opensourcemirror
/
cockpit
mirror of https://github.com/cockpit-project/cockpit.git
1
0
Fork 0
Code Issues Releases Wiki Activity
cockpit/bots/images/scripts/lib/kubernetes.setup

47 lines
2.0 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Kubernetes is delivered in a non-functional state on Fedora and similar operating systems
# The following commands are needed to get it running.
cd /etc/kubernetes/
cat <<EOF > openssl.conf
oid_section = new_oids
[new_oids]
[req]
encrypt_key = no
string_mask = nombstr
req_extensions = v3_req
distinguished_name = v3_name
[v3_name]
commonName = kubernetes
[v3_req]
basicConstraints = CA:FALSE
subjectAltName = @alt_names
[alt_names]
DNS.1 = kubernetes
DNS.2 = kubernetes.default
DNS.3 = kubernetes.default.svc
DNS.4 = kubernetes.default.svc.cluster.local
IP.1 = 127.0.0.1
IP.2 = 10.254.0.1
EOF
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -days 3072 -out ca.crt -subj '/CN=kubernetes'
openssl genrsa -out server.key 2048
openssl req -config openssl.conf -new -key server.key -out server.csr -subj '/CN=kubernetes'
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3072 -extensions v3_req -extfile openssl.conf
# make keys readable for "kube" group and thus for kube-apiserver.service on newer OSes
if getent group kube >/dev/null; then
chgrp kube ca.key server.key
chmod 640 ca.key server.key
fi
echo -e '{"user":"admin"}\n{"user":"scruffy","readonly": true}' > /etc/kubernetes/authorization
echo -e 'fubar,admin,10101\nscruffy,scruffy,10102' > /etc/kubernetes/passwd
echo 'KUBE_API_ARGS="--service-account-key-file=/etc/kubernetes/server.key --client-ca-file=/etc/kubernetes/ca.crt --tls-cert-file=/etc/kubernetes/server.crt --tls-private-key-file=/etc/kubernetes/server.key --basic-auth-file=/etc/kubernetes/passwd --authorization-mode=ABAC --authorization-policy-file=/etc/kubernetes/authorization"' >> apiserver
echo 'KUBE_CONTROLLER_MANAGER_ARGS="--root-ca-file=/etc/kubernetes/ca.crt --service-account-private-key-file=/etc/kubernetes/server.key"' >> controller-manager
Reference in New Issue View Git Blame Copy Permalink