k8s dashboard 解決secret自建證書導致瀏覽器訪問限制

解決參考： https://www.jianshu.com/p/c6d560d12d50

 

熟悉dashboard yaml文件所創建的資源

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta6/aio/deploy/recommended.yaml

查看recommended.yaml文件，dashboard secret對象為自動生成，證書無效，需要手動修改替換

 

生成證書

證書生成還可參考： https://kubernetes.io/docs/concepts/cluster-administration/certificates/

openssl genrsa -out dashboard.key 2048

openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=stage.navinfo.sg'

openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt

openssl x509 -in dashboard.crt -text -noout

 

根據證書和秘鑰創建 secret

kubectl create secret generic kubernetes-dashboard-certs --from-file=dashboard.key --from-file=dashboard.crt

 

修改recommended.yaml 的service為NodePort，創建dashboard其他資源對象

 

web訪問https://IP:NodePort

使用token登錄dashboard，查看namaspace中的 ServiceAccount

 

recommend.yaml創建的用戶權限不夠，需要創建一個admin用戶，登錄dashboard

dashboard-adminuser.yaml 參考： https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md