# k8s-certs

**Repository Path**: yhly/k8s-certs

## Basic Information

- **Project Name**: k8s-certs
- **Description**: 为k8s集群生成证书的脚本工具；依赖OpenSSL和Kubectl命令
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 0
- **Forks**: 4
- **Created**: 2022-10-09
- **Last Updated**: 2022-10-09

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# k8s-certs

> 为Kubernetes集群创建证书的脚本工具

## 使用方式
> 集群的域名和IP地址等信息在functions.sh文件中定义。


### 创建Etcd证书
``` bash
# $1参数为可选值，默认为当前目录下的etcd，该参数指定了etcd证书的存储路径
bash etcd-certs.sh [$1] 
```

### 创建Kubernetes证书
``` bash
# $1 为K8s证书存储路径，默认值为当前目录下的kubernetes目录
# $2 为etcd证书存储路径，默认值为当前目录下的etcd目录，脚本会在$2参数中寻找APIServer的etcd客户端证书
bash kubernetes-certs.sh [$1] [$2] 
```

### 创建Etcd和Kubernetes的证书
``` bash
# $1 为etcd证书的存储路径
# $2 为K8s证书的存储路径
bash certs.sh [$1] [$2]
```

## 执行结果
``` bash 
~/certs# tree etcd kubernetes
etcd
├── apiserver-etcd-client.crt
├── apiserver-etcd-client.key
├── ca.crt
├── ca.key
├── client.crt
├── client.key
├── peer.crt
├── peer.key
├── server.crt
└── server.key
kubernetes
├── admin.kubeconfig
├── apiserver.crt
├── apiserver-etcd-client.crt
├── apiserver-etcd-client.key
├── apiserver.key
├── apiserver-kubelet-client.crt
├── apiserver-kubelet-client.key
├── ca.crt
├── ca.key
├── front-proxy-ca.crt
├── front-proxy-ca.key
├── front-proxy-client.crt
├── front-proxy-client.key
├── kube-controller-manager.crt
├── kube-controller-manager.key
├── kube-controller-manager.kubeconfig
├── kubelet-bootstrap.kubeconfig
├── kube-proxy.crt
├── kube-proxy.key
├── kube-proxy.kubeconfig
├── kube-scheduler.crt
├── kube-scheduler.key
├── kube-scheduler.kubeconfig
├── sa.key
├── sa.pub
└── token.csv

0 directories, 36 files
```