您现在的位置是: 网站首页 >Kubernetes >Docker&Kubernetes技术全解 Kubernetes
【K8s+Docker技术全解】14.关于k8s证书
admin2020年10月19日 23:09 【Docker | Kubernetes | Linux 】 1656人已围观
Docker&Kubernetes技术全解简介 Kubernetes 是一个可移植的、可扩展的开源平台,用于管理容器化的工作负载和服务,可促进声明式配置和自动化。Kubernetes 拥有一个庞大且快速增长的生态系统。Kubernetes 的服务、支持和工具广泛可用。 课程来自老男孩教育学习总结。
# 关于k8s证书 cfssl工具: - cfssl:证书签发的主要工具 - cfssl-json:将cfssl生成的证书(json格式)变为文件承载式证书 - cfssl-certinfo:验证证书的信息 ## cfssl-certinfo获取证书信息 ```bash # 192.168.99.200 [root@k8s99-200 ~]# cd /opt/certs/ [root@k8s99-200 certs]# cfssl-certinfo -cert apiserver.pem { "subject": { "common_name": "k8s_apiserver", "country": "CN", "organization": "study", "organizational_unit": "ops", "locality": "chengdu", "province": "sichuan", "names": [ "CN", "sichuan", "chengdu", "study", "ops", "k8s_apiserver" ] }, "issuer": { "common_name": "k8s_study", "country": "CN", "organization": "study", "organizational_unit": "ops", "locality": "chengdu", "province": "sichuan", "names": [ "CN", "sichuan", "chengdu", "study", "ops", "k8s_study" ] }, "serial_number": "381767452717669901308811809761161119465925317271", "sans": [ "kubernetes.default", "kubernetes.default.svc", "kubernetes.default.svc.cluster", "kubernetes.default.svc.cluster.local", "127.0.0.1", "192.168.0.1", "192.168.99.151", "192.168.99.152", "192.168.99.153", "192.168.99.100" ], "not_before": "2020-06-01T14:53:00Z", "not_after": "2021-06-01T14:53:00Z", "sigalg": "SHA256WithRSA", "authority_key_id": "9B:14:88:31:24:65:1B:A1:F:8D:D2:89:6B:7A:6A:82:27:38:64:D1", "subject_key_id": "67:F2:37:97:2E:40:1B:25:B6:12:D4:B6:DE:19:C2:BB:DD:E7:CF:9B", "pem": "-----BEGIN CERTIFICATE-----\nMIIEfzCCA2egAwIBAgIUQt8Lbf5b3lz2+/6h/XbiH3/FEpcwDQYJKoZIhvcNAQEL\nBQAwYzELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB3NpY2h1YW4xEDAOBgNVBAcTB2No\nZW5nZHUxDjAMBgNVBAoTBXN0dWR5MQwwCgYDVQQLEwNvcHMxEjAQBgNVBAMMCWs4\nc19zdHVkeTAeFw0yMDA2MDExNDUzMDBaFw0yMTA2MDExNDUzMDBaMGcxCzAJBgNV\nBAYTAkNOMRAwDgYDVQQIEwdzaWNodWFuMRAwDgYDVQQHEwdjaGVuZ2R1MQ4wDAYD\nVQQKEwVzdHVkeTEMMAoGA1UECxMDb3BzMRYwFAYDVQQDDA1rOHNfYXBpc2VydmVy\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxkKCKrt9uDDaOJl3UvLf\n9gwsvPEm5T7kT6w4U0+3m9G93PgV+AOx7rOtLNpe3ShQ+B2WeWjqK8/XLaDWjGfW\nNAEHrYH41n1KX4K+3LMrx4a1W2TK95UVlVp4iz0S4wp2Ln+rjBSI4SeXQZ6Xa8Zx\n/VOcKsKPk/5yiM0HoButrWh+oseQJmTtXchtLbQHWYMzmTSUOwrexN65SlHEqqKd\njfOccAP573MAr9o4yXhdVsQDzyfrYlvLVzfkEgA7EfdvKqaNcQ6PzJfyO5j/ERQ4\nc3BHbcCytQ80lE8MgdwoPJ9MugYLHlPKz6icOgEzeUwFriWGM06mXiD4Gi7kYWnf\nUwIDAQABo4IBJTCCASEwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUF\nBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBRn8jeXLkAbJbYS\n1LbeGcK73efPmzAfBgNVHSMEGDAWgBSbFIgxJGUboQ+N0olremqCJzhk0TCBoQYD\nVR0RBIGZMIGWghJrdWJlcm5ldGVzLmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVs\ndC5zdmOCHmt1YmVybmV0ZXMuZGVmYXVsdC5zdmMuY2x1c3RlcoIka3ViZXJuZXRl\ncy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FshwR/AAABhwTAqAABhwTAqGOXhwTA\nqGOYhwTAqGOZhwTAqGNkMA0GCSqGSIb3DQEBCwUAA4IBAQAnZpCtP+CwZACymglM\ngPy15Jl8wls25lqCaFcCkVutixD09ZQ8GlviUbjNQ0JYjf71rzo97GBikpJxlbzF\nfGNuBtoUu5xGQRuSqWZQeHtyRlACed+vcicgvDBKgj4rhzqoCee1VvlPhLfQipUB\nc7q3eWX7hhz7RyvwwKGSYyt9KR+HcIRwrbxfOCDcMHAJ6gCbkicmV/h9B/74tT/o\nyfqmb9eADogautihfMBpLuBWlyLYjBhxS7b6PLH3Fe1MKj+O/UsJRpKGPkcuf4Yd\no/F9FlzBOB31S+D+ls85391C7aVSqFGZ24ItfeOnC4kenHQLkVmuFRk6bRGbcTkx\nYelB\n-----END CERTIFICATE-----\n" } # 可以看到该证书的详细信息,还原成json格式 # issuer:CA证书 # sans:显示哪些节点可以用的 # not_before:证书签发时间 # not_after:证书过期时间,所以接手集群管理,一定要先检查证书的过期时间,否则,过期之后,集群就不能正常使用了 ``` ## cfssl-certinfo获取域名证书信息 还可以显示某个域名的证书信息 ```bash [root@k8s99-200 certs]# cfssl-certinfo -domain www.baidu.com { "subject": { "common_name": "baidu.com", "country": "CN", "organization": "Beijing Baidu Netcom Science Technology Co., Ltd", "organizational_unit": "service operation department", "locality": "beijing", "province": "beijing", "names": [ "CN", "beijing", "beijing", "service operation department", "Beijing Baidu Netcom Science Technology Co., Ltd", "baidu.com" ] }, "issuer": { "common_name": "GlobalSign Organization Validation CA - SHA256 - G2", "country": "BE", "organization": "GlobalSign nv-sa", "names": [ "BE", "GlobalSign nv-sa", "GlobalSign Organization Validation CA - SHA256 - G2" ] }, "serial_number": "35388244279832734960132917320", "sans": [ "baidu.com", "baifubao.com", "www.baidu.cn", "www.baidu.com.cn", "mct.y.nuomi.com", "apollo.auto", "dwz.cn", "*.baidu.com", "*.baifubao.com", "*.baidustatic.com", "*.bdstatic.com", "*.bdimg.com", "*.hao123.com", "*.nuomi.com", "*.chuanke.com", "*.trustgo.com", "*.bce.baidu.com", "*.eyun.baidu.com", "*.map.baidu.com", "*.mbd.baidu.com", "*.fanyi.baidu.com", "*.baidubce.com", "*.mipcdn.com", "*.news.baidu.com", "*.baidupcs.com", "*.aipage.com", "*.aipage.cn", "*.bcehost.com", "*.safe.baidu.com", "*.im.baidu.com", "*.baiducontent.com", "*.dlnel.com", "*.dlnel.org", "*.dueros.baidu.com", "*.su.baidu.com", "*.91.com", "*.hao123.baidu.com", "*.apollo.auto", "*.xueshu.baidu.com", "*.bj.baidubce.com", "*.gz.baidubce.com", "*.smartapps.cn", "*.bdtjrcv.com", "*.hao222.com", "*.haokan.com", "*.pae.baidu.com", "*.vd.bdstatic.com", "click.hm.baidu.com", "log.hm.baidu.com", "cm.pos.baidu.com", "wn.pos.baidu.com", "update.pan.baidu.com" ], "not_before": "2020-04-02T07:04:58Z", "not_after": "2021-07-26T05:31:02Z", "sigalg": "SHA256WithRSA", "authority_key_id": "96:DE:61:F1:BD:1C:16:29:53:1C:C0:CC:7D:3B:83:0:40:E6:1A:7C", "subject_key_id": "9E:C9:79:D7:E9:5B:AB:8A:16:CC:32:8E:C6:99:E6:9F:20:42:35:87", "pem": "-----BEGIN CERTIFICATE-----\nMIIKLjCCCRagAwIBAgIMclh4Nm6fVugdQYhIMA0GCSqGSIb3DQEBCwUAMGYxCzAJ\nBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMTwwOgYDVQQDEzNH\nbG9iYWxTaWduIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIENBIC0gU0hBMjU2IC0g\nRzIwHhcNMjAwNDAyMDcwNDU4WhcNMjEwNzI2MDUzMTAyWjCBpzELMAkGA1UEBhMC\nQ04xEDAOBgNVBAgTB2JlaWppbmcxEDAOBgNVBAcTB2JlaWppbmcxJTAjBgNVBAsT\nHHNlcnZpY2Ugb3BlcmF0aW9uIGRlcGFydG1lbnQxOTA3BgNVBAoTMEJlaWppbmcg\nQmFpZHUgTmV0Y29tIFNjaWVuY2UgVGVjaG5vbG9neSBDby4sIEx0ZDESMBAGA1UE\nAxMJYmFpZHUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwamw\nrkca0lfrHRUfblyy5PgLINvqAN8p/6RriSZLnyMv7FewirhGQCp+vNxaRZdPrUEO\nvCCGSwxdVSFH4jE8V6fsmUfrRw1y18gWVHXv00URD0vOYHpGXCh0ro4bvthwZnuo\nk0ko0qN2lFXefCfyD/eYDK2G2sau/Z/w2YEympfjIe4EkpbkeBHlxBAOEDF6Speg\n68ebxNqJN6nDN9dWsX9Sx9kmCtavOBaxbftzebFoeQOQ64h7jEiRmFGlB5SGpXhG\neY9Ym+k1Wafxe1cxCpDPJM4NJOeSsmrp5pY3Crh8hy900lzoSwpfZhinQYbPJqYI\njqVJF5JTs5Glz1OwMQIDAQABo4IGmDCCBpQwDgYDVR0PAQH/BAQDAgWgMIGgBggr\nBgEFBQcBAQSBkzCBkDBNBggrBgEFBQcwAoZBaHR0cDovL3NlY3VyZS5nbG9iYWxz\naWduLmNvbS9jYWNlcnQvZ3Nvcmdhbml6YXRpb252YWxzaGEyZzJyMS5jcnQwPwYI\nKwYBBQUHMAGGM2h0dHA6Ly9vY3NwMi5nbG9iYWxzaWduLmNvbS9nc29yZ2FuaXph\ndGlvbnZhbHNoYTJnMjBWBgNVHSAETzBNMEEGCSsGAQQBoDIBFDA0MDIGCCsGAQUF\nBwIBFiZodHRwczovL3d3dy5nbG9iYWxzaWduLmNvbS9yZXBvc2l0b3J5LzAIBgZn\ngQwBAgIwCQYDVR0TBAIwADBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmds\nb2JhbHNpZ24uY29tL2dzL2dzb3JnYW5pemF0aW9udmFsc2hhMmcyLmNybDCCA04G\nA1UdEQSCA0UwggNBggliYWlkdS5jb22CDGJhaWZ1YmFvLmNvbYIMd3d3LmJhaWR1\nLmNughB3d3cuYmFpZHUuY29tLmNugg9tY3QueS5udW9taS5jb22CC2Fwb2xsby5h\ndXRvggZkd3ouY26CCyouYmFpZHUuY29tgg4qLmJhaWZ1YmFvLmNvbYIRKi5iYWlk\ndXN0YXRpYy5jb22CDiouYmRzdGF0aWMuY29tggsqLmJkaW1nLmNvbYIMKi5oYW8x\nMjMuY29tggsqLm51b21pLmNvbYINKi5jaHVhbmtlLmNvbYINKi50cnVzdGdvLmNv\nbYIPKi5iY2UuYmFpZHUuY29tghAqLmV5dW4uYmFpZHUuY29tgg8qLm1hcC5iYWlk\ndS5jb22CDyoubWJkLmJhaWR1LmNvbYIRKi5mYW55aS5iYWlkdS5jb22CDiouYmFp\nZHViY2UuY29tggwqLm1pcGNkbi5jb22CECoubmV3cy5iYWlkdS5jb22CDiouYmFp\nZHVwY3MuY29tggwqLmFpcGFnZS5jb22CCyouYWlwYWdlLmNugg0qLmJjZWhvc3Qu\nY29tghAqLnNhZmUuYmFpZHUuY29tgg4qLmltLmJhaWR1LmNvbYISKi5iYWlkdWNv\nbnRlbnQuY29tggsqLmRsbmVsLmNvbYILKi5kbG5lbC5vcmeCEiouZHVlcm9zLmJh\naWR1LmNvbYIOKi5zdS5iYWlkdS5jb22CCCouOTEuY29tghIqLmhhbzEyMy5iYWlk\ndS5jb22CDSouYXBvbGxvLmF1dG+CEioueHVlc2h1LmJhaWR1LmNvbYIRKi5iai5i\nYWlkdWJjZS5jb22CESouZ3ouYmFpZHViY2UuY29tgg4qLnNtYXJ0YXBwcy5jboIN\nKi5iZHRqcmN2LmNvbYIMKi5oYW8yMjIuY29tggwqLmhhb2thbi5jb22CDyoucGFl\nLmJhaWR1LmNvbYIRKi52ZC5iZHN0YXRpYy5jb22CEmNsaWNrLmhtLmJhaWR1LmNv\nbYIQbG9nLmhtLmJhaWR1LmNvbYIQY20ucG9zLmJhaWR1LmNvbYIQd24ucG9zLmJh\naWR1LmNvbYIUdXBkYXRlLnBhbi5iYWlkdS5jb20wHQYDVR0lBBYwFAYIKwYBBQUH\nAwEGCCsGAQUFBwMCMB8GA1UdIwQYMBaAFJbeYfG9HBYpUxzAzH07gwBA5hp8MB0G\nA1UdDgQWBBSeyXnX6VurihbMMo7GmeafIEI1hzCCAX4GCisGAQQB1nkCBAIEggFu\nBIIBagFoAHYAXNxDkv7mq0VEsV6a1FbmEDf71fpH3KFzlLJe5vbHDsoAAAFxObU8\nugAABAMARzBFAiBphmgxIbNZXaPWiUqXRWYLaRST38KecoekKIof5fXmsgIhAMkZ\ntF8XyKCu/nZll1e9vIlKbW8RrUr/74HpmScVRRsBAHYAb1N2rDHwMRnYmQCkURX/\ndxUcEdkCwQApBo2yCJo32RMAAAFxObU85AAABAMARzBFAiBURWwwTgXZ+9IV3mhm\nE0EOzbg901DLRszbLIpafDY/XgIhALsvEGqbBVrpGxhKoTVlz7+GWom8SrfUeHcn\n4+9Dn7xGAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAFxObU8\nqwAABAMARzBFAiBFBYPxKEdhlf6bqbwxQY7tskgdoFulPxPmdrzS5tNpPwIhAKnK\nqwzch98lINQYzLAV52+C8GXZPXFZNfhfpM4tQ6xbMA0GCSqGSIb3DQEBCwUAA4IB\nAQC83ALQ2d6MxeLZ/k3vutEiizRCWYSSMYLVCrxANdsGshNuyM8B8V/A57c0Nzqo\nCPKfMtX5IICfv9P/bUecdtHL8cfx24MzN+U/GKcA4r3a/k8pRVeHeF9ThQ2zo1xj\nk/7gJl75koztdqNfOeYiBTbFMnPQzVGqyMMfqKxbJrfZlGAIgYHT9bd6T985IVgz\ntRVjAoy4IurZenTsWkG7PafJ4kAh6jQaSu1zYEbHljuZ5PXlkhPO9DwW1WIPug6Z\nrlylLTTYmlW3WETOATi70HYsZN6NACuZ4t1hEO3AsF7lqjdA2HwTN10FX2HuaUvf\n5OzP+PKupV9VKw8x8mQKU6vr\n-----END CERTIFICATE-----\n" } ``` ## .kubeconfig文本内容中证书信息 kubeconfig文件: - k8s用户的配置文件 - 里面含有证书信息 - 证书过期或更换,需要同步替换该文件 判断节点上`kubelet.kubeconfig`这个文件是否一样 ```bash # 192.168.99.151 [root@k8s99-151 ~]# cd /opt/kubernetes/server/bin/conf/ [root@k8s99-151 conf]# md5sum kubelet.kubeconfig 27e6585c7b01ff7eb8167bdf18ba85ba kubelet.kubeconfig # 192.168.99.152 [root@k8s99-152 ~]# cd /opt/kubernetes/server/bin/conf/ [root@k8s99-152 conf]# md5sum kubelet.kubeconfig 27e6585c7b01ff7eb8167bdf18ba85ba kubelet.kubeconfig # 也可以拿到里面的字符串,反解,即从.kubeconfig获得该证书 [root@k8s99-152 conf]# cat kubelet.kubeconfig | grep data # 复制里面ca证书的内容使用base64反解测试 [root@k8s99-152 conf]# echo "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR1akNDQXFLZ0F3SUJBZ0lVU1Nvd1dvdGp0SUhDaHQwTGt2TGY4b0lVZWRjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1l6RUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjNOcFkyaDFZVzR4RURBT0JnTlZCQWNUQjJObwpaVzVuWkhVeERqQU1CZ05WQkFvVEJYTjBkV1I1TVF3d0NnWURWUVFMRXdOdmNITXhFakFRQmdOVkJBTU1DV3M0CmMxOXpkSFZrZVRBZUZ3MHlNREEyTURFeE1qSXhNREJhRncwME1EQTFNamN4TWpJeE1EQmFNR014Q3pBSkJnTlYKQkFZVEFrTk9NUkF3RGdZRFZRUUlFd2R6YVdOb2RXRnVNUkF3RGdZRFZRUUhFd2RqYUdWdVoyUjFNUTR3REFZRApWUVFLRXdWemRIVmtlVEVNTUFvR0ExVUVDeE1EYjNCek1SSXdFQVlEVlFRRERBbHJPSE5mYzNSMVpIa3dnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQy9FWHhyeVRoQTYrbld3Vm9DSTdMUEhwT28KVXpvMlhGU2FvZ05kbXZKMVZnbU9XdDk4Y0NVZTk5NlhnM2Uvay9xamZvN2hUWklwblhGYTlYWCtyMTJoVk5vagplWXJuVG1lYVZKWjJpTGw3cTJUdGI0QjdjdTU1Q1hoVmhoK0RGWnl4d1paT0Rqb1AxdUVZSHpmZjF5VmlnbUdwCkIwN3Yzd3lNcUlpVHEvY0xQVTFlUXdnUGk3bW10N1ptdExNZWNOeklJK1I3NmJLRU5ET3RuUzJhc3lxQ01pbnMKVHVXNjJNWWRGVFgySlk1TERyNm1zTGZiaDlvQ25MQ0M4cmNXQnZ3WHEwMXVidm50VHNWMGZSQ3VwSHpyYTQ4RQpTOVZKTHZoM1N4RHU1OU9ZVUVJZ01uRVlrYng3bWJiWks3Yzl1RFlGMTQ0UGNPSi9YUnIrWWp6L0p5UUhBZ01CCkFBR2paakJrTUE0R0ExVWREd0VCL3dRRUF3SUJCakFTQmdOVkhSTUJBZjhFQ0RBR0FRSC9BZ0VDTUIwR0ExVWQKRGdRV0JCU2JGSWd4SkdVYm9RK04wb2xyZW1xQ0p6aGswVEFmQmdOVkhTTUVHREFXZ0JTYkZJZ3hKR1Vib1ErTgowb2xyZW1xQ0p6aGswVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBSks5a1l0RmtMQ2FpUFliaklxM3NZRkpSCnY1VzJKdkNXU2gyZ0V1aUlhZVJmYUMySlJMZkcyQk9TeFk3djdkaTRwSGF0N2QwSFJ1SjBMWmp5Z0lTaUtDN1MKKzJSNXI4cVJiamx2aUNVNzF1Tzl2cDR2dit3MmdRd0hpakQwZXlsL0l1K3FuVFV0czV4M2FuQXM3cVRhUWp5NgpXSHM0U0xCU3dVZ2JuOW9QZG5sVmR3b0Y1dURiVVF0cTJzMHlZTE9SbjFTSE5hS0pycGpnaGZuYllHaDVRQlpXCmNPaDVBYVhrVVBCWkNYZVFadUlxWEZMbTlsTGYydTlHU1dtVWQxTUpWR05WcHU2UStyYk1xMXphbmJNczJmQVUKVDJORzhTMmwwb29KVS9PQS94ekZreUxoaUNMb0Zhb3N5b00rb3JWUUI1Y3JqbGU1MnN4S3hkdi9BcjVmd2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" | base64 -d -----BEGIN CERTIFICATE----- MIIDujCCAqKgAwIBAgIUSSowWotjtIHCht0LkvLf8oIUedcwDQYJKoZIhvcNAQEL BQAwYzELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB3NpY2h1YW4xEDAOBgNVBAcTB2No ZW5nZHUxDjAMBgNVBAoTBXN0dWR5MQwwCgYDVQQLEwNvcHMxEjAQBgNVBAMMCWs4 c19zdHVkeTAeFw0yMDA2MDExMjIxMDBaFw00MDA1MjcxMjIxMDBaMGMxCzAJBgNV BAYTAkNOMRAwDgYDVQQIEwdzaWNodWFuMRAwDgYDVQQHEwdjaGVuZ2R1MQ4wDAYD VQQKEwVzdHVkeTEMMAoGA1UECxMDb3BzMRIwEAYDVQQDDAlrOHNfc3R1ZHkwggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/EXxryThA6+nWwVoCI7LPHpOo Uzo2XFSaogNdmvJ1VgmOWt98cCUe996Xg3e/k/qjfo7hTZIpnXFa9XX+r12hVNoj eYrnTmeaVJZ2iLl7q2Ttb4B7cu55CXhVhh+DFZyxwZZODjoP1uEYHzff1yVigmGp B07v3wyMqIiTq/cLPU1eQwgPi7mmt7ZmtLMecNzII+R76bKENDOtnS2asyqCMins TuW62MYdFTX2JY5LDr6msLfbh9oCnLCC8rcWBvwXq01ubvntTsV0fRCupHzra48E S9VJLvh3SxDu59OYUEIgMnEYkbx7mbbZK7c9uDYF144PcOJ/XRr+Yjz/JyQHAgMB AAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1Ud DgQWBBSbFIgxJGUboQ+N0olremqCJzhk0TAfBgNVHSMEGDAWgBSbFIgxJGUboQ+N 0olremqCJzhk0TANBgkqhkiG9w0BAQsFAAOCAQEAJK9kYtFkLCaiPYbjIq3sYFJR v5W2JvCWSh2gEuiIaeRfaC2JRLfG2BOSxY7v7di4pHat7d0HRuJ0LZjygISiKC7S +2R5r8qRbjlviCU71uO9vp4vv+w2gQwHijD0eyl/Iu+qnTUts5x3anAs7qTaQjy6 WHs4SLBSwUgbn9oPdnlVdwoF5uDbUQtq2s0yYLORn1SHNaKJrpjghfnbYGh5QBZW cOh5AaXkUPBZCXeQZuIqXFLm9lLf2u9GSWmUd1MJVGNVpu6Q+rbMq1zanbMs2fAU T2NG8S2l0ooJU/OA/xzFkyLhiCLoFaosyoM+orVQB5crjle52sxKxdv/Ar5fwg== -----END CERTIFICATE----- # 即为 ca.pem 证书的内容 # 将证书输出重定向到文件中 [root@k8s99-200 certs]# echo "LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR1akNDQXFLZ0F3SUJBZ0lVU1Nvd1dvdGp0SUhDaHQwTGt2TGY4b0lVZWRjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1l6RUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjNOcFkyaDFZVzR4RURBT0JnTlZCQWNUQjJObwpaVzVuWkhVeERqQU1CZ05WQkFvVEJYTjBkV1I1TVF3d0NnWURWUVFMRXdOdmNITXhFakFRQmdOVkJBTU1DV3M0CmMxOXpkSFZrZVRBZUZ3MHlNREEyTURFeE1qSXhNREJhRncwME1EQTFNamN4TWpJeE1EQmFNR014Q3pBSkJnTlYKQkFZVEFrTk9NUkF3RGdZRFZRUUlFd2R6YVdOb2RXRnVNUkF3RGdZRFZRUUhFd2RqYUdWdVoyUjFNUTR3REFZRApWUVFLRXdWemRIVmtlVEVNTUFvR0ExVUVDeE1EYjNCek1SSXdFQVlEVlFRRERBbHJPSE5mYzNSMVpIa3dnZ0VpCk1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQy9FWHhyeVRoQTYrbld3Vm9DSTdMUEhwT28KVXpvMlhGU2FvZ05kbXZKMVZnbU9XdDk4Y0NVZTk5NlhnM2Uvay9xamZvN2hUWklwblhGYTlYWCtyMTJoVk5vagplWXJuVG1lYVZKWjJpTGw3cTJUdGI0QjdjdTU1Q1hoVmhoK0RGWnl4d1paT0Rqb1AxdUVZSHpmZjF5VmlnbUdwCkIwN3Yzd3lNcUlpVHEvY0xQVTFlUXdnUGk3bW10N1ptdExNZWNOeklJK1I3NmJLRU5ET3RuUzJhc3lxQ01pbnMKVHVXNjJNWWRGVFgySlk1TERyNm1zTGZiaDlvQ25MQ0M4cmNXQnZ3WHEwMXVidm50VHNWMGZSQ3VwSHpyYTQ4RQpTOVZKTHZoM1N4RHU1OU9ZVUVJZ01uRVlrYng3bWJiWks3Yzl1RFlGMTQ0UGNPSi9YUnIrWWp6L0p5UUhBZ01CCkFBR2paakJrTUE0R0ExVWREd0VCL3dRRUF3SUJCakFTQmdOVkhSTUJBZjhFQ0RBR0FRSC9BZ0VDTUIwR0ExVWQKRGdRV0JCU2JGSWd4SkdVYm9RK04wb2xyZW1xQ0p6aGswVEFmQmdOVkhTTUVHREFXZ0JTYkZJZ3hKR1Vib1ErTgowb2xyZW1xQ0p6aGswVEFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBSks5a1l0RmtMQ2FpUFliaklxM3NZRkpSCnY1VzJKdkNXU2gyZ0V1aUlhZVJmYUMySlJMZkcyQk9TeFk3djdkaTRwSGF0N2QwSFJ1SjBMWmp5Z0lTaUtDN1MKKzJSNXI4cVJiamx2aUNVNzF1Tzl2cDR2dit3MmdRd0hpakQwZXlsL0l1K3FuVFV0czV4M2FuQXM3cVRhUWp5NgpXSHM0U0xCU3dVZ2JuOW9QZG5sVmR3b0Y1dURiVVF0cTJzMHlZTE9SbjFTSE5hS0pycGpnaGZuYllHaDVRQlpXCmNPaDVBYVhrVVBCWkNYZVFadUlxWEZMbTlsTGYydTlHU1dtVWQxTUpWR05WcHU2UStyYk1xMXphbmJNczJmQVUKVDJORzhTMmwwb29KVS9PQS94ekZreUxoaUNMb0Zhb3N5b00rb3JWUUI1Y3JqbGU1MnN4S3hkdi9BcjVmd2c9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==" | base64 -d > test.pem # 获取该证书的信息 [root@k8s99-200 certs]# cfssl-certinfo -cert test.pem { "subject": { "common_name": "k8s_study", "country": "CN", "organization": "study", "organizational_unit": "ops", "locality": "chengdu", "province": "sichuan", "names": [ "CN", "sichuan", "chengdu", "study", "ops", "k8s_study" ] }, "issuer": { "common_name": "k8s_study", "country": "CN", "organization": "study", "organizational_unit": "ops", "locality": "chengdu", "province": "sichuan", "names": [ "CN", "sichuan", "chengdu", "study", "ops", "k8s_study" ] }, "serial_number": "417697169768896708734727760628889136572870719959", "not_before": "2020-06-01T12:21:00Z", "not_after": "2040-05-27T12:21:00Z", "sigalg": "SHA256WithRSA", "authority_key_id": "9B:14:88:31:24:65:1B:A1:F:8D:D2:89:6B:7A:6A:82:27:38:64:D1", "subject_key_id": "9B:14:88:31:24:65:1B:A1:F:8D:D2:89:6B:7A:6A:82:27:38:64:D1", "pem": "-----BEGIN CERTIFICATE-----\nMIIDujCCAqKgAwIBAgIUSSowWotjtIHCht0LkvLf8oIUedcwDQYJKoZIhvcNAQEL\nBQAwYzELMAkGA1UEBhMCQ04xEDAOBgNVBAgTB3NpY2h1YW4xEDAOBgNVBAcTB2No\nZW5nZHUxDjAMBgNVBAoTBXN0dWR5MQwwCgYDVQQLEwNvcHMxEjAQBgNVBAMMCWs4\nc19zdHVkeTAeFw0yMDA2MDExMjIxMDBaFw00MDA1MjcxMjIxMDBaMGMxCzAJBgNV\nBAYTAkNOMRAwDgYDVQQIEwdzaWNodWFuMRAwDgYDVQQHEwdjaGVuZ2R1MQ4wDAYD\nVQQKEwVzdHVkeTEMMAoGA1UECxMDb3BzMRIwEAYDVQQDDAlrOHNfc3R1ZHkwggEi\nMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/EXxryThA6+nWwVoCI7LPHpOo\nUzo2XFSaogNdmvJ1VgmOWt98cCUe996Xg3e/k/qjfo7hTZIpnXFa9XX+r12hVNoj\neYrnTmeaVJZ2iLl7q2Ttb4B7cu55CXhVhh+DFZyxwZZODjoP1uEYHzff1yVigmGp\nB07v3wyMqIiTq/cLPU1eQwgPi7mmt7ZmtLMecNzII+R76bKENDOtnS2asyqCMins\nTuW62MYdFTX2JY5LDr6msLfbh9oCnLCC8rcWBvwXq01ubvntTsV0fRCupHzra48E\nS9VJLvh3SxDu59OYUEIgMnEYkbx7mbbZK7c9uDYF144PcOJ/XRr+Yjz/JyQHAgMB\nAAGjZjBkMA4GA1UdDwEB/wQEAwIBBjASBgNVHRMBAf8ECDAGAQH/AgECMB0GA1Ud\nDgQWBBSbFIgxJGUboQ+N0olremqCJzhk0TAfBgNVHSMEGDAWgBSbFIgxJGUboQ+N\n0olremqCJzhk0TANBgkqhkiG9w0BAQsFAAOCAQEAJK9kYtFkLCaiPYbjIq3sYFJR\nv5W2JvCWSh2gEuiIaeRfaC2JRLfG2BOSxY7v7di4pHat7d0HRuJ0LZjygISiKC7S\n+2R5r8qRbjlviCU71uO9vp4vv+w2gQwHijD0eyl/Iu+qnTUts5x3anAs7qTaQjy6\nWHs4SLBSwUgbn9oPdnlVdwoF5uDbUQtq2s0yYLORn1SHNaKJrpjghfnbYGh5QBZW\ncOh5AaXkUPBZCXeQZuIqXFLm9lLf2u9GSWmUd1MJVGNVpu6Q+rbMq1zanbMs2fAU\nT2NG8S2l0ooJU/OA/xzFkyLhiCLoFaosyoM+orVQB5crjle52sxKxdv/Ar5fwg==\n-----END CERTIFICATE-----\n" } ```
很赞哦! (1)
相关文章
文章交流
- emoji
当前用户
未登录,点击 登录专题目录
- 【K8s+Docker技术全解】01.Kubernetes快速入门概述
- 【K8s+Docker技术全解】02.k8s搭建环境准备-准备DNS服务
- 【K8s+Docker技术全解】03.k8s搭建环境准备-证书签发环境和Docker环境
- 【K8s+Docker技术全解】04.运维主机部署Harbor环境
- 【K8s+Docker技术全解】05.部署k8s分布式数据库etcd
- 【K8s+Docker技术全解】06.Master主控节点服务-部署kube-apiserver集群
- 【K8s+Docker技术全解】07.Master主控节点服务-配置nginx4层反向代理
- 【K8s+Docker技术全解】08.Master主控节点服务-keepalived配置vip
- 【K8s+Docker技术全解】09.Master主控节点服务-部署controller-manager
- 【K8s+Docker技术全解】10.Master主控节点服务-部署kube-scheduler、检查集群状态
- 【K8s+Docker技术全解】11.Node运算节点服务-部署kubelet
- 【K8s+Docker技术全解】12.Node运算节点服务-部署kube-proxy
- 【K8s+Docker技术全解】13.验证kubernets集群
- 【K8s+Docker技术全解】14.关于k8s证书
- 【K8s+Docker技术全解】15.管理k8s核心资源方法
- 【kubernetes】使用kubeadm快速搭建k8s集群学习