jonny/gce-centos-k8s
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
master
gce-centos-k8s/scripts/2_cert_and_auth_create.sh
Jonny Ervine c556fbaad5 new file: 10_delete_kube-dns.sh 
new file:   11_delete_all.sh
	new file:   12_uninstall_etcd.sh
	new file:   3_install_configure_kubernetes.sh
	new file:   5.1_worker_kubelet_setup.sh
	new file:   5.2_worker_kube-proxy_setup.sh
	new file:   5_worker_node_setup.sh
	new file:   6_client_admin_config.sh
	new file:   7_pod_routing.sh
	new file:   8_deploying_kube-dns.sh
	new file:   9_further_tests.sh
	new file:   certs-dir/admin-csr.json
	new file:   certs-dir/admin-key.pem
	new file:   certs-dir/admin.csr
	new file:   certs-dir/admin.kubeconfig
	new file:   certs-dir/admin.pem
	new file:   certs-dir/ca-config.json
	new file:   certs-dir/ca-csr.json
	new file:   certs-dir/ca-key.pem
	new file:   certs-dir/ca.csr
	new file:   certs-dir/ca.pem
	new file:   certs-dir/encryption-config.yaml
	new file:   certs-dir/kube-controller-manager-csr.json
	new file:   certs-dir/kube-controller-manager-key.pem
	new file:   certs-dir/kube-controller-manager.csr
	new file:   certs-dir/kube-controller-manager.kubeconfig
	new file:   certs-dir/kube-controller-manager.pem
	new file:   certs-dir/kube-proxy-csr.json
	new file:   certs-dir/kube-proxy-key.pem
	new file:   certs-dir/kube-proxy.csr
	new file:   certs-dir/kube-proxy.kubeconfig
	new file:   certs-dir/kube-proxy.pem
	new file:   certs-dir/kube-scheduler-csr.json
	new file:   certs-dir/kube-scheduler-key.pem
	new file:   certs-dir/kube-scheduler.csr
	new file:   certs-dir/kube-scheduler.kubeconfig
	new file:   certs-dir/kube-scheduler.pem
	new file:   certs-dir/kubernetes-csr.json
	new file:   certs-dir/kubernetes-key.pem
	new file:   certs-dir/kubernetes.csr
	new file:   certs-dir/kubernetes.pem
	new file:   certs-dir/service-account-csr.json
	new file:   certs-dir/service-account-key.pem
	new file:   certs-dir/service-account.csr
	new file:   certs-dir/service-account.pem
	new file:   certs-dir/worker-0-csr.json
	new file:   certs-dir/worker-0-key.pem
	new file:   certs-dir/worker-0.csr
	new file:   certs-dir/worker-0.kubeconfig
	new file:   certs-dir/worker-0.pem
	new file:   certs-dir/worker-1-csr.json
	new file:   certs-dir/worker-1-key.pem
	new file:   certs-dir/worker-1.csr
	new file:   certs-dir/worker-1.kubeconfig
	new file:   certs-dir/worker-1.pem
	new file:   cni/bridge
	new file:   cni/cni-plugins-amd64-v0.6.0.tgz
	new file:   cni/dhcp
	new file:   cni/flannel
	new file:   cni/host-local
	new file:   cni/ipvlan
	new file:   cni/loopback
	new file:   cni/macvlan
	new file:   cni/portmap
	new file:   cni/ptp
	new file:   cni/sample
	new file:   cni/tuning
	new file:   cni/vlan
	new file:   controller-0/apiserver
	new file:   controller-0/config
	new file:   controller-0/controller-manager
	new file:   controller-0/etcd.conf
	new file:   controller-0/etcd.service
	new file:   controller-0/kube-apiserver.service
	new file:   controller-0/kube-apiserver_rbac.yaml
	new file:   controller-0/kube-controller-manager.service
	new file:   controller-0/kube-scheduler.service
	new file:   controller-0/kube-scheduler.yaml
	new file:   controller-0/kubernetes.default.svc.cluster.local.conf
	new file:   controller-0/kubernetes.repo
	new file:   controller-0/rbac_authorizations.yaml
	new file:   controller-0/scheduler
	new file:   controller-1/apiserver
	new file:   controller-1/config
	new file:   controller-1/controller-manager
	new file:   controller-1/etcd.conf
	new file:   controller-1/etcd.service
	new file:   controller-1/kube-apiserver.service
	new file:   controller-1/kube-apiserver_rbac.yaml
	new file:   controller-1/kube-controller-manager.service
	new file:   controller-1/kube-scheduler.service
	new file:   controller-1/kube-scheduler.yaml
	new file:   controller-1/kubernetes.default.svc.cluster.local.conf
	new file:   controller-1/kubernetes.repo
	new file:   controller-1/rbac_authorizations.yaml
	new file:   controller-1/scheduler
	new file:   controller_manager_setup.sh
	new file:   controller_setup.sh
	new file:   controller_uninstall.sh
	new file:   controllers
	new file:   ctrl-mgr_vars
	new file:   docs/0_Environment_Setup.md
	new file:   docs/10_Create_kube-proxy_Instances.md
	new file:   docs/11_Create_client_kubectl_admin.md
	new file:   docs/12_Create_Pod_Routing_Rules.md
	new file:   docs/13_Create_kube-dns_instances.md
	new file:   docs/14_Additional_Functional_Tests.md
	new file:   docs/15_Delete_kube-dns_Deployment.md
	new file:   docs/16_Uninstall_etcd.md
	new file:   docs/17_Uninstall_Everything.md
	new file:   docs/1_GCloud_Resource_Setup.md
	new file:   docs/2_Certificate_and_Authentication_Creation.md
	new file:   docs/3_Install_and_Configure_etcd.md
	new file:   docs/4_Install_and_Configure_apiserver.md
	new file:   docs/5_Install_and_Configure_Controller_Manager.md
	new file:   docs/6_Install_and_Configure_Scheduler.md
	new file:   docs/7_Create_nginx_Health_Monitor.md
	new file:   docs/8_Create_Load_Balancer.md
	new file:   docs/9a_Create_Kubernetes_Workers_with_Docker.md
	new file:   docs/9b_Create_Kubernetes_Workers_with_containerd.md
	new file:   etcd-listen
	new file:   etcd_setup.sh
	new file:   etcd_vars
	new file:   instance
	new file:   kube-apiserver_setup.sh.orig
	new file:   kube-dns.yaml
	new file:   notes
	new file:   old_stuff/cni/bridge
	new file:   old_stuff/cni/cni-plugins-amd64-v0.6.0.tgz
	new file:   old_stuff/cni/dhcp
	new file:   old_stuff/cni/flannel
	new file:   old_stuff/cni/host-local
	new file:   old_stuff/cni/ipvlan
	new file:   old_stuff/cni/loopback
	new file:   old_stuff/cni/macvlan
	new file:   old_stuff/cni/portmap
	new file:   old_stuff/cni/ptp
	new file:   old_stuff/cni/sample
	new file:   old_stuff/cni/tuning
	new file:   old_stuff/cni/vlan
	new file:   old_stuff/controller-0/apiserver
	new file:   old_stuff/controller-0/config
	new file:   old_stuff/controller-0/controller-manager
	new file:   old_stuff/controller-0/etcd.conf
	new file:   old_stuff/controller-0/etcd.service
	new file:   old_stuff/controller-0/kube-apiserver.service
	new file:   old_stuff/controller-0/kube-apiserver_rbac.yaml
	new file:   old_stuff/controller-0/kube-controller-manager.service
	new file:   old_stuff/controller-0/kube-scheduler.service
	new file:   old_stuff/controller-0/kube-scheduler.yaml
	new file:   old_stuff/controller-0/kubernetes.default.svc.cluster.local.conf
	new file:   old_stuff/controller-0/kubernetes.repo
	new file:   old_stuff/controller-0/rbac_authorizations.yaml
	new file:   old_stuff/controller-0/scheduler
	new file:   old_stuff/controller-1/apiserver
	new file:   old_stuff/controller-1/config
	new file:   old_stuff/controller-1/controller-manager
	new file:   old_stuff/controller-1/etcd.conf
	new file:   old_stuff/controller-1/etcd.service
	new file:   old_stuff/controller-1/kube-apiserver.service
	new file:   old_stuff/controller-1/kube-apiserver_rbac.yaml
	new file:   old_stuff/controller-1/kube-controller-manager.service
	new file:   old_stuff/controller-1/kube-scheduler.service
	new file:   old_stuff/controller-1/kube-scheduler.yaml
	new file:   old_stuff/controller-1/kubernetes.default.svc.cluster.local.conf
	new file:   old_stuff/controller-1/kubernetes.repo
	new file:   old_stuff/controller-1/rbac_authorizations.yaml
	new file:   old_stuff/controller-1/scheduler
	new file:   old_stuff/controllers
	new file:   scheduler_setup.sh
	new file:   scripts/.gce_kubernetes.config
	new file:   scripts/.variables
	new file:   scripts/.worker_variables_0
	new file:   scripts/.worker_variables_1
	new file:   scripts/0_env_setup.sh
	new file:   scripts/10_worker_kube-proxy_setup.sh
	new file:   scripts/11_client_kubectl_admin_setup.sh
	new file:   scripts/12_setup_pod_routing.sh
	new file:   scripts/13_setup_core-dns.sh
	new file:   scripts/13_setup_kube-dns.sh
	new file:   scripts/14_additional_functional_tests.sh
	new file:   scripts/14b_additional_functional_tests.sh
	new file:   scripts/15_delete_kube-dns_pod.sh
	new file:   scripts/16_uninstall_etcd.sh
	new file:   scripts/17_uninstall_everything.sh
	new file:   scripts/1_client_side_gcloud_setup.sh
	new file:   scripts/2_cert_and_auth_create.sh
	new file:   scripts/3_install_configure_etcd.sh
	new file:   scripts/4_install_configure_apiserver.sh
	new file:   scripts/5_install_configure_controller_manager.sh
	new file:   scripts/6_install_configure_scheduler.sh
	new file:   scripts/7_nginx_health_monitor_setup.sh
	new file:   scripts/8_create_load_balancer.sh
	new file:   scripts/9a_worker_kubelet_via_docker_setup.sh
	new file:   scripts/9b_worker_kubelet_via_containerd_setup.sh
	new file:   scripts/controller-files/kube-apiserver_rbac.yaml
	new file:   scripts/controller-files/kubernetes.default.svc.cluster.local.conf
	new file:   scripts/controller-files/rbac_authorizations.yaml
	new file:   scripts/controller_manager_setup.sh
	new file:   scripts/controller_manager_setup.sh.template
	new file:   scripts/core-dns.yaml
	new file:   scripts/ctrl-mgr_vars
	new file:   scripts/etcd_setup.sh
	new file:   scripts/etcd_vars
	new file:   scripts/gvisor_tests.sh
	new file:   scripts/instance
	new file:   scripts/kube-apiserver_setup.sh
	new file:   scripts/kube-apiserver_setup.sh.template
	new file:   scripts/kube-dns.yaml
	new file:   scripts/kube-dns.yaml.1
	new file:   scripts/kube-dns.yaml.2
	new file:   scripts/kube-dns.yaml.3
	new file:   scripts/nginx_health_monitor_setup.sh
	new file:   scripts/scheduler_setup.sh
	new file:   scripts/scheduler_setup.sh.template
	new file:   scripts/untrusted.yaml
	new file:   scripts/worker_kube-proxy_setup.sh
	new file:   scripts/worker_kube-proxy_setup.sh.template
	new file:   scripts/worker_kubelet_containerd_setup.sh.template
	new file:   scripts/worker_kubelet_setup.sh
	new file:   scripts/worker_kubelet_setup.sh.template
	new file:   test.sh
	new file:   test2
	new file:   u3_uninstall_kubernetes_controllers.sh
	new file:   worker-0/10-bridge.conf
	new file:   worker-0/99-loopback.conf
	new file:   worker-0/config
	new file:   worker-0/kube-proxy-config.yaml
	new file:   worker-0/kube-proxy.service
	new file:   worker-0/kubelet
	new file:   worker-0/kubelet-config.yaml
	new file:   worker-0/kubelet.service
	new file:   worker-0/proxy
	new file:   worker-1/10-bridge.conf
	new file:   worker-1/99-loopback.conf
	new file:   worker-1/config
	new file:   worker-1/kube-proxy-config.yaml
	new file:   worker-1/kube-proxy.service
	new file:   worker-1/kubelet
	new file:   worker-1/kubelet-config.yaml
	new file:   worker-1/kubelet.service
	new file:   worker-1/proxy
	new file:   worker_kube-proxy_setup.sh
	new file:   worker_kube-proxy_setup.sh.template
	new file:   worker_kubelet_setup.sh
	new file:   worker_setup.sh
Initial commit
2020-02-19 07:40:43 +00:00

381 lines
12 KiB
Bash
Executable File
Raw Permalink Blame History

#!/bin/bash
##
## Script to automate the Kubernetes CentOS client side pieces
##
echo "#####################################"
echo "Grabbing the CloudFlare SSL tools ..."
echo "#####################################"
wget https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 \
https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64
mkdir ~/bin
mv cfssl_linux-amd64 ~/bin/cfssl
mv cfssljson_linux-amd64 ~/bin/cfssljson
chmod 755 ~/bin/cfssl*
echo "CloudFlare tools have been installed into ~/bin"
echo ""
echo "######################################"
echo "Set the gcloud compute region and zone"
echo "######################################"
. .gce_kubernetes.config
gcloud config set compute/region $GCE_REGION
gcloud config set compute/zone $GCE_ZONE
gcloud config set project $GCE_PROJECT
echo "Compute region and zone set"
echo ""
mkdir certs-dir
cd certs-dir
echo "#############################"
echo "Creating the CA configuration"
echo "#############################"
cat > ca-config.json <<EOF
{
"signing": {
"default": {
"expiry": "8760h"
},
"profiles": {
"kubernetes": {
"usages": ["signing", "key encipherment", "server auth", "client auth"],
"expiry": "8760h"
}
}
}
}
EOF
echo "CA config file created"
echo ""
echo "###############################"
echo "Creating the CA signing request"
echo "###############################"
cat > ca-csr.json <<EOF
{
"CN": "Kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Portland",
"O": "Kubernetes",
"OU": "CA",
"ST": "Oregon"
}
]
}
EOF
cfssl gencert -initca ca-csr.json | cfssljson -bare ca
ls -al ca*
echo "CA and CA config files created"
echo""
echo "#####################################"
echo "Creating the admin client certificate"
echo "#####################################"
cat > admin-csr.json <<EOF
{
"CN": "admin",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Portland",
"O": "system:masters",
"OU": "Kubernetes - CentOS",
"ST": "Oregon"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
ls -al admin*
echo "Admin client certificate and key created
###############################################
Creating the worker kubelet client certificates
###############################################"
for i in worker-0 worker-1; do
cat > ${i}-csr.json <<EOF
{
"CN": "system:node:${i}",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Portland",
"O": "system:nodes",
"OU": "Kubernetes - CentOS",
"ST": "Oregon"
}
]
}
EOF
EXTERNAL_IP=$(gcloud compute instances describe ${i} --format 'value(networkInterfaces[0].accessConfigs[0].natIP)')
INTERNAL_IP=$(gcloud compute instances describe ${i} --format 'value(networkInterfaces[0].networkIP)')
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -hostname=${i},${EXTERNAL_IP},${INTERNAL_IP} -profile=kubernetes ${i}-csr.json | cfssljson -bare ${i}
done
ls -al worker-*
echo "If this has worked, worker keys and certificates should be created"
echo ""
echo "##################################################"
echo "Creating the Controller Manager client certificate"
echo "##################################################"
cat > kube-controller-manager-csr.json <<EOF
{
"CN": "system:kube-controller-manager",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Portland",
"O": "system:kube-controller-manager",
"OU": "Kubernetes - CentOS",
"ST": "Oregon"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-controller-manager-csr.json | cfssljson -bare kube-controller-manager
ls -al kube-controller-manager*
echo "Created the controller manager client certificate and key"
echo ""
echo "##########################################"
echo "Creating the Kube Proxy client certificate"
echo "##########################################"
cat > kube-proxy-csr.json <<EOF
{
"CN": "system:kube-proxy",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Portland",
"O": "system:node-proxier",
"OU": "Kubernetes - CentOS",
"ST": "Oregon"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-proxy-csr.json | cfssljson -bare kube-proxy
ls -al kube-proxy*
echo "Created the Kube Proxy client certificate"
echo ""
echo "####################################################"
echo "Creating the Kubernetes Scheduler Client Certificate"
echo "####################################################"
cat > kube-scheduler-csr.json <<EOF
{
"CN": "system:kube-scheduler",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Portland",
"O": "system:kube-scheduler",
"OU": "Kubernetes - CentOS",
"ST": "Oregon"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes kube-scheduler-csr.json | cfssljson -bare kube-scheduler
ls -al kube-scheduler*
echo "Created the Kubernetes Scheduler Client Certificate"
echo ""
echo "################################################"
echo "#Creating the Kubernetes API Server Certificate#"
echo "################################################"
KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe $KUBE_NETWORK --region $GCE_REGION --format 'value(address)')
cat > kubernetes-csr.json <<EOF
{
"CN": "kubernetes",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Portland",
"O": "Kubernetes",
"OU": "Kubernetes - CentOS",
"ST": "Oregon"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -hostname=10.32.0.1,10.240.0.10,10.240.0.11,${KUBERNETES_PUBLIC_ADDRESS},127.0.0.1,kubernetes.default -profile=kubernetes kubernetes-csr.json | cfssljson -bare kubernetes
ls -al kubernetes*
echo "Created the Kubernetes API Server certificate"
echo ""
echo "########################################"
echo "Creating the service account certificate"
echo "########################################"
cat > service-account-csr.json <<EOF
{
"CN": "service-accounts",
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "US",
"L": "Portland",
"O": "Kubernetes",
"OU": "Kubernetes - CentOS",
"ST": "Oregon"
}
]
}
EOF
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes service-account-csr.json | cfssljson -bare service-account
ls -al service-account*
echo "Created the service account certificate"
echo ""
echo "#####################################################"
echo "Creating the client authentication files (kubeconfig)"
echo "#####################################################"
KUBERNETES_PUBLIC_ADDRESS=$(gcloud compute addresses describe $KUBE_NETWORK --region $GCE_REGION --format 'value(address)')
for instance in worker-0 worker-1; do
kubectl config set-cluster $KUBE_CLUSTER --certificate-authority=ca.pem --embed-certs=true --server=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 --kubeconfig=${instance}.kubeconfig
kubectl config set-credentials system:node:${instance} --client-certificate=${instance}.pem --client-key=${instance}-key.pem --embed-certs=true --kubeconfig=${instance}.kubeconfig
kubectl config set-context default --cluster=$KUBE_CLUSTER --user=system:node:${instance} --kubeconfig=${instance}.kubeconfig
kubectl config use-context default --kubeconfig=${instance}.kubeconfig
done
ls -al worker*.kubeconfig
echo "Worker kubeconfig files created"
echo ""
kubectl config set-cluster $KUBE_CLUSTER --certificate-authority=ca.pem --embed-certs=true --server=https://${KUBERNETES_PUBLIC_ADDRESS}:6443 --kubeconfig=kube-proxy.kubeconfig
kubectl config set-credentials system:kube-proxy --client-certificate=kube-proxy.pem --client-key=kube-proxy-key.pem --embed-certs=true --kubeconfig=kube-proxy.kubeconfig
kubectl config set-context default --cluster=$KUBE_CLUSTER --user=system:kube-proxy --kubeconfig=kube-proxy.kubeconfig
kubectl config use-context default --kubeconfig=kube-proxy.kubeconfig
ls -al kube-proxy.kubeconfig
echo "Kube Proxy kubeconfig file created"
echo ""
kubectl config set-cluster $KUBE_CLUSTER --certificate-authority=ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=kube-controller-manager.kubeconfig
kubectl config set-credentials system:kube-controller-manager --client-certificate=kube-controller-manager.pem --client-key=kube-controller-manager-key.pem --embed-certs=true --kubeconfig=kube-controller-manager.kubeconfig
kubectl config set-context default --cluster=$KUBE_CLUSTER --user=system:kube-controller-manager --kubeconfig=kube-controller-manager.kubeconfig
kubectl config use-context default --kubeconfig=kube-controller-manager.kubeconfig
ls -al kube-controller-manager.kubeconfig
echo "Kubernetes Controller Manager kubeconfig file created"
echo ""
kubectl config set-cluster $KUBE_CLUSTER --certificate-authority=ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=kube-scheduler.kubeconfig
kubectl config set-credentials system:kube-scheduler --client-certificate=kube-scheduler.pem --client-key=kube-scheduler-key.pem --embed-certs=true --kubeconfig=kube-scheduler.kubeconfig
kubectl config set-context default --cluster=$KUBE_CLUSTER --user=system:kube-scheduler --kubeconfig=kube-scheduler.kubeconfig
kubectl config use-context default --kubeconfig=kube-scheduler.kubeconfig
ls -al kube-scheduler*
echo "Kubernetes Scheduler kubeconfig file created"
echo ""
kubectl config set-cluster $KUBE_CLUSTER --certificate-authority=ca.pem --embed-certs=true --server=https://127.0.0.1:6443 --kubeconfig=admin.kubeconfig
kubectl config set-credentials admin --client-certificate=admin.pem --client-key=admin-key.pem --embed-certs=true --kubeconfig=admin.kubeconfig
kubectl config set-context default --cluster=$KUBE_CLUSTER --user=admin --kubeconfig=admin.kubeconfig
kubectl config use-context default --kubeconfig=admin.kubeconfig
ls -al admin.kubeconfig
echo "Admin client certificate created"
echo ""
echo "Hopefully all client certificates are now created"
echo ""
echo "############################################################"
echo "Copying the certificates and kubeconfig files to the servers"
echo "############################################################"
KUBE_WORKERS=$((KUBE_WORKERS-1))
for ((i=0; i<=$KUBE_WORKERS; i++)); do
gcloud compute scp ca.pem worker-${i}-key.pem worker-${i}.pem worker-${i}.kubeconfig kube-proxy.kubeconfig worker-${i}:~/
done
KUBE_CONTROLLERS=$((KUBE_CONTROLLERS-1))
for ((i=0; i<=$KUBE_CONTROLLERS; i++)); do
gcloud compute scp ca.pem ca-key.pem kubernetes-key.pem kubernetes.pem service-account-key.pem service-account.pem admin.kubeconfig kube-controller-manager.kubeconfig kube-scheduler.kubeconfig controller-${i}:~/
done
echo "Kubeconfig and client certificates should now be copied"
echo ""
echo "############################################"
echo "Creating and copying the data encryption key"
echo "############################################"
ENCRYPTION_KEY=$(head -c 32 /dev/urandom | base64)
cat > encryption-config.yaml <<EOF
kind: EncryptionConfig
apiVersion: v1
resources:
- resources:
- secrets
providers:
- aescbc:
keys:
- name: key1
secret: ${ENCRYPTION_KEY}
- identity: {}
EOF
for ((i=0; i<=$KUBE_CONTROLLERS; i++)); do
gcloud compute scp encryption-config.yaml controller-${i}:~/
done
echo "Encryption key created and copied"
echo ""
echo "Next step is to install and configure Kubernetes on the controllers and workers"
Reference in New Issue View Git Blame Copy Permalink