Skip to content

Instantly share code, notes, and snippets.

@aivarasko

aivarasko/worker_cert.sh

Last active June 16, 2019 17:34
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save aivarasko/4596220707018ea62f8b498dc74d4ae8 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save aivarasko/4596220707018ea62f8b498dc74d4ae8 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
worker_cert.sh
#!/bin/bash
set -euox pipefail
IFS=$'\n\t'
MASTER_INTERNAL_IP=$1
WORKER_NAME=$2
WORKER_IP=$3
TMPDIR=$(mktemp -d -t ci-XXXXXXXXXX)
cd ${TMPDIR}
cp /var/lib/kubernetes/ca.pem ${TMPDIR}/
cp ~/cert/kube-proxy.kubeconfig ${TMPDIR}/
cat > ${TMPDIR}/${WORKER_NAME}-csr.json <<EOF
{
"CN": "system:node:${WORKER_NAME}",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"O": "system:nodes"
}
]
}
EOF
cfssl gencert -ca=/var/lib/kubernetes/ca.pem \
-ca-key=/var/lib/kubernetes/ca-key.pem \
-config=/var/lib/kubernetes/ca-config.json \
-hostname=${WORKER_NAME},${WORKER_IP} \
-profile=kubernetes ${WORKER_NAME}-csr.json | cfssljson -bare ${WORKER_NAME}
kubectl config set-cluster kubernetes-the-hard-way \
--certificate-authority=/var/lib/kubernetes/ca.pem \
--embed-certs=true \
--server=https://${MASTER_INTERNAL_IP}:6443 \
--kubeconfig=${WORKER_NAME}.kubeconfig
kubectl config set-credentials system:node:${WORKER_NAME} \
--client-certificate=${WORKER_NAME}.pem \
--client-key=${WORKER_NAME}-key.pem \
--embed-certs=true \
--kubeconfig=${WORKER_NAME}.kubeconfig
kubectl config set-context default \
--cluster=kubernetes-the-hard-way \
--user=system:node:${WORKER_NAME} \
--kubeconfig=${WORKER_NAME}.kubeconfig
kubectl config use-context default --kubeconfig=${WORKER_NAME}.kubeconfig
tar cvf ~/${WORKER_NAME}-bundle.tar .
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment