## 創建證書文件 ``` mkdir -p /opt/ssl/etcd/ # 生成 ETCD CA證書和私鑰 cfssl gencert -initca /opt/k8s/ssl/etcd-ca-csr.json | cfssljson -bare etcd-ca # 生成 ETCD Server 服務端證書和私鑰 cfssl gencert -ca=etcd-ca.pem -ca-key=etcd-ca-key.pem \ -config=/opt/k8s/ssl/ca-config.json \ -profile=kubernetes /opt/k8s/ssl/etcd_server.json | cfssljson -bare etcd_server # 生成 ETCD 客戶端證書和私鑰 cfssl gencert -ca=etcd-ca.pem -ca-key=etcd-ca-key.pem \ -config=/opt/k8s/ssl/ca-config.json \ -profile=kubernetes /opt/k8s/ssl/client.json | cfssljson -bare etcd_client # 為節點member1生成證書和私鑰: # 針對etcd服務,每個etcd節點上按照上述方法生成相應的證書和私鑰 cfssl gencert -ca=etcd-ca.pem -ca-key=etcd-ca-key.pem \ -config=/opt/k8s/ssl/ca-config.json \ -profile=kubernetes /opt/k8s/ssl/etcd_member01.json | cfssljson -bare etcd_member01 cfssl gencert -ca=etcd-ca.pem -ca-key=etcd-ca-key.pem \ -config=/opt/k8s/ssl/ca-config.json \ -profile=kubernetes /opt/k8s/ssl/etcd_member02.json | cfssljson -bare etcd_member02 cfssl gencert -ca=etcd-ca.pem -ca-key=etcd-ca-key.pem \ -config=/opt/k8s/ssl/ca-config.json \ -profile=kubernetes /opt/k8s/ssl/etcd_member03.json | cfssljson -bare etcd_member03 ? # 生成CA證書和私鑰 cfssl gencert -initca /opt/k8s/ssl/ca-csr.json | cfssljson -bare ca - ? # 生成客戶端證書和私鑰 cfssl gencert -ca=ca.pem -ca-key=ca-key.pem \ -config=/opt/k8s/ssl/ca-config.json \ -profile=client /opt/k8s/ssl/client.json | cfssljson -bare client ? ```