From 32680f9f6723007811f4844823faf1e5038e3640 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Tue, 1 Feb 2022 13:06:06 -0800 Subject: [PATCH] More edits --- docs/04-certificate-authority.md | 223 ++++++------------------------- 1 file changed, 39 insertions(+), 184 deletions(-) diff --git a/docs/04-certificate-authority.md b/docs/04-certificate-authority.md index da38fe2..98fba24 100644 --- a/docs/04-certificate-authority.md +++ b/docs/04-certificate-authority.md @@ -300,7 +300,12 @@ EXTERNAL_IP=$(gcloud compute instances describe ${instance} \ INTERNAL_IP=$(gcloud compute instances describe ${instance} \ --format 'value(networkInterfaces[0].networkIP)') -step ca certificate "system:node:${instance}" ${instance}.pem ${instance}-key.pem --san "${instance}" --san "${EXTERNAL_IP}" --san "${INTERNAL_IP}" --provisioner "kubernetes" --provisioner-password-file "provisioner-password" +step ca certificate "system:node:${instance}" ${instance}.pem ${instance}-key.pem \ + --san "${instance}" \ + --san "${EXTERNAL_IP}" \ + --san "${INTERNAL_IP}" \ + --provisioner "kubernetes" \ + --provisioner-password-file "provisioner-password" done ``` @@ -315,51 +320,24 @@ worker-2-key.pem worker-2.pem ``` - - - - - - - - - - - - ### The Controller Manager Client Certificate -Generate the `kube-controller-manager` client certificate and private key: +Generate the `kube-controller-manager`, `kube-proxy`, and `kube-scheduler` client certificates and private keys: ``` { - -cat > kube-controller-manager-csr.json < kube-proxy-csr.json < kube-scheduler-csr.json < kubernetes-csr.json < service-account-csr.json <