k8s dashboard 解决secret自建证书导致浏览器访问限制

解决参考： https://www.jianshu.com/p/c6d560d12d50

 

熟悉dashboard yaml文件所创建的资源

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta6/aio/deploy/recommended.yaml

查看recommended.yaml文件，dashboard secret对象为自动生成，证书无效，需要手动修改替换

 

生成证书

证书生成还可参考： https://kubernetes.io/docs/concepts/cluster-administration/certificates/

openssl genrsa -out dashboard.key 2048

openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=stage.navinfo.sg'

openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt

openssl x509 -in dashboard.crt -text -noout

 

根据证书和秘钥创建 secret

kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt

 

修改recommended.yaml 的service为NodePort，创建dashboard其他资源对象

 

web访问https://IP:NodePort

使用token登录dashboard，查看namaspace中的 ServiceAccount

 

recommend.yaml创建的用户权限不够，需要创建一个admin用户，登录dashboard

dashboard-adminuser.yaml 参考： https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md