I have coreos kubernetes cluster, which I started with this article:
Kubernetes coreos cluster on AWS
TL; DR;
> kube-aws init
> kube-aws render
> kube-aws up
Everything worked fine, and I had a cluster of kubernetes coreos on AWS. The article has a warning saying:
PRODUCT NOTE: TLS keys and certificates created by kube-aws should not be used to deploy a Kubernetes cluster. Each component certificate is valid for only 90 days, while CA is valid for 365 days. If you are deploying a Kubernetes production cluster, consider installing PKI first regardless of this tool.
So, I wanted to replace the default certificates, so I completed the following article:
kernel certificates
TL; DR;
- created the following self-signed certificates: ca.pem, ca-key.pem
- : apiserver.pem, apiserver-key.pem
- , ,
- kubectl , .
Im kubectl ,
: x509: ,
kubectl, DNS-, DNS .
kubectl ?
EDIT:
~/.kube/config :
apiVersion: v1
clusters:
- cluster:
certificate-authority: /Users/Yariv/Development/workspace/bugeez/bugeez-kubernetes/credentials/ca2.pem
server: https://kubernetes.bugeez.io
name: bugeez
contexts:
- context:
cluster: bugeez
user: bugeez-admin
name: bugeez-system
current-context: bugeez-system
kind: Config
preferences: {}
users:
- name: bugeez-admin
user:
client-certificate: /Users/Yariv/Development/workspace/bugeez/bugeez-kubernetes/credentials/admin2.pem
client-key: /Users/Yariv/Development/workspace/bugeez/bugeez-kubernetes/credentials/admin-key2.pem
EDIT:
ca2.pem, , :
openssl verify -CAfile ca2.pem <certificate-name>
EDIT:
, :
, , cloud-config . , cloud-config ?