mirrors
/
kubernetes-the-hard-way
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

BASH syntax highlighting

pull/632/head
Matteo Croce 2019-10-03 18:37:17 +02:00 committed by Matteo Croce
parent afd7e3a964
commit b493b8c9c3
1 changed files with 10 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/04-certificate-authority.md
View File

@ -8,7 +8,7 @@ In this section you will provision a Certificate Authority that can be used to g
Generate the CA configuration file, certificate, and private key:
```
```sh
cat > ca-config.json <<EOF
{
"signing": {
@ -62,7 +62,7 @@ In this section you will generate client and server certificates for each Kubern
Generate the `admin` client certificate and private key:
```
```sh
cat > admin-csr.json <<EOF
{
"CN": "admin",
@ -103,7 +103,7 @@ Kubernetes uses a [special-purpose authorization mode](https://kubernetes.io/doc
Generate a certificate and private key for each Kubernetes worker node:
```
```sh
for instance in worker-0 worker-1 worker-2; do
cat > ${instance}-csr.json <<EOF
{
@ -155,7 +155,7 @@ worker-2.pem
Generate the `kube-controller-manager` client certificate and private key:
```
```sh
cat > kube-controller-manager-csr.json <<EOF
{
"CN": "system:kube-controller-manager",
@ -195,7 +195,7 @@ kube-controller-manager.pem
Generate the `kube-proxy` client certificate and private key:
```
```sh
cat > kube-proxy-csr.json <<EOF
{
"CN": "system:kube-proxy",
@ -234,7 +234,7 @@ kube-proxy.pem
Generate the `kube-scheduler` client certificate and private key:
```
```sh
cat > kube-scheduler-csr.json <<EOF
{
"CN": "system:kube-scheduler",
@ -276,7 +276,7 @@ The `kubernetes-the-hard-way` static IP address will be included in the list of
Generate the Kubernetes API Server certificate and private key:
```
```sh
KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe kubernetes-the-hard-way \
--region $(gcloud config get-value compute/region) \
--format 'value(address)')
@ -326,7 +326,7 @@ The Kubernetes Controller Manager leverages a key pair to generate and sign serv
Generate the `service-account` certificate and private key:
```
```sh
cat > service-account-csr.json <<EOF
{
"CN": "service-accounts",
@ -366,7 +366,7 @@ service-account.pem
Copy the appropriate certificates and private keys to each worker instance:
```
```sh
for instance in worker-0 worker-1 worker-2; do
gcloud compute scp ca.pem ${instance}-key.pem ${instance}.pem ${instance}:~/
done
@ -374,7 +374,7 @@ done
Copy the appropriate certificates and private keys to each controller instance:
```
```sh
for instance in controller-0 controller-1 controller-2; do
gcloud compute scp ca.pem ca-key.pem kubernetes-key.pem kubernetes.pem \
service-account-key.pem service-account.pem ${instance}:~/