Update 01-CA_and_prerequisite.md

fix json格式错误
pull/1186/head
libinglong 2022-09-17 10:52:02 +08:00 committed by jmgao
parent a9fc0d0c50
commit 580f41308b
1 changed files with 23 additions and 25 deletions

View File

@ -27,32 +27,30 @@ kubernetes 系统各组件需要使用 TLS 证书对通信进行加密,使用
#### 创建 CA 配置文件 [ca-config.json.j2](../../roles/deploy/templates/ca-config.json.j2)
``` bash
{
"signing": {
"default": {
"expiry": "{{ CERT_EXPIRY }}"
},
"profiles": {
"kubernetes": {
"usages": [
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry": "{{ CERT_EXPIRY }}"
}
},
"profiles": {
"kcfg": {
"usages": [
"signing",
"key encipherment",
"client auth"
],
"expiry": "{{ CUSTOM_EXPIRY }}"
}
"signing":{
"default":{
"expiry":"{{ CERT_EXPIRY }}"
},
"profiles":{
"kubernetes":{
"usages":[
"signing",
"key encipherment",
"server auth",
"client auth"
],
"expiry":"{{ CERT_EXPIRY }}"
},
"kcfg":{
"usages":[
"signing",
"key encipherment",
"client auth"
],
"expiry":"{{ CUSTOM_EXPIRY }}"
}
}
}
}
}
```
+ `signing`:表示该证书可用于签名其它证书;生成的 ca.pem 证书中 `CA=TRUE`