1、签发kubelet证书并拷贝
vim kubelet-csr.json
{
"CN": "k8s-kubelet",
"hosts": [
"127.0.0.1",
"10.4.7.9",
"10.4.7.12",
"10.4.7.13",
"10.4.7.15",
"10.4.7.16",
"10.4.7.17",
"10.4.7.18",
"10.4.7.19",
"10.4.7.20"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "beijing",
"L": "beijing",
"O": "k8s",
"OU": "system"
}
]
}
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=server kubelet-csr.json | cfssl-json -bare kubelet
scp kubelet.pem yanc7-12:/opt/kubernetes/server/bin/certs
scp kubelet-key.pem yanc7-12:/opt/kubernetes/server/bin/certs
scp kubelet.pem yanc7-13:/opt/kubernetes/server/bin/certs
scp kubelet-key