New to Searchlight? Please start here.

Certificate

This article shows you how to generate SSL certificates using openssl or easyrsa.

openssl

openssl can also be use to manually generate certificates for your cluster.

Set HOST_IP ENV to host IP
Generate a ca.key with 2048bit:
```
openssl genrsa -out ca.key 2048
```

According to the ca.key generate a ca.crt

openssl req -x509 -new -nodes -key ca.key -subj "/CN=${HOST_IP}" -days 10000 -out ca.crt

Generate a server.key with 2048bit
```
openssl genrsa -out server.key 2048
```

According to the server.key generate a server.csr:

openssl req -new -key server.key -subj "/CN=${HOST_IP}" -out server.csr

According to the ca.key, ca.crt and server.csr generate the server.crt:

openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000

easyrsa

easyrsa can be used to manually generate certificates for your cluster.

Download, unpack, and initialize the patched version of easyrsa3.

curl -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz
tar xzf easy-rsa.tar.gz
cd easy-rsa-master/easyrsa3
./easyrsa init-pki

Set HOST_IP ENV to Kubernetes host IP
Generate a CA. (–batch set automatic mode. –req-cn default CN to use.)
```
./easyrsa --batch "--req-cn=${HOST_IP}@`date +%s`" build-ca nopass
```

Generate server certificate and key

./easyrsa --subject-alt-name="IP:${HOST_IP}" build-server-full kubernetes-master nopass

Acknowledgement

This documentation is adapted from kubernetes.io.

KubeDB

Stash

KubeVault

Guard

Voyager

Swift

Searchlight

Kubed

ByteBuilders

Pharmer

Kubeform

Certificate

openssl

easyrsa

Acknowledgement

What's on this Page

Search

Have any Inquiry?

Products

Services

Company

Legal