diff --git a/docs/04-certificate-authority.md b/docs/04-certificate-authority.md index 490fcbd..4e3074c 100644 --- a/docs/04-certificate-authority.md +++ b/docs/04-certificate-authority.md @@ -106,74 +106,74 @@ Generate a certificate and private key for each Kubernetes worker node: ```gcloud``` ``` for instance in worker-0 worker-1 worker-2; do - cat > ${instance}-csr.json < ${instance}-csr.json < ${instance}-csr.json < ${instance}-csr.json << EOF +{ + "CN": "system:node:${instance}", + "key": { + "algo": "rsa", + "size": 2048 + }, + "names": [ + { + "C": "US", + "L": "Portland", + "O": "system:nodes", + "OU": "Kubernetes The Hard Way", + "ST": "Oregon" + } + ] +} +EOF - EXTERNAL_IP=$(az vm show --name ${instance} -d --query publicIps -o tsv) +EXTERNAL_IP=$(az vm show --name ${instance} -d --query publicIps -o tsv) - INTERNAL_IP=$(az vm show --name ${instance} -d --query privateIps -o tsv) +INTERNAL_IP=$(az vm show --name ${instance} -d --query privateIps -o tsv) - cfssl gencert \ - -ca=ca.pem \ - -ca-key=ca-key.pem \ - -config=ca-config.json \ - -hostname=${instance},${EXTERNAL_IP},${INTERNAL_IP} \ - -profile=kubernetes \ - ${instance}-csr.json | cfssljson -bare ${instance} +cfssl gencert \ + -ca=ca.pem \ + -ca-key=ca-key.pem \ + -config=ca-config.json \ + -hostname=${instance},${EXTERNAL_IP},${INTERNAL_IP} \ + -profile=kubernetes \ + ${instance}-csr.json | cfssljson -bare ${instance} done ```