生成签署请求

openssl req -new -key ../ca.key -out metrics-server.csr -subj "/C=CN/ST=Guang'dong/L=Sheng'zhen/O=Kubernetes/OU=dev/CN=metrics-server.k8s.com"

CA 签署证书

openssl x509 -req -sha256 -days 36500 -CA ../ca.crt -CAkey ../ca.key -CAcreateserial -in metrics-server.csr -out metrics-server.crt -extensions SAN -extfile <(cat /etc/pki/tls/openssl.cnf; printf "[SAN]\nsubjectAltName=DNS:metrics-server.k8s.com,IP:172.13.0.60")

验证证书

openssl x509 -noout -text -in metrics-server.crt
Logo

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐