创建dashboard专用证书
[root@k8s-master private]# cd /etc/kubernetes/pki/
[root@k8s-master pki]# ll
total 60
-rw-r--r-- 1 root root 1224 Jun  3 11:32 apiserver.crt
-rw-r--r-- 1 root root 1090 Jun  3 11:32 apiserver-etcd-client.crt
-rw------- 1 root root 1679 Jun  3 11:32 apiserver-etcd-client.key
-rw------- 1 root root 1679 Jun  3 11:32 apiserver.key
-rw-r--r-- 1 root root 1099 Jun  3 11:32 apiserver-kubelet-client.crt
-rw------- 1 root root 1675 Jun  3 11:32 apiserver-kubelet-client.key
-rw-r--r-- 1 root root 1025 Jun  3 11:32 ca.crt
-rw------- 1 root root 1675 Jun  3 11:32 ca.key
drwxr-xr-x 2 root root 4096 Jun  3 11:32 etcd
-rw-r--r-- 1 root root 1038 Jun  3 11:32 front-proxy-ca.crt
-rw------- 1 root root 1679 Jun  3 11:32 front-proxy-ca.key
-rw-r--r-- 1 root root 1058 Jun  3 11:32 front-proxy-client.crt
-rw------- 1 root root 1675 Jun  3 11:32 front-proxy-client.key
-rw------- 1 root root 1675 Jun  3 11:32 sa.key
-rw------- 1 root root  451 Jun  3 11:32 sa.pub
[root@k8s-master pki]#
[root@k8s-master pki]# (umask 077;openssl genrsa -out dashboard.key 2048)
Generating RSA private key, 2048 bit long modulus
.................................+++
..........+++
e is 65537 (0x10001)
证书签署请求
# 建立一个证书专属请求
[root@k8s-master pki]# openssl req -new -key dashboard.key -out dashboard.csr -subj "/O=magedu/CN=dashboard"
[root@k8s-master pki]#
# 给证书签证
[root@k8s-master pki]# openssl x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out dashboard.crt -days 365
Signature ok
subject=/O=magedu/CN=dashboard
Getting CA Private Key
[root@k8s-master pki]#
创建 secret
# 需要把生成的私钥证建成一个secret
[root@k8s-master pki]# kubectl create secret generic dashboard-cert -n kube-system --from-file=dashboard.crt --from-file=dashboard.key=./dashboard.key
secret/dashboard-cert created
[root@k8s-master pki]#
分类: K8s

发表评论

电子邮件地址不会被公开。 必填项已用*标注