alexlebens/external-snapshotter
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update CertificateSigningRequest apiversion

Browse Source
This commit is contained in:
kartik494
2021-09-09 07:38:33 +05:30
parent 390a2debe9
commit f8992bb04d
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
deploy/kubernetes/webhook-example/create-cert.sh
View File

@@ -72,14 +72,14 @@ DNS.3 = ${service}.${namespace}.svc
EOF EOF
openssl genrsa -out ${tmpdir}/server-key.pem 2048 openssl genrsa -out ${tmpdir}/server-key.pem 2048
openssl req -new -key ${tmpdir}/server-key.pem -subj "/CN=${service}.${namespace}.svc" -out ${tmpdir}/server.csr -config ${tmpdir}/csr.conf openssl req -new -key ${tmpdir}/server-key.pem -subj "/CN=system:node:${service}.${namespace}.svc;/O=system:nodes" -out ${tmpdir}/server.csr -config ${tmpdir}/csr.conf
# clean-up any previously created CSR for our service. Ignore errors if not present. # clean-up any previously created CSR for our service. Ignore errors if not present.
kubectl delete csr ${csrName} 2>/dev/null || true kubectl delete csr ${csrName} 2>/dev/null || true
# create server cert/key CSR and send to k8s API # create server cert/key CSR and send to k8s API
cat <<EOF | kubectl create -f - cat <<EOF | kubectl create -f -
apiVersion: certificates.k8s.io/v1beta1 apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest kind: CertificateSigningRequest
metadata: metadata:
name: ${csrName} name: ${csrName}
@@ -87,6 +87,7 @@ spec:
groups: groups:
- system:authenticated - system:authenticated
request: $(cat ${tmpdir}/server.csr | base64 | tr -d '\n') request: $(cat ${tmpdir}/server.csr | base64 | tr -d '\n')
signerName: kubernetes.io/kubelet-serving
usages: usages:
- digital signature - digital signature
- key encipherment - key encipherment