Skip to content
This repository was archived by the owner on Apr 10, 2024. It is now read-only.

Commit 519a7b6

Browse files
csviricsviri
committed
docs: cleanup notes
1 parent 8b8ddd6 commit 519a7b6

File tree

1 file changed

+0
-34
lines changed

1 file changed

+0
-34
lines changed

devnotes.txt

Lines changed: 0 additions & 34 deletions
Original file line numberDiff line numberDiff line change
@@ -5,37 +5,3 @@ https://console.cloud.google.com/storage/browser/kubebuilder-tools
55
bins:
66
https://github.com/etcd-io/etcd/releases/download/v3.4.24/etcd-v3.4.24-linux-amd64.tar.gz
77
https://dl.k8s.io/v1.26.1/bin/linux/amd64/kube-apiserver
8-
9-
Gen self signed for api server:
10-
https://raymii.org/s/tutorials/OpenSSL_generate_self_signed_cert_with_Subject_Alternative_name_oneliner.html
11-
12-
cert generate https://gist.github.com/fntlnz/cf14feb5a46b2eda428e000157447309
13-
14-
server cert:
15-
openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout apiserver.key -out apiserver.crt -days 356 -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=ACME Corp/OU=IT Dept/CN=example.org" -addext "subjectAltName = IP:127.0.0.1,DNS:kubernetes,DNS:kubernetes.default,DNS:kubernetes.default.svc,DNS:kubernetes.default.svc.cluster,DNS:kubernetes.default.svc.cluster.local"
16-
17-
client cert (no CA) :
18-
openssl req -nodes -x509 -sha256 -newkey rsa:4096 -keyout client.key -out client.crt -days 356 -subj "/C=NL/ST=Zuid Holland/L=Rotterdam/O=system:masters/OU=IT Dept/CN=attila"
19-
20-
run etcd:
21-
./etcd --listen-client-urls=http://0.0.0.0:2379 --advertise-client-urls=http://0.0.0.0:2379 --wal-dir=/home/csviri/.jenvtest/etcddata/ --unsafe-no-fsync=true
22-
23-
run self signed:
24-
25-
./kube-apiserver --cert-dir /home/csviri/.jenvtest/ --etcd-servers http://0.0.0.0:2379 --authorization-mode RBAC --service-account-issuer https://localhost --service-account-signing-key-file /home/csviri/.jenvtest/apiserver.key --service-account-signing-key-file /home/csviri/.jenvtest/apiserver.key --service-account-key-file /home/csviri/.jenvtest/apiserver.key --service-account-issuer /home/csviri/.jenvtest/apiserver.cert --disable-admission-plugins ServiceAccount --client-ca-file /home/csviri/.jenvtest/client.crt
26-
27-
// ./kube-apiserver --cert-dir .
28-
// --etcd-servers http://0.0.0.0:2379
29-
// --authorization-mode RBAC
30-
// --service-account-issuer https://localhost
31-
// --service-account-signing-key-file /home/csviri/Downloads/kubeapi/tempcerts/apiserver.key
32-
// --service-account-key-file /home/csviri/Downloads/kubeapi/tempcerts/apiserver.key
33-
// --service-account-issuer /home/csviri/Downloads/kubeapi/tempcerts/apiserver.cert
34-
// --disable-admission-plugins ServiceAccount
35-
// --client-ca-file /home/csviri/Downloads/kubeapi/client-certs/rootCACert.pem
36-
37-
client group (O): system:masters
38-
39-
Gen cert from java (with bc):
40-
https://gamlor.info/posts-output/2019-10-29-java-create-certs-bouncy/en/
41-
https://www.bouncycastle.org/docs/pkixdocs1.8on/org/bouncycastle/openssl/jcajce/JcaPEMWriter.html

0 commit comments

Comments
 (0)