## 1.将所有文件放置/data/download
## 2.在master1需要安装CFSSL工具,这将会用来建立 TLS certificates。
cp /data/download/cfssl /usr/local/bin/cfssl
cp /data/download/cfssljson /usr/local/bin/cfssljson
chmod +x /usr/local/bin/cfssl /usr/local/bin/cfssljson
## 3.创建集群ca和certificates
mkdir -p /etc/etcd/ssl
cd /etc/etcd/ssl
## 3.1.下载ca-config.json与etcd-ca-csr.json文件,并产生 CA 密钥:
cp /data/download/ca-config.json /etc/etcd/ssl/ca-config.json
cp /data/download/etcd-ca-csr.json /etc/etcd/ssl/etcd-ca-csr.json
cfssl gencert -initca etcd-ca-csr.json | cfssljson -bare etcd-ca
ls etcd-ca*.pem
## 3.2.下载etcd-csr.json文件,并产生 kube-apiserver certificate 证书:
## 注意IP
cp /data/download/etcd-csr.json /etc/etcd/ssl/etcd-csr.json
cfssl gencert \
-ca=etcd-ca.pem \
-ca-key=etcd-ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
etcd-csr.jso