This script will automate the creation of the PKI material, kubeconfigs, and other authentication files for the Kubernetes cluster.

We start by downloading the CloudFlare SSL utilities. The PKI cryptographic material can be created using many different utilities (openssl, easy-rsa etc.), however the cfssl tools were used by Kelsey Hightower, and have been used in many other tutorials as well.

This script will create a directory called certs-dir into which all the other output files will be saved.

The first file created is the self-signed Certificate Authority. If you have your own CA you want to use, you'll need to perform this step manually, making sure you create all the necessary files. This CA will be used to sign all subsequent PKI files listed below. [Files created: ca-config.json ca.csr ca-csr.json ca-key.pem ca.pem]

Key material is then created for the 'admin' user of our Kubernetes cluster.[Files created: admin.csr admin-csr.json admin-key.pem admin.pem]

Client certificates are created for each worker node [Files created: worker-X.csr worker-X-csr.json worker-X-key.pem worker-X.pem] (where X is the instance number of the worker node) NOTE: THIS IS USING A HARDCODED VALUE OF 2 FOR THE WORKER NODES. THIS NEEDS TO BE UPDATED TO CALCULATE THE NUMBER OF WORKER NODES.

The Kubernetes controller manager certificate and key are created next. [Files created: kube-controller-manager.csr kube-controller-manager-csr.json kube-controller-manager-key.pem kube-controller-manager.pem]

The Kubernetes Proxy certificate and key are created next. [Files created: kube-proxy.xsr kube-proxy-csr.json kube-proxy-key.pem kube-proxy.pem]

The Kubernetes Scheduler certificate and key are then created. [Files created: kube-scheduler.csr kube-scheduler-csr.json kube-scheduler-key.pem kube-scheduler.pem]

The Kubernets API Server certificate and key are created next. [Files created: kubernetes.csr kubernetes-csr.json kubernetes-key.pem kubernetes.pem] NOTE: THIS IS USING HARDCODED IP ADDRESSES AND IS ONLY SET FOR 2 MASTER NODES. THIS NEEDS TO BE UPDATED TO CALCULATE THE MASTER NODE ADDRESSES CORRECTLY

The service account certificate and key are then created. [Files created: service-account.xsr service-account-csr.json service-account-key.pem service-account.pem]

The client kubeconfig authentication files are created for each worker node. [Files created: worker-X.kubeconfig] (where X is the instance number of the worker node) NOTE:
THIS IS USING A HARDCODED VALUE OF 2 FOR THE WORKER NODES. THIS NEEDS TO BE UPDATED TO CALCULATE THE NUMBER OF WORKER NODES.

The Kubernetes Proxy kubeconfig file is created next. [Files created: kube-proxy.kubeconfig]

The Kubernetes Controller Manager kubeconfig is created next. [Files created: kube-controller-manager.kubeconfig]

The Kubernetes Scheduler kubeconfig is created next. [Files created: kube-scheduler.kubeconfig]

The admin user kubeconfig file is then created. [Files created: admin.kubeconfig]

The relevant key material files are then copied to the worker nodes and master nodes as required.

Finally, a data encryption key is created and copied to the master nodes.