k8s集群部署之签发证书

原创

张存linux 2024-04-30 09:53:54 博主文章分类：centos ©著作权

文章标签 docker 容器 centos json linux 文章分类 Html/CSS 前端开发

©著作权归作者所有：来自51CTO博客作者张存linux的原创作品，请联系作者获取转载授权，否则将追究法律责任

准备签发证书环境
10.4.7.200上执行

安装CFSSL

wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 -O /usr/bin/cfssl
 wget https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 -O /usr/bin/cfssl-json
 wget https://pkg.cfssl.org/R1.2/cfssl-certinfo_linux-amd64 -O /usr/bin/cfssl-certinfo
   
 chmod +x /usr/bin/cfssl*
 mkdir /opt/certs
 vim /opt/certs/ca-csr.json{
     "CN": "ZhangCun",
     "hosts": [
     ],
     "key": {
         "algo": "rsa",
         "size": 2048
     },
     "names": [
         {
             "C": "CN",
             "ST": "beijing",
             "L": "beijing",
             "O": "od",
             "OU": "ops"
         }
     ],
     "ca": {
         "expiry": "175200h"
 }
 }

cfssl gencert -initca ca-csr.json | cfssl-json -bare ca
安装docker（在10.4.7.21,10,4.7.22,10.4.7.200分别执行）
安装依赖包

yum install -y yum-utils device-mapper-persistent-data lvm2

添加Docker软件包源
yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
安装（安装最新版本）
yum install docker-ce -y
或者

curl -fsSL https://get.docker.com | bash -s docker --mirror Aliyun
 
 
  mkdir -p /data/docker /etc/docker vim /etc/docker/daemon.json
 {
   "graph": "/data/docker",
   "storage-driver": "overlay2",
   "insecure-registries": ["registry.access.redhat.com","quay.io","harbor.od.com"],
   "registry-mirrors": ["https://q2gr04ke.mirror.aliyuncs.com"],
   "bip": "172.7.21.1/24",
   "exec-opts": ["native.cgroupdriver=systemd"],
   "live-restore": true
 } systemctl start docker
 systemctl enable docker