I am generating Google Compute Engine instances from instance templates. The problem is I need to create certificates for each instance, and certificates need to be for each instance's hostname. Now, instance hostnames contain a random part, f.ex. staging-node-ntsr.c.example.internal. How can I generate certificates that correspond to these dynamically generated hostnames?
I use cfssl to generate certificates, my command line looks like this:
cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=client-server worker.json | cfssljson -bare worker-clientThe context is that I need to TLS secure my Kubernetes nodes.
Solved this by generating certificates on each instance as part of bootstrapping, because then I know each instance's various addresses.