Posts

How to regenerate/renew kubelet certificate manually?

 Use the following script: IP=$(host $(hostname -f)|awk  '{print $4}' ) HOSTNAME=$(hostname -s) FQDN=$(hostname -f) DAYS=365 cat > openssl-${HOSTNAME}.cnf <<EOF [req] req_extensions = v3_req distinguished_name = req_distinguished_name [req_distinguished_name] [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName =  @alt_names [alt_names] DNS. 1   = ${HOSTNAME} DNS.2 = ${FQDN} IP. 1   = ${IP} EOF cat << EOF > ca.crt ##fill the content here from /etc/Kubernetes/pki/ca.crt on a master node EOF   cat << EOF > ca.key ##fill the content here from /etc/Kubernetes/pki/ca.key on a master node EOF openssl ecparam -name prime256v1 -genkey -noout -out ${HOSTNAME}.key openssl req - new   -key ${HOSTNAME}.key -subj  "/CN=system:node:${HOSTNAME}/O=system:nodes"   -out ${HOSTNAME}.csr -config openssl-${HOSTNAME}.cnf openssl x509 -req -in ${HOSTNAME}.csr -CA ca.crt -CAkey ...
Post a Comment
Read more