fix: ca-config.json by libinglong

2022-09-17 21:52:48 +08:00 · 2022-09-17 21:52:48 +08:00 · 41c047b3f0
parent 272ede8ed6
commit 41c047b3f0
2 changed files with 24 additions and 26 deletions
--- a/docs/setup/01-CA_and_prerequisite.md
+++ b/docs/setup/01-CA_and_prerequisite.md
@ -27,30 +27,30 @@ kubernetes 系统各组件需要使用 TLS 证书对通信进行加密，使用
 #### 创建 CA 配置文件 [ca-config.json.j2](../../roles/deploy/templates/ca-config.json.j2)
 ``` bash
 {
-    "signing":{
-        "default":{
-            "expiry":"{{ CERT_EXPIRY }}"
-        },
-        "profiles":{
-            "kubernetes":{
-                "usages":[
-                    "signing",
-                    "key encipherment",
-                    "server auth",
-                    "client auth"
-                ],
-                "expiry":"{{ CERT_EXPIRY }}"
-            },
-            "kcfg":{
-                "usages":[
-                    "signing",
-                    "key encipherment",
-                    "client auth"
-                ],
-                "expiry":"{{ CUSTOM_EXPIRY }}"
-            }
-        }
+  "signing": {
+    "default": {
+      "expiry": "{{ CERT_EXPIRY }}"
+    },
+    "profiles": {
+      "kubernetes": {
+        "usages": [
+            "signing",
+            "key encipherment",
+            "server auth",
+            "client auth"
+        ],
+        "expiry": "{{ CERT_EXPIRY }}"
+      },
+      "kcfg": {
+        "usages": [
+            "signing",
+            "key encipherment",
+            "client auth"
+        ],
+        "expiry": "{{ CUSTOM_EXPIRY }}"
+      }
    }
+  }
 }
 ```
 + `signing`：表示该证书可用于签名其它证书；生成的 ca.pem 证书中 `CA=TRUE`；
--- a/roles/deploy/templates/ca-config.json.j2
+++ b/roles/deploy/templates/ca-config.json.j2
@ -12,9 +12,7 @@
            "client auth"
        ],
        "expiry": "{{ CERT_EXPIRY }}"
-      }
-    },
-    "profiles": {
+      },
      "kcfg": {
        "usages": [
            "signing",