scottk/kubernetes
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/kubernetes.git synced 2025-12-15 20:37:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Complete the mitm prevention on GCE.

Browse Source
This commit is contained in:
Brendan Burns
2014-09-23 14:14:34 -07:00
parent 31f4aba785
commit cafd20b233
3 changed files with 25 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cluster/saltbase/salt/nginx/kubernetes-site
View File

@@ -38,8 +38,8 @@ server {
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
location / {

10
cluster/saltbase/salt/nginx/make-ca-cert.sh
View File

@@ -39,9 +39,9 @@ cd easy-rsa-master/easyrsa3
./easyrsa --batch build-ca nopass > /dev/null 2>&1
./easyrsa --subject-alt-name=IP:$cert_ip build-server-full kubernetes-master nopass > /dev/null 2>&1
./easyrsa build-client-full kubecfg nopass > /dev/null 2>&1
cp pki/issued/kubernetes-master.crt /usr/share/nginx/server.cert > /dev/null 2>&1
cp pki/private/kubernetes-master.key /usr/share/nginx/server.key > /dev/null 2>&1
cp pki/ca.crt /usr/share/nginx/ca.crt
cp pki/issued/kubecfg.crt /usr/share/nginx/kubecfg.crt
cp pki/private/kubecfg.key /usr/share/nginx/kubecfg.key
cp -p pki/issued/kubernetes-master.crt /usr/share/nginx/server.cert > /dev/null 2>&1
cp -p pki/private/kubernetes-master.key /usr/share/nginx/server.key > /dev/null 2>&1
cp -p pki/ca.crt /usr/share/nginx/ca.crt
cp -p pki/issued/kubecfg.crt /usr/share/nginx/kubecfg.crt
cp -p pki/private/kubecfg.key /usr/share/nginx/kubecfg.key