为什么要使用kubeadm手动生成证书? [英] Using kubeadm why would you want to manually generate certs?
问题描述
我正在尝试遵循此
谢谢! 没有主要优势. kubeadm的作用相同:生成自签名证书.唯一的迷你优势是您可以在 CSR 中添加一些自定义值,例如城市,组织等. No major advantage. kubeadm does the same: generate self-signed certs. The only mini advantage is that you could add some custom values in the CSR, such as a City, Organization, etc. 不是真的. There's also the certificate rotation from the masters and
如果要重新生成 If you'd like to regenerate the 这篇关于为什么要使用kubeadm手动生成证书?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!推荐答案
--rotate-certificates
需要启用.
--rotate-certificates
that needs to be enabled.kubeadm
can help with that with these commands:mkdir /etc/kubernetes/pkibak
mv /etc/kubernetes/pki/* /etc/kubernetes/pkibak
rm /etc/kubernetes/pki/*
kubeadm init phase certs all --apiserver-advertise-address=0.0.0.0 --apiserver-cert-extra-sans=x.x.x.x,x.x.x.x
systemctl restart docker
admin.conf
文件,也可以使用kubeadm
:admin.conf
file, you can also use kubeadm
:$ kubeadm init phase kubeconfig admin \
--cert-dir /etc/kubernetes/pki \
--kubeconfig-dir /tmp/.