Generate simple certs simply


Generate simple certs simply

Install via download (currently Linux only)

  1. download
  2. extract: tar -xf gencert-linux.tar.gz; cd gencert
  3. run: ./gencert ca /CN=KUBERNETES-CA --dry-run

Run via Docker

  1. Create a Bash alias alias gencert="docker run -v $PWD/kubecerts:/app gerrywastaken/gencert"
  2. gencert ca /CN=KUBERNETES-CA
  3. gencert admin /CN=admin/O=system:masters

Run via Crystal

  1. Install Crystal
  2. Download this code
  3. Build shards build gencert
  4. Run bin/gencert --help


Kubernetes the... ummmm hard way cert generation:

# This script expects a ca.crt and ca.key to exist in the current directory.
# If you do not have one you can just generate it:

gencert ca /CN=KUBERNETES-CA

gencert admin /CN=admin/O=system:masters
gencert kube-controller-manager /CN=system:kube-controller-manager
gencert kube-proxy /CN=system:kube-proxy
gencert kube-scheduler /CN=system:kube-scheduler
gencert service-account /CN=service-accounts

# Pass alternate ips or domains to associate with the certificate

gencert kube-apiserver /CN=kube-apiserver \
  --dns kubernetes \
  --dns kubernetes.default \
  --dns kubernetes.default.svc \
  --dns kubernetes.default.svc.cluster.local \
  --ip \
  --ip \
  --ip \
  --ip \

# Or you can just pass an openssl config file

gencert etcd-server /CN=etcd-server -c ../openssl-etcd.cnf
gencert worker-1 /CN=system:node:worker-1/O=system:nodes -c ../openssl-worker-1.cnf


  1. Install Crystal:
  2. Download this code and navigate to the directory
  3. Make your change
  4. Compile: shards build --debug gencert
  5. Test: bin/gencert --help


  1. Fork it (
  2. Create your feature branch (git checkout -b my-new-feature)
  3. Commit your changes (git commit -am 'Add some feature')
  4. Push to the branch (git push origin my-new-feature)
  5. Create a new Pull Request


  • Gerry - creator and maintainer
Github statistic:
  • 1
  • 1
  • 0
  • 1
  • 0
  • 8 days ago


MIT License