47 lines
2.0 KiB
Bash
Executable File
47 lines
2.0 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Kubernetes is delivered in a non-functional state on Fedora and similar operating systems
|
|
# The following commands are needed to get it running.
|
|
|
|
cd /etc/kubernetes/
|
|
|
|
cat <<EOF > openssl.conf
|
|
oid_section = new_oids
|
|
[new_oids]
|
|
[req]
|
|
encrypt_key = no
|
|
string_mask = nombstr
|
|
req_extensions = v3_req
|
|
distinguished_name = v3_name
|
|
[v3_name]
|
|
commonName = kubernetes
|
|
[v3_req]
|
|
basicConstraints = CA:FALSE
|
|
subjectAltName = @alt_names
|
|
[alt_names]
|
|
DNS.1 = kubernetes
|
|
DNS.2 = kubernetes.default
|
|
DNS.3 = kubernetes.default.svc
|
|
DNS.4 = kubernetes.default.svc.cluster.local
|
|
IP.1 = 127.0.0.1
|
|
IP.2 = 10.254.0.1
|
|
EOF
|
|
|
|
openssl genrsa -out ca.key 2048
|
|
openssl req -x509 -new -nodes -key ca.key -days 3072 -out ca.crt -subj '/CN=kubernetes'
|
|
openssl genrsa -out server.key 2048
|
|
openssl req -config openssl.conf -new -key server.key -out server.csr -subj '/CN=kubernetes'
|
|
openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 3072 -extensions v3_req -extfile openssl.conf
|
|
# make keys readable for "kube" group and thus for kube-apiserver.service on newer OSes
|
|
if getent group kube >/dev/null; then
|
|
chgrp kube ca.key server.key
|
|
chmod 640 ca.key server.key
|
|
fi
|
|
|
|
echo -e '{"user":"admin"}\n{"user":"scruffy","readonly": true}' > /etc/kubernetes/authorization
|
|
echo -e 'fubar,admin,10101\nscruffy,scruffy,10102' > /etc/kubernetes/passwd
|
|
|
|
echo 'KUBE_API_ARGS="--service-account-key-file=/etc/kubernetes/server.key --client-ca-file=/etc/kubernetes/ca.crt --tls-cert-file=/etc/kubernetes/server.crt --tls-private-key-file=/etc/kubernetes/server.key --basic-auth-file=/etc/kubernetes/passwd --authorization-mode=ABAC --authorization-policy-file=/etc/kubernetes/authorization"' >> apiserver
|
|
echo 'KUBE_CONTROLLER_MANAGER_ARGS="--root-ca-file=/etc/kubernetes/ca.crt --service-account-private-key-file=/etc/kubernetes/server.key"' >> controller-manager
|
|
|