二进制部署K8s集群第14节关于K8s证书

二进制部署K8s集群第14节关于K8s证书

一、关于K8s证书

1.1 关于cfssl工具

cfss：证书签发的主要工具 cfssl-json:将cfssl生成的证书（json格式）变为文件承载式证书 cfssl-centinfo：验证证书的信息 cfssl-certinfo -cert apiserver.pem

1.2 关于kubeconfi文件

这是一个K8s用户的配置文件 它里面含有证书信息 证书过期或更换，需要同步替换的文件

1.2.1查看证书详细信息

[root@hdss7-200 certs]# cfssl-certinfo -cert /opt/certs/ca.pem

1.2.2将转换的数据再转化为证书原型

[root@hdss7-21 conf]# tail -1 /opt/kubernetes/server/bin/conf/kube-proxy.kubeconfig client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBb2duTEZ3eEd5dURTd3RkSi9nODNPWHlmN25TQ1o5clNHS0dxZzNOTXI0ZlZOUmN6CkRhWlozSDJyWTA2dlJHTXFiNndNb0lYeG5JZjdRUWppdktzYmh3WGJZY2tJOTdEQ3VVTC9IcEJ6MjIweVFsRUwKOUNsb1ZGVlRoNW9FYkdzWDdXRnR1TDlUM0dWRTlFampBVC94UUZXd1ZxZityeUVCVjdZVjVsQUpxajZyN3JRVwo4NHRvK3VIMytrbzEyKy9hMHdralFpaW5wZ2NHNkFQbzFqMk0vVC9USHVrcVdUaWF0VzhsclV3ZHA5WW93K21TCi9xMVRnVmNDSFdzYzRld01SUjlsRnRhMm1xVmVXSmhwNWFnSE1sTGJwVlQ0aFUxb1VIV2hla3NEZkhYZVp4Q3UKcGd3dEdtNDRmMDVDWVA2UENwU3Q1d0ZqeUFSTmo3SHlNOUdnZndJREFRQUJBb0lCQUdGN2FNM1YyZVVGdW1YegpaUlZPREJndWpIekZaUXFiejFkNE12L2Y1cHVYS1VKR1ViVjloWVFycW1jVkdFWVpMcGQrTng1L1ZtcW9PQlRaCkJxY2dmWEFPcXZ1NkdRWUNOak9FUmIwYWhFalcrYXlCMjZJcEl4WFJPMjVSenlWMmpDK0lOSjAzcFhqckI3KzYKOWE1enpHeTY0RnBSdU51ZERKUzYrNVBTUk81QXpwdCs1Yjg4eEIvZXVOQmpldzdxYVFzNmgyUkhkbUd5cExCUQp5T0MrYzc4L1FVbDh2THo4NURGTU8zYkVwNm42eThWb3g3d2I4WWVXUG42cHVBWEhpZnpJZlg5VS8xZjh1OWNuClRrS2dvdzdtTVkyVTc1U3pYY3BUM3ZBaTlzMUtrWFdjK1FpcXJZbEo5VXZvNXdraEN2dENKQXFYNDBvYk1uVDgKekV0Mzlya0NnWUVBd3RIb3YxemtuUGVrUXVlUGI1MFcxL0pDUk95RlRUem1iYm0zUW1nSWdRSU5wek15Wkp1cApzaG00VGNWOXZPREpCN0duaTdKS1BFQ1BITVBxeXk4S1VvbStOd3JpQytOdXJjazJKUGUyMENXRnJQdHhyeGo5CncvY241SGJFRW5VR0tPY3drVy9EZ21kSXV3U2pNOGFOdlB5V0I1ZmhzdmRSaVFlQW91SVV0YlVDZ1lFQTFPeDUKL1ZkYXRaN2hLaG85ZG4wL3ZuTlZXTjJMVm5TVENRS2hmampxdXloOXdOVkxIZWVFdTUrWnpUc2hWaUdoMzJ0TQpyUlhQRkJabkJRWHIrMWhPbTcwWE5hdXY1c2F4UmJzMTg2WithZ1JFbmtsVlpOb1laWENsODErTDlnVkFsejlWCkJEK3VYWk4xRStRQ2NMdGl2OXY2YndrcGU1L2Z5d2ZDV1ZMREhlTUNnWUVBa3IxdTFPeVFHWmNCdDQ4WTM5WHYKeGRub2htZXNoQi9SNUdYVkhnU2tHeC9EenVObUdwZVErdUFhalNHcThxQlJheVVwOExQcTdIVW9GbCtQTTFtTQpLZDBzVStNem5nYkJiODYxcEtTY295MFFBZG9tcDk5b0RMblY1MlI1alBsdUdWTUJweG9LcGVkTHhlblpUMzlICmRVaS9iSnErMm9Fa2ZkVVQxQnY3dzEwQ2dZQXE4QVVwc1pQNVRERGI3SzY0Vmtta2ZsMlhyaFdMT2JicytqclcKMldOOG1vM0JkVUhRcGY5K1ZwRU5jZjhtLzJGRlRMNEpxWHc0OE11Vmw3d2UwNUFHbC9zMk40a2hZTEFlLzhIQgpnTEc5YjE3bkRLTEwwNjlYeFgreHRITGxDZW9jbGdqdThtaVhOa1ZGM1pVZ1pxbGpSMWtaU3greWJtc1M1bDJxCjVhV3pRUUtCZ0I2SGJkcWRGQVoyVXpuK1pYcUpoRUxNaDZmNjQvNlBKMGNNdnpOSTJsZFJ0VWhEN2NaZmFJanUKRHpYQ0VVTHBWOTQ3YzdEY1lPQW84WFhTMkJ2WHJkeDRUMytKMTU4ME1aYUFEWUFPTmlHVTM4VTVtOERMbXVacQoySnJzaDI2c1V0Tjc3aDVZSko3S1p2UjNNSmlERGJaSG9oSHBTZlp1eDlVa0JzcWJ1dTdpCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== [root@hdss7-21 conf]# echo "LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBb2duTEZ3eEd5dURTd3RkSi9nODNPWHlmN25TQ1o5clNHS0dxZzNOTXI0ZlZOUmN6CkRhWlozSDJyWTA2dlJHTXFiNndNb0lYeG5JZjdRUWppdktzYmh3WGJZY2tJOTdEQ3VVTC9IcEJ6MjIweVFsRUwKOUNsb1ZGVlRoNW9FYkdzWDdXRnR1TDlUM0dWRTlFampBVC94UUZXd1ZxZityeUVCVjdZVjVsQUpxajZyN3JRVwo4NHRvK3VIMytrbzEyKy9hMHdralFpaW5wZ2NHNkFQbzFqMk0vVC9USHVrcVdUaWF0VzhsclV3ZHA5WW93K21TCi9xMVRnVmNDSFdzYzRld01SUjlsRnRhMm1xVmVXSmhwNWFnSE1sTGJwVlQ0aFUxb1VIV2hla3NEZkhYZVp4Q3UKcGd3dEdtNDRmMDVDWVA2UENwU3Q1d0ZqeUFSTmo3SHlNOUdnZndJREFRQUJBb0lCQUdGN2FNM1YyZVVGdW1YegpaUlZPREJndWpIekZaUXFiejFkNE12L2Y1cHVYS1VKR1ViVjloWVFycW1jVkdFWVpMcGQrTng1L1ZtcW9PQlRaCkJxY2dmWEFPcXZ1NkdRWUNOak9FUmIwYWhFalcrYXlCMjZJcEl4WFJPMjVSenlWMmpDK0lOSjAzcFhqckI3KzYKOWE1enpHeTY0RnBSdU51ZERKUzYrNVBTUk81QXpwdCs1Yjg4eEIvZXVOQmpldzdxYVFzNmgyUkhkbUd5cExCUQp5T0MrYzc4L1FVbDh2THo4NURGTU8zYkVwNm42eThWb3g3d2I4WWVXUG42cHVBWEhpZnpJZlg5VS8xZjh1OWNuClRrS2dvdzdtTVkyVTc1U3pYY3BUM3ZBaTlzMUtrWFdjK1FpcXJZbEo5VXZvNXdraEN2dENKQXFYNDBvYk1uVDgKekV0Mzlya0NnWUVBd3RIb3YxemtuUGVrUXVlUGI1MFcxL0pDUk95RlRUem1iYm0zUW1nSWdRSU5wek15Wkp1cApzaG00VGNWOXZPREpCN0duaTdKS1BFQ1BITVBxeXk4S1VvbStOd3JpQytOdXJjazJKUGUyMENXRnJQdHhyeGo5CncvY241SGJFRW5VR0tPY3drVy9EZ21kSXV3U2pNOGFOdlB5V0I1ZmhzdmRSaVFlQW91SVV0YlVDZ1lFQTFPeDUKL1ZkYXRaN2hLaG85ZG4wL3ZuTlZXTjJMVm5TVENRS2hmampxdXloOXdOVkxIZWVFdTUrWnpUc2hWaUdoMzJ0TQpyUlhQRkJabkJRWHIrMWhPbTcwWE5hdXY1c2F4UmJzMTg2WithZ1JFbmtsVlpOb1laWENsODErTDlnVkFsejlWCkJEK3VYWk4xRStRQ2NMdGl2OXY2YndrcGU1L2Z5d2ZDV1ZMREhlTUNnWUVBa3IxdTFPeVFHWmNCdDQ4WTM5WHYKeGRub2htZXNoQi9SNUdYVkhnU2tHeC9EenVObUdwZVErdUFhalNHcThxQlJheVVwOExQcTdIVW9GbCtQTTFtTQpLZDBzVStNem5nYkJiODYxcEtTY295MFFBZG9tcDk5b0RMblY1MlI1alBsdUdWTUJweG9LcGVkTHhlblpUMzlICmRVaS9iSnErMm9Fa2ZkVVQxQnY3dzEwQ2dZQXE4QVVwc1pQNVRERGI3SzY0Vmtta2ZsMlhyaFdMT2JicytqclcKMldOOG1vM0JkVUhRcGY5K1ZwRU5jZjhtLzJGRlRMNEpxWHc0OE11Vmw3d2UwNUFHbC9zMk40a2hZTEFlLzhIQgpnTEc5YjE3bkRLTEwwNjlYeFgreHRITGxDZW9jbGdqdThtaVhOa1ZGM1pVZ1pxbGpSMWtaU3greWJtc1M1bDJxCjVhV3pRUUtCZ0I2SGJkcWRGQVoyVXpuK1pYcUpoRUxNaDZmNjQvNlBKMGNNdnpOSTJsZFJ0VWhEN2NaZmFJanUKRHpYQ0VVTHBWOTQ3YzdEY1lPQW84WFhTMkJ2WHJkeDRUMytKMTU4ME1aYUFEWUFPTmlHVTM4VTVtOERMbXVacQoySnJzaDI2c1V0Tjc3aDVZSko3S1p2UjNNSmlERGJaSG9oSHBTZlp1eDlVa0JzcWJ1dTdpCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==" | base64 -d -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAognLFwxGyuDSwtdJ/g83OXyf7nSCZ9rSGKGqg3NMr4fVNRcz DaZZ3H2rY06vRGMqb6wMoIXxnIf7QQjivKsbhwXbYckI97DCuUL/HpBz220yQlEL 9CloVFVTh5oEbGsX7WFtuL9T3GVE9EjjAT/xQFWwVqf+ryEBV7YV5lAJqj6r7rQW 84to+uH3+ko12+/a0wkjQiinpgcG6APo1j2M/T/THukqWTiatW8lrUwdp9Yow+mS /q1TgVcCHWsc4ewMRR9lFta2mqVeWJhp5agHMlLbpVT4hU1oUHWheksDfHXeZxCu pgwtGm44f05CYP6PCpSt5wFjyARNj7HyM9GgfwIDAQABAoIBAGF7aM3V2eUFumXz ZRVODBgujHzFZQqbz1d4Mv/f5puXKUJGUbV9hYQrqmcVGEYZLpd+Nx5/VmqoOBTZ BqcgfXAOqvu6GQYCNjOERb0ahEjW+ayB26IpIxXRO25RzyV2jC+INJ03pXjrB7+6 9a5zzGy64FpRuNudDJS6+5PSRO5Azpt+5b88xB/euNBjew7qaQs6h2RHdmGypLBQ yOC+c78/QUl8vLz85DFMO3bEp6n6y8Vox7wb8YeWPn6puAXHifzIfX9U/1f8u9cn TkKgow7mMY2U75SzXcpT3vAi9s1KkXWc+QiqrYlJ9Uvo5wkhCvtCJAqX40obMnT8 zEt39rkCgYEAwtHov1zknPekQuePb50W1/JCROyFTTzmbbm3QmgIgQINpzMyZJup shm4TcV9vODJB7Gni7JKPECPHMPqyy8KUom+NwriC+Nurck2JPe20CWFrPtxrxj9 w/cn5HbEEnUGKOcwkW/DgmdIuwSjM8aNvPyWB5fhsvdRiQeAouIUtbUCgYEA1Ox5 /VdatZ7hKho9dn0/vnNVWN2LVnSTCQKhfjjquyh9wNVLHeeEu5+ZzTshViGh32tM rRXPFBZnBQXr+1hOm70XNauv5saxRbs186Z+agREnklVZNoYZXCl81+L9gVAlz9V BD+uXZN1E+QCcLtiv9v6bwkpe5/fywfCWVLDHeMCgYEAkr1u1OyQGZcBt48Y39Xv xdnohmeshB/R5GXVHgSkGx/DzuNmGpeQ+uAajSGq8qBRayUp8LPq7HUoFl+PM1mM Kd0sU+MzngbBb861pKScoy0QAdomp99oDLnV52R5jPluGVMBpxoKpedLxenZT39H dUi/bJq+2oEkfdUT1Bv7w10CgYAq8AUpsZP5TDDb7K64Vkmkfl2XrhWLObbs+jrW 2WN8mo3BdUHQpf9+VpENcf8m/2FFTL4JqXw48MuVl7we05AGl/s2N4khYLAe/8HB gLG9b17nDKLL069XxX+xtHLlCeoclgju8miXNkVF3ZUgZqljR1kZSx+ybmsS5l2q 5aWzQQKBgB6HbdqdFAZ2Uzn+ZXqJhELMh6f64/6PJ0cMvzNI2ldRtUhD7cZfaIju DzXCEULpV947c7DcYOAo8XXS2BvXrdx4T3+J1580MZaADYAONiGU38U5m8DLmuZq 2Jrsh26sUtN77h5YJJ7KZvR3MJiDDbZHohHpSfZux9UkBsqbuu7i -----END RSA PRIVATE KEY----- [root@hdss7-21 certs]# cat /opt/kubernetes/server/bin/certs/kube-proxy-client-key.pem -----BEGIN RSA PRIVATE KEY----- MIIEowIBAAKCAQEAognLFwxGyuDSwtdJ/g83OXyf7nSCZ9rSGKGqg3NMr4fVNRcz DaZZ3H2rY06vRGMqb6wMoIXxnIf7QQjivKsbhwXbYckI97DCuUL/HpBz220yQlEL 9CloVFVTh5oEbGsX7WFtuL9T3GVE9EjjAT/xQFWwVqf+ryEBV7YV5lAJqj6r7rQW 84to+uH3+ko12+/a0wkjQiinpgcG6APo1j2M/T/THukqWTiatW8lrUwdp9Yow+mS /q1TgVcCHWsc4ewMRR9lFta2mqVeWJhp5agHMlLbpVT4hU1oUHWheksDfHXeZxCu pgwtGm44f05CYP6PCpSt5wFjyARNj7HyM9GgfwIDAQABAoIBAGF7aM3V2eUFumXz ZRVODBgujHzFZQqbz1d4Mv/f5puXKUJGUbV9hYQrqmcVGEYZLpd+Nx5/VmqoOBTZ BqcgfXAOqvu6GQYCNjOERb0ahEjW+ayB26IpIxXRO25RzyV2jC+INJ03pXjrB7+6 9a5zzGy64FpRuNudDJS6+5PSRO5Azpt+5b88xB/euNBjew7qaQs6h2RHdmGypLBQ yOC+c78/QUl8vLz85DFMO3bEp6n6y8Vox7wb8YeWPn6puAXHifzIfX9U/1f8u9cn TkKgow7mMY2U75SzXcpT3vAi9s1KkXWc+QiqrYlJ9Uvo5wkhCvtCJAqX40obMnT8 zEt39rkCgYEAwtHov1zknPekQuePb50W1/JCROyFTTzmbbm3QmgIgQINpzMyZJup shm4TcV9vODJB7Gni7JKPECPHMPqyy8KUom+NwriC+Nurck2JPe20CWFrPtxrxj9 w/cn5HbEEnUGKOcwkW/DgmdIuwSjM8aNvPyWB5fhsvdRiQeAouIUtbUCgYEA1Ox5 /VdatZ7hKho9dn0/vnNVWN2LVnSTCQKhfjjquyh9wNVLHeeEu5+ZzTshViGh32tM rRXPFBZnBQXr+1hOm70XNauv5saxRbs186Z+agREnklVZNoYZXCl81+L9gVAlz9V BD+uXZN1E+QCcLtiv9v6bwkpe5/fywfCWVLDHeMCgYEAkr1u1OyQGZcBt48Y39Xv xdnohmeshB/R5GXVHgSkGx/DzuNmGpeQ+uAajSGq8qBRayUp8LPq7HUoFl+PM1mM Kd0sU+MzngbBb861pKScoy0QAdomp99oDLnV52R5jPluGVMBpxoKpedLxenZT39H dUi/bJq+2oEkfdUT1Bv7w10CgYAq8AUpsZP5TDDb7K64Vkmkfl2XrhWLObbs+jrW 2WN8mo3BdUHQpf9+VpENcf8m/2FFTL4JqXw48MuVl7we05AGl/s2N4khYLAe/8HB gLG9b17nDKLL069XxX+xtHLlCeoclgju8miXNkVF3ZUgZqljR1kZSx+ybmsS5l2q 5aWzQQKBgB6HbdqdFAZ2Uzn+ZXqJhELMh6f64/6PJ0cMvzNI2ldRtUhD7cZfaIju DzXCEULpV947c7DcYOAo8XXS2BvXrdx4T3+J1580MZaADYAONiGU38U5m8DLmuZq 2Jrsh26sUtN77h5YJJ7KZvR3MJiDDbZHohHpSfZux9UkBsqbuu7i -----END RSA PRIVATE KEY-----

可以看到从config转换出来的证书和kube-proxy-client-key.pem的证书一样

1.3 集群证书架构

1.3.1 k8s集群架构

1.3.2 证书总结

11.3.3 证书架构

利用kubeconfig文件生成证书https://blog.csdn.net/ll837448792/article/details/103658502

kubeadm安装证书路径/etc/kubernetes/pki

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。