Make server.key/client.key as private in k8s node
At this time, server.key and client.key which are used by kubernetes related daemon are readable. These keys should be private. Change-Id: I52232001f6983845f8d7de75486fe5672a57949a Closes-Bug: #1515844
This commit is contained in:
parent
58cbafdc87
commit
5b83aa1e12
|
@ -61,6 +61,7 @@ EOF
|
|||
|
||||
# Generate client's private key and csr
|
||||
openssl genrsa -out "${CLIENT_KEY}" 4096
|
||||
chmod 400 "${CLIENT_KEY}"
|
||||
openssl req -new -days 1000 \
|
||||
-key "${CLIENT_KEY}" \
|
||||
-out "${CLIENT_CSR}" \
|
||||
|
@ -75,6 +76,9 @@ curl -X POST \
|
|||
-d "$csr_req" \
|
||||
$MAGNUM_URL/certificates | python -c 'import sys, json; print json.load(sys.stdin)["pem"]' > ${CLIENT_CERT}
|
||||
|
||||
chmod 500 "${cert_dir}"
|
||||
chown -R kube:kube "${cert_dir}"
|
||||
|
||||
sed -i '
|
||||
s|CA_CERT|'"$CA_CERT"'|
|
||||
s|CLIENT_CERT|'"$CLIENT_CERT"'|
|
||||
|
|
|
@ -63,6 +63,7 @@ EOF
|
|||
|
||||
# Generate server's private key and csr
|
||||
openssl genrsa -out "${SERVER_KEY}" 4096
|
||||
chmod 400 "${SERVER_KEY}"
|
||||
openssl req -new -days 1000 \
|
||||
-key "${SERVER_KEY}" \
|
||||
-out "${SERVER_CSR}" \
|
||||
|
@ -76,3 +77,6 @@ curl -X POST \
|
|||
-H "Content-Type: application/json" \
|
||||
-d "$csr_req" \
|
||||
$MAGNUM_URL/certificates | python -c 'import sys, json; print json.load(sys.stdin)["pem"]' > ${SERVER_CERT}
|
||||
|
||||
chmod 500 "${cert_dir}"
|
||||
chown -R kube:kube "${cert_dir}"
|
||||
|
|
Loading…
Reference in New Issue