mirrors
/
kubernetes-the-hard-way
mirror of https://github.com/kelseyhightower/kubernetes-the-hard-way
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

generate kube-apiserver server certificate

amd64-and-arm64
Kelsey Hightower 2025-04-08 07:30:28 -07:00
parent f377d2ad74
commit b6e493e463
3 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ca.conf
View File

@ -174,7 +174,7 @@ req_extensions = kube-api-server_req_extensions
basicConstraints = CA:FALSE basicConstraints = CA:FALSE
extendedKeyUsage = clientAuth, serverAuth extendedKeyUsage = clientAuth, serverAuth
keyUsage = critical, digitalSignature, keyEncipherment keyUsage = critical, digitalSignature, keyEncipherment
nsCertType = client nsCertType = client, server
nsComment = "Kube API Server Certificate" nsComment = "Kube API Server Certificate"
subjectAltName = @kube-api-server_alt_names subjectAltName = @kube-api-server_alt_names
subjectKeyIdentifier = hash subjectKeyIdentifier = hash

3
docs/08-bootstrapping-kubernetes-controllers.md
View File

@ -179,7 +179,8 @@ At this point the Kubernetes control plane is up and running. Run the following
Make a HTTP request for the Kubernetes version info: Make a HTTP request for the Kubernetes version info:
```bash ```bash
curl -k https://server.kubernetes.local:6443/version curl --cacert ca.crt \
https://server.kubernetes.local:6443/version
``` ```
```text ```text

2
docs/10-configuring-kubectl.md
View File

@ -11,7 +11,7 @@ Each kubeconfig requires a Kubernetes API Server to connect to.
You should be able to ping `server.kubernetes.local` based on the `/etc/hosts` DNS entry from a previous lab. You should be able to ping `server.kubernetes.local` based on the `/etc/hosts` DNS entry from a previous lab.
```bash ```bash
curl -k \ curl --cacert ca.crt \
https://server.kubernetes.local:6443/version https://server.kubernetes.local:6443/version
``` ```