编写证书配置文件 ``` mkdir -p /opt/k8s/ssl cd /opt/k8s/ssl/ ​ vi /opt/k8s/ssl/ca-config.json { "signing": { "default": { "expiry": "87600h" }, "profiles": { "kubernetes": { "usages": [ "signing", "key encipherment", "server auth", "client auth" ], "expiry": "87600h" } } } } vi /opt/k8s/ssl/etcd-ca-csr.json { "CN": "etcd", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "TW", "ST": "Taipei", "L": "Taipei", "O": "etcd", "OU": "Etcd Security" } ] } ​ # 编辑 ETCD CA 配置文件 vi /opt/k8s/ssl/etcd-ca-csr.json { "CN": "etcd", "key": { "algo": "rsa", "size": 2048 }, "names": [ { "C": "CN", "ST": "GuangXi", "L": "Nanning", "O": "cbx", "OU": "cbxhome" } ] } # 编辑 ETCD Server端证书配置文件 vi /opt/k8s/ssl/etcd_server.json { "CN": "etcd", "hosts": [ "127.0.0.1", "10.10.10.231", "10.10.10.232", "10.10.10.233", "etcd01.cbxhome.local", "etcd02.cbxhome.local", "etcd03.cbxhome.local" ], "key": { "algo": "ecdsa", "size": 256 }, "names": [ { "C": "CN", "ST": "GuangXi", "L": "Nanning", "O": "cbx", "OU": "cbxhome" } ] } ​ # 编辑 Etcd 节点一证书配置文件 vi /opt/k8s/ssl/etcd_member01.json { "CN": "etcd", "hosts": [ "127.0.0.1", "10.10.10.231", "etcd01.cbxhome.local" ], "key": { "algo": "ecdsa", "size": 256 }, "names": [ { "C": "CN", "ST": "GuangXi", "L": "Nanning", "O": "cbx", "OU": "cbxhome" } ] } ​ # 编辑 Etcd 节点二证书配置文件 vi /opt/k8s/ssl/etcd_member02.json { "CN": "etcd", "hosts": [ "127.0.0.1", "10.10.10.232", "etcd02.cbxhome.local" ], "key": { "algo": "ecdsa", "size": 256 }, "names": [ { "C": "CN", "ST": "GuangXi", "L": "Nanning", "O": "cbx", "OU": "cbxhome" } ] } ​ # 编辑 Etcd 节点三证书配置文件 vi /opt/k8s/ssl/etcd_member03.json { "CN": "etcd", "hosts": [ "127.0.0.1", "10.10.10.233", "etcd03.cbxhome.local" ], "key": { "algo": "ecdsa", "size": 256 }, "names": [ { "C": "CN", "ST": "GuangXi", "L": "Nanning", "O": "cbx", "OU": "cbxhome" } ] } ​ # 编辑 Etcd 连接客户端证书配置文件 vi /opt/k8s/ssl/etcd_client.json { "CN": "client", "hosts": [], "key": { "algo": "ecdsa", "size": 256 }, "names": [ { "C": "CN", "ST": "GuangXi", "L": "Nanning", "O": "cbx", "OU": "cbxhome" } ] } ​ ```