Обновить readme.md

parent ad4d3839
......@@ -9,3 +9,46 @@ https://github.com/coreos/docs/blob/master/os/generate-self-signed-certificates.
Calico Docker container install
https://docs.projectcalico.org/getting-started/bare-metal/installation/container
### Generate peer certificate
```
cfssl print-defaults csr > member1.json
```
Substitute CN and hosts values, for example:
```
...
"CN": "member1",
"hosts": [
"192.168.122.101",
"ext.example.com",
"member1.local",
"member1"
],
...
```
Now we are ready to generate member1 certificate and private key:
```sh
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer member1.json | cfssljson -bare member1
```
Or without CSR json file:
```sh
echo '{"CN":"member1","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer -hostname="192.168.122.101,ext.example.com,member1.local,member1" - | cfssljson -bare member1
```
You'll get following files:
```
member1-key.pem
member1.csr
member1.pem
```
Repeat these steps for each `etcd` member hostname.
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment