kubernetes dashboard 自签证书

1、创建自签名CA

mkdir -p /data/tls && cd /data/tls

生成私钥

openssl genrsa -out ca.key 2048

生成自签名证书

openssl req -new -x509 -key ca.key -out ca.crt -days 3650 -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=CA"

查看CA内容

openssl x509 -in ca.crt -noout -text

2、签发dashboard证书
生成私钥

openssl genrsa -out dashboard.key 2048

申请签名请求

# ip为dashaboard访问地址ip

export ip=192.168.160.100

openssl req -new -sha256 -key dashboard.key -out dashboard.csr -subj "/C=CN/ST=HB/L=WH/O=DM/OU=YPT/CN=$ip"

cat >  dashboard.cnf  <

签发证书

 openssl x509 -req -sha256 -days 3650 -in dashboard.csr -out dashboard.crt -CA ca.crt -CAkey ca.key -CAcreateserial -extfile dashboard.cnf

查看证书

openssl x509 -in dashboard.crt -noout -text

3、挂载证书到dashboard
删除已经部署的dashboard

 kubectl delete -f kubernetes-dashboard.yml 

创建 secret kubernetes-dashboard-certs

kubectl create secret generic kubernetes-dashboard-certs --from-file="tls/dashboard.crt,tls/dashboard.key" -n kube-system 

查看secret内容

 kubectl get secret kubernetes-dashboard-certs -n kube-system -o yaml

重新部署dashboard

 kubectl apply -f kubernetes-dashboard.yml