k8s-node-webhook

module
v0.0.0-...-8352eda Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 10, 2019 License: Apache-2.0

README

k8s-node-webhook

Create signed cert for https

  1. Create private key file ca.key

openssl genrsa -out ca.key 2048

  1. Create cert ca.crt by private key file ca.key

openssl req -x509 -new -nodes -key ca.key -subj "/CN=lb-webhook.default.svc" -days 10000 -out ca.crt

  1. Create server key file server.key

openssl genrsa -out server.key 2048

  1. Create CSR file csr.conf
[ req ]
default_bits = 2048
prompt = no
default_md = sha256
req_extensions = req_ext
distinguished_name = dn
​
[ dn ]
C = CN
ST = SiChuan
L = SZ
O = Wise2c
OU = Wise2c
CN = lb-webhook.default.svc
​
[ req_ext ]
subjectAltName = @alt_names
​
[ alt_names ]
DNS.1 = lb-webhook.default.svc
​
[ v3_ext ]
authorityKeyIdentifier=keyid,issuer:always
basicConstraints=CA:FALSE
keyUsage=keyEncipherment,dataEncipherment
extendedKeyUsage=serverAuth,clientAuth
subjectAltName=@alt_names
  1. Create sign request file server.csr

openssl req -new -key server.key -out server.csr -config csr.conf

  1. Create server cert file server.crt

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000 -extensions v3_ext -extfile csr.conf

  1. View the server cert

openssl x509 -noout -text -in server.crt

Create yaml files

1-secret.yaml: update ca.crt, server.crt and server.key values

2-rbac.yaml

3-deployment.yaml

4-service.yaml

5-admissionregistration.yaml: caBundle use content(base64) of file ca.crt

Reference:

http://dockone.io/article/9108 https://mp.weixin.qq.com/s/Z6ucuqNs2rOaPzwhvW-bmw

Directories

Path Synopsis
pkg
webhook

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.