl req -new -key ${i} -worker-key.pem -out ${i} -worker.csr -subj " /CN=${i} " -config ../template/worker-openssl.cnf
53
63
WORKER_IP=${i} openssl x509 -req -in ${i} -worker.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out ${i} -worker.pem -days 365 -extensions v3_req -extfile ../template/worker-openssl.cnf
54
64
done
55
65
66
+ # create ETCD-worker certs
67
+ for i in ${WORKER_HOSTS[@]} ; do
68
+ openssl genrsa -out ${i} -etcd-worker-key.pem 2048
69
+ WORKER_IP=${i} openssl req -new -key ${i} -etcd-worker-key.pem -out ${i} -etcd-worker.csr -subj " /CN=${i} " -config ../template/worker-openssl.cnf
70
+ WORKER_IP=${i} openssl x509 -req -in ${i} -etcd-worker.csr -CA etcd-ca.pem -CAkey etcd-ca-key.pem -CAcreateserial -out ${i} -etcd-worker.pem -days 365 -extensions v3_req -extfile ../template/worker-openssl.cnf
71
+ done
72
+
73
+
56
74
# create admin certs
57
75
openssl genrsa -out admin-key.pem 2048
58
76
openssl req -new -key admin-key.pem -out admin.csr -subj " /CN=kube-admin"
@@ -71,16 +89,27 @@ openssl x509 -req -in demouser.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial
71
89
# gzip base64 encode files to store in the cloud init files.
72
90
CAKEY=$( cat ca-key.pem | gzip | base64 -w0)
73
91
CACERT=$( cat ca.pem | gzip | base64 -w0)
92
+ ETCDCAKEY=$( cat etcd-ca-key.pem | gzip | base64 -w0)
93
+ ETCDCACERT=$( cat etcd-ca.pem | gzip | base64 -w0)
74
94
APISERVERKEY=$( cat apiserver-key.pem | gzip | base64 -w0)
75
95
APISERVER=$( cat apiserver.pem | gzip | base64 -w0)
96
+ ETCDAPISERVERKEY=$( cat etcd-apiserver-key.pem | gzip | base64 -w0)
97
+ ETCDAPISERVER=$( cat etcd-apiserver.pem | gzip | base64 -w0)
98
+
76
99
77
100
for i in ${WORKER_HOSTS[@]} ; do
78
101
j=$i -worker-key.pem
79
102
k=$i -worker.pem
103
+ l=$i -etcd-worker-key.pem
104
+ m=$i -etcd-worker.pem
80
105
WORKERKEY=$( cat $j | gzip | base64 -w0)
81
106
WORKER=$( cat $k | gzip | base64 -w0)
107
+ ETCDWORKERKEY=$( cat $l | gzip | base64 -w0)
108
+ ETCDWORKER=$( cat $m | gzip | base64 -w0)
82
109
echo WORKERKEY_$i :$WORKERKEY >> index.txt
83
110
echo WORKER_$i :$WORKER >> index.txt
111
+ echo ETCDWORKERKEY_$i :$ETCDWORKERKEY >> index.txt
112
+ echo ETCDWORKER_$i :$ETCDWORKER >> index.txt
84
113
done
85
114
86
115
ADMINKEY=` cat admin-key.pem | gzip | base64 -w0`
@@ -89,6 +118,8 @@ ADMIN=`cat admin.pem | gzip | base64 -w0`
89
118
# create indexfile with hashes
90
119
echo CAKEY:$CAKEY >> index.txt
91
120
echo CACERT:$CACERT >> index.txt
121
+ echo ETCDCAKEY:$ETCDCAKEY >> index.txt
122
+ echo ETCDCACERT:$ETCDCACERT >> index.txt
92
123
echo APISERVERKEY:$APISERVERKEY >> index.txt
93
124
echo APISERVER:$APISERVER >> index.txt
94
125
echo ADMINKEY:$ADMINKEY >> index.txt
@@ -110,9 +141,12 @@ sed -e "s,MASTER_HOST_FQDN,$MASTER_HOST_FQDN,g" \
110
141
-e " s,USER_CORE_SSHKEY2,${USER_CORE_KEY2} ," \
111
142
-e " s,USER_CORE_PASSWORD,$HASHED_USER_CORE_PASSWORD ,g" \
112
143
-e " s,K8S_VER,$K8S_VER ,g" \
113
- -e " s,CACERT,$CACERT ,g" \
114
- -e " s,APISERVERKEY,$APISERVERKEY ,g" \
115
- -e " s,APISERVER,$APISERVER ,g" \
144
+ -e " s,\<CACERT\>,$CACERT ,g" \
145
+ -e " s,\<APISERVERKEY\>,$APISERVERKEY ,g" \
146
+ -e " s,\<APISERVER\>,$APISERVER ,g" \
147
+ -e " s,ETCDCACERT,$ETCDCACERT ,g" \
148
+ -e " s,ETCDAPISERVERKEY,$ETCDAPISERVERKEY ,g" \
149
+ -e " s,ETCDAPISERVER,$ETCDAPISERVER ,g" \
116
150
../template/controller.yaml > node_$MASTER_HOST_IP .yaml
117
151
echo ----------------------
118
152
echo Generated: Master: node_$MASTER_HOST_IP .yaml
@@ -130,9 +164,12 @@ sed -e "s,WORKER_IP,$i,g" \
130
164
-e " s,USER_CORE_SSHKEY2,${USER_CORE_KEY2} ," \
131
165
-e " s,USER_CORE_PASSWORD,$HASHED_USER_CORE_PASSWORD ,g" \
132
166
-e " s,K8S_VER,$K8S_VER ,g" \
133
- -e " s,CACERT,$CACERT ,g" \
134
- -e " s,WORKERKEY,` cat index.txt| grep WORKERKEY_$i | cut -d: -f2` ,g" \
135
- -e " s,WORKER,` cat index.txt| grep WORKER_$i | cut -d: -f2` ,g" \
167
+ -e " s,\<CACERT\>,$CACERT ,g" \
168
+ -e " s,\<WORKERKEY\>,` cat index.txt| grep -w WORKERKEY_$i | cut -d: -f2` ,g" \
169
+ -e " s,\<WORKER\>,` cat index.txt| grep -w WORKER_$i | cut -d: -f2` ,g" \
170
+ -e " s,ETCDCACERT,$ETCDCACERT ,g" \
171
+ -e " s,ETCDWORKERKEY,` cat index.txt| grep -w ETCDWORKERKEY_$i | cut -d: -f2` ,g" \
172
+ -e " s,ETCDWORKER,` cat index.txt| grep -w ETCDWORKER_$i | cut -d: -f2` ,g" \
136
173
../template/worker.yaml > node_$i .yaml
137
174
echo Generated: Worker: node_$i .yaml
138
175
done
0 commit comments