Обновить readme.md

7db537c5 · Владимир Карпов · ad4d3839 · 7db537c5
Commit 7db537c5 authored Feb 08, 2021 by Владимир Карпов
Hide whitespace changes
Inline Side-by-side

Showing with 43 additions and 0 deletions

readme.md readme.md +43 -0

No files found.
--- a/readme.md
+++ b/readme.md
@@ -9,3 +9,46 @@ https://github.com/coreos/docs/blob/master/os/generate-self-signed-certificates.

 Calico Docker container install
 https://docs.projectcalico.org/getting-started/bare-metal/installation/container
+
+
+### Generate peer certificate
+
+```
+cfssl print-defaults csr > member1.json
+```
+
+Substitute CN and hosts values, for example:
+
+```
+...
+    "CN": "member1",
+    "hosts": [
+        "192.168.122.101",
+        "ext.example.com",
+        "member1.local",
+        "member1"
+    ],
+...
+```
+
+Now we are ready to generate member1 certificate and private key:
+
+```sh
+cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer member1.json | cfssljson -bare member1
+```
+
+Or without CSR json file:
+
+```sh
+echo '{"CN":"member1","hosts":[""],"key":{"algo":"rsa","size":2048}}' | cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=peer -hostname="192.168.122.101,ext.example.com,member1.local,member1" - | cfssljson -bare member1
+```
+
+You'll get following files:
+
+```
+member1-key.pem
+member1.csr
+member1.pem
+```
+
+Repeat these steps for each `etcd` member hostname.