Update authentication.md

Fix leading spaces in commands.
2017-08-15 19:58:24 +08:00 · 2017-08-15 19:58:24 +08:00 · 621959eeb2
parent b568610c08
commit 621959eeb2
1 changed files with 15 additions and 15 deletions
--- a/docs/admin/authentication.md
+++ b/docs/admin/authentication.md
@ -722,23 +722,23 @@ Finally, add the following parameters into API server start parameters:

 1.  Download, unpack, and initialize the patched version of easyrsa3.

-          curl -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz
-          tar xzf easy-rsa.tar.gz
-          cd easy-rsa-master/easyrsa3
-          ./easyrsa init-pki
+        curl -L -O https://storage.googleapis.com/kubernetes-release/easy-rsa/easy-rsa.tar.gz
+        tar xzf easy-rsa.tar.gz
+        cd easy-rsa-master/easyrsa3
+        ./easyrsa init-pki
 1.  Generate a CA. (`--batch` set automatic mode. `--req-cn` default CN to use.)

-          ./easyrsa --batch "--req-cn=${MASTER_IP}@`date +%s`" build-ca nopass
+        ./easyrsa --batch "--req-cn=${MASTER_IP}@`date +%s`" build-ca nopass
 1.  Generate server certificate and key.
    (build-server-full [filename]: Generate a keypair and sign locally for a client or server)

-          ./easyrsa --subject-alt-name="IP:${MASTER_IP}" build-server-full server nopass
+        ./easyrsa --subject-alt-name="IP:${MASTER_IP}" build-server-full server nopass
 1.  Copy `pki/ca.crt`, `pki/issued/server.crt`, and `pki/private/server.key` to your directory.
 1.  Fill in and add the following parameters into the API server start parameters:

-          --client-ca-file=/yourdirectory/ca.crt
-          --tls-cert-file=/yourdirectory/server.crt
-          --tls-private-key-file=/yourdirectory/server.key
+        --client-ca-file=/yourdirectory/ca.crt
+        --tls-cert-file=/yourdirectory/server.crt
+        --tls-private-key-file=/yourdirectory/server.key

 #### openssl

@ -746,22 +746,22 @@ Finally, add the following parameters into API server start parameters:

 1.  Generate a ca.key with 2048bit:

-          openssl genrsa -out ca.key 2048
+        openssl genrsa -out ca.key 2048
 1.  According to the ca.key generate a ca.crt (use -days to set the certificate effective time):

-          openssl req -x509 -new -nodes -key ca.key -subj "/CN=${MASTER_IP}" -days 10000 -out ca.crt
+        openssl req -x509 -new -nodes -key ca.key -subj "/CN=${MASTER_IP}" -days 10000 -out ca.crt
 1.  Generate a server.key with 2048bit

-          openssl genrsa -out server.key 2048
+        openssl genrsa -out server.key 2048
 1.  According to the server.key generate a server.csr:

-          openssl req -new -key server.key -subj "/CN=${MASTER_IP}" -out server.csr
+        openssl req -new -key server.key -subj "/CN=${MASTER_IP}" -out server.csr
 1.  According to the ca.key, ca.crt and server.csr generate the server.crt:

-          openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000
+        openssl x509 -req -in server.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out server.crt -days 10000
 1.  View the certificate.

-          openssl x509  -noout -text -in ./server.crt
+        openssl x509  -noout -text -in ./server.crt

 Finally, do not forget to fill out and add the same parameters into the API server start parameters.