Generate self-signed certificates If you build Container Linux cluster on top of public networks it is recommended to enable encryption for Container Linux services to prevent traffic interception and man-in-the-middle attacks. For these purposes you have to use Certificate Authority (CA), private keys and certificates signed by CA. Let’s use cfssl and walk through the whole process to create all these components. NOTE: We will use basic procedure here. If your configuration requires advanced security options, please refer to official cfssl documentation. Download cfssl CloudFlare’s distributes cfssl source code on github page and binaries on cfssl website . Our documentation assumes that you will run cfssl on your local x86_64 Linux host. 1 2 3 4 5 mkdir ~/bin curl -s -L -o ~/bin/cfssl https://pkg.cfssl.org/R1.2/cfssl_linux-amd64 curl -s -L -o ~/bin/cfssljson https://pkg.cfssl.org/R1.2/cfssljson_linux-amd64 chmod +x ~/bin/{cfssl,cfssljson} export PATH=$PATH:~/bin Initialize a certificate authority……

阅读全文