k8s证书分发

k8s环境SSL证书分发

点击查看代码

#将证书从harbor节点scp到部署节点，稍后从部署节点分发证书
root@k8s-deploy:~# mkdir -pv /etc/docker/certs.d/harbor.jigaobo.cn/
root@k8s-harbor1:/apps/harbor# scp jigaobo.cn.crt 10.0.0.60:/etc/kubeasz/
root@k8s-harbor1:/apps/harbor# scp certs/jigaobo.cn.crt 10.0.0.60:/etc/containerd/certs.d/harbor.jigaobo.cn/
#同步docker证书脚本：
root@k8s-deploy:/etc/kubeasz# cat harbor-crt-scp.sh
#!/bin/bash
# 目标主机地址
IP="
10.0.0.51
10.0.0.52
10.0.0.53
10.0.0.61
10.0.0.62
10.0.0.63
"
for node in ${IP}; do
          ssh-keyscan -p 123456    "${node}" >> ~/.ssh/known_hosts
          #sshpass -p 123456 ssh-copy-id ${node} -o StrictHostKeyChecking=no
          sshpass -p  123456    ssh-copy-id root@"${node}"
    if [ $? -eq 0 ]; then
                echo "${node} 秘钥copy完成,准备环境初始化....."
    ssh ${node} "mkdir /etc/containerd/certs.d/harbor.jigaobo.cn -p"
    ssh ${node} "echo '10.0.0.54   harbor.jigaobo.cn  harbor.jigaobo.cn' >> /etc/hosts"
                echo "Harbor 证书目录创建成功!"
                scp /etc/kubeasz/jigaobo.cn.crt ${node}:/etc/containerd/certs.d/harbor.jigaobo.cn/jigaobo.cn.crt
                echo "Harbor 证书拷贝成功!"
    else
                echo "${node} 秘钥copy失败"
    fi
done