当我执行此命令以生成kubernetes证书时:
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem \
-config=ca-config.json \
-profile=kubernetes \
kubernetes-csr.json | cfssljson -bare kubernetes
为什么cfssl拍摄节目:
[root@iZuf63refzweg1d9dh94t8Z ssl]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem \
> -config=ca-config.json \
> -profile=kubernetes \
> kubernetes-csr.json | cfssljson -bare kubernetes
2019/08/25 20:02:12 [INFO] generate received request
2019/08/25 20:02:12 [INFO] received CSR
2019/08/25 20:02:12 [INFO] generating key: rsa-2048
2019/08/25 20:02:13 [INFO] encoded CSR
2019/08/25 20:02:13 [INFO] signed certificate with serial number 540759253485135214776496461610290604881680785507
2019/08/25 20:02:13 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
这是我的kubernetes(kubernetes-csr.json)配置:
{
"CN": "kubernetes",
"hosts": [
"127.0.0.1",
"172.19.104.230",
"172.19.150.82",
"172.19.104.231"
],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "k8s",
"OU": "System"
}
]
}
显然它包含主机字段。我正在使用cfssl 1.2版。这是一个错误吗?
答案 0 :(得分:1)
将cfssl版本从v1.2更新到v1.3.4(最新版本):
go get -u github.com/cloudflare/cfssl/cmd/cfssl