新版本的k8s dashboard ,只允许你用https访问,chrome不允许没有证书的网站用https访问,要解决这个问题有3个办法:
-
chrome加参数忽略证书
--test-type --ignore-certificate-errors
-
火狐浏览器访问:
-
自签证书
当然自己生成的CA在chrome中会被标成不安全的网站,但是可以访问了。
只需要创建 secret 指定证书即可,关于自签证书的流程参考我的这篇文章:
生成自签https证书
- 创建 secret kubernetes-dashboard-certs
kubectl delete secret kubernetes-dashboard-certs -n kube-system && \
kubectl create secret generic kubernetes-dashboard-certs --from-file="/usr/program/devk8s/dashboard.crt,/usr/program/devk8s/dashboard.key" -n kube-system
这里crt和key文件的文件名一定要叫dashboard,不然证书会无效,我真是服了
- 查看secret内容
kubectl get secret kubernetes-dashboard-certs -n kube-system -o yaml
# 内容如下:
apiVersion: v1
data:
k8s-dashboard.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVFekNDQXZ1Z0F3SUJBZ0lKQU9LTlRRME9qZ1UrTUEwR0NTcUdTSWIzRFFFQkN3VUFNR014Q3pBSkJnTlYKQkFZVEFrTk9NUTR3REFZRFZRUUlEQVZoYm1oMWFURU5NQXNHQTFVRUJ3d0VkM1ZvZFRFTU1Bb0dBMVVFQ2d3RApaR1YyTVE4d0RRWURWUVFMREFacGMyeGhibVF4RmpBVUJnTlZCQU1NRFNvdWIyNWxZbVZoYmk1dVpYUXdIaGNOCk1qQXdOak13TVRVek1qSXhXaGNOTXpBd05qSTRNVFV6TWpJeFdqQnZNUXN3Q1FZRFZRUUdFd0pEVGpFT01Bd0cKQTFVRUNBd0ZZVzVvZFdreERUQUxCZ05WQkFjTUJIZDFhSFV4RERBS0JnTlZCQW9NQTJSbGRqRVBNQTBHQTFVRQpDd3dHYVhOc1lXNWtNU0l3SUFZRFZRUUREQmxyT0hNdFpHRnphR0p2WVhKa0xtOXVaV0psWVc0dWJtVjBNSUlCCklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF0RUJVWUxoekpmN0RCU2hZR0gveDJyL3AKWEtrQmdCazNDUTQ1bkdJalQ1QU1lQmNsWThlVmxKNXJXS2pwYUoxWkFIdUtmNUVEcm9QczFBSDYzZGZEVm95UQpicndFM0UrdE4yWERlRTF4QU4zV0VIUXoxL3FZZHB4UkR4bXZrd1p2ays1Q21tbi9LbGxZUWZkdVlpQmw2cTg4CkR0QXNGVTE4VnR2c2FEdDU4QjJhNlF2a2wwNnR6VFlHM3JWYUZEVVRZNmlLaE1ON2NjMUlzSGdpNUpFR3o5YXEKbGdmbldBek5xanE2ZkpjVzFqSG5Mc1lOaDdEeXFEb2NpMlpZdDQ1eDlYVzk0UG1QQlVMbW5XUnZ3cDkyM3JJdwpuSWs0Z1A4dG5Bc3RNQnpnekpoTkNTM0ZFWHdlcFdnTjQ5V3lVSXZrRUpRZXBPbENKTGl0OTZpQVNIU0dXd0lECkFRQUJvNEc5TUlHNk1Bc0dBMVVkRHdRRUF3SUhnREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQWdZSUt3WUIKQlFVSEF3RXdIUVlEVlIwT0JCWUVGQTZzeHVZSW03ckZGak5mbWRIYndpYjA3cnVtTUI4R0ExVWRJd1FZTUJhQQpGSnkrSExWKzNlNFI3MVJhOEZVODNuUVlOOW5QTUV3R0ExVWRFUVJGTUVPSEJNQ29rbytIQkg4QUFBR0NEekU1Ck1pNHhOamd1TVRRMkxqRTBNNElKYkc5allXeG9iM04wZ2hsck9ITXRaR0Z6YUdKdllYSmtMbTl1WldKbFlXNHUKYm1WME1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQVZaa2lVaksySFZjRnZCa2wwQm91dVJQTktySVBRSDJFNgpKb0p1cVFxOTJZc1puaS9FRFZJYnJXRTBtR2JTZDc1TW1taHFvWE9PNTg0bVNxNUdQcmhlbEN5SWtZMWtYUlBrCjNtYnp1bDJOVE1SUlZLbm5oM2doYW5FRnVCWk12bThuZWtKdVJmWElmLzA4Z04xdi9CRDBHTlg5RVVOZWlkbU8KeVBMNUFia3l4Z3JBUzNpQVR0RlcvcWZZVWlTWUR6K2l5dnowa2lmVTZ3dDRERGRsWHJxY2F5b0R1WmVlOE9tYwovT0ZmdHN1dUQ5VWtiR2xGRFQ4Y2tkSGxiMDlEd2JvRDZCVWtNTFdjZkJFUXJnOERGaTZTTmc4b3NIb2tWUU1JCm02bFBudWJnYXc0SWIrSkVCV1NiNlVza2QvWllYOTdPWjlZL2dTSEtIN090Rjk3RG9nQkkKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
k8s-dashboard.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBdEVCVVlMaHpKZjdEQlNoWUdIL3gyci9wWEtrQmdCazNDUTQ1bkdJalQ1QU1lQmNsClk4ZVZsSjVyV0tqcGFKMVpBSHVLZjVFRHJvUHMxQUg2M2RmRFZveVFicndFM0UrdE4yWERlRTF4QU4zV0VIUXoKMS9xWWRweFJEeG12a3dadmsrNUNtbW4vS2xsWVFmZHVZaUJsNnE4OER0QXNGVTE4VnR2c2FEdDU4QjJhNlF2awpsMDZ0elRZRzNyVmFGRFVUWTZpS2hNTjdjYzFJc0hnaTVKRUd6OWFxbGdmbldBek5xanE2ZkpjVzFqSG5Mc1lOCmg3RHlxRG9jaTJaWXQ0NXg5WFc5NFBtUEJVTG1uV1J2d3A5MjNySXduSWs0Z1A4dG5Bc3RNQnpnekpoTkNTM0YKRVh3ZXBXZ040OVd5VUl2a0VKUWVwT2xDSkxpdDk2aUFTSFNHV3dJREFRQUJBb0lCQUhCdmNES2syNjducTE2YwpPOWVNZDZDcjlUVUhkeGdnb21QVHE3d1F1MVgxMU5GVUhzNk93STlrQWpIYnF6ekdhYTRUWWVFUTQrc0gvOEovCk9hMEgyYUV6TFNUbHcySnBrUEx0VjNERFhhbmN0cHFzNFdubnR4TEZqd3FNU3lpNjZ2NnJzSUFCZmxrOFFnRmsKQmtiUFRzT0ZhMEVTT1cxUVdDOFdIL0VrcUh0TjhEYTM0a1o2Q3VPL05MK1lQejVZSVhIT1l3aHBWUUI1MmpaZQpWR25DQW15dUp2UnlPemdxbWRlckVCOVA2ck1iTDJncjUwYnhxb2RJS2xJSDhHUXltdU9ubEtGc0gvODdyYUxKClV5SlBmbkMzWEdXNlZUZWZHUlJtcGtrM3pIS3hoNlYzTU5KMitGS1dqY2lhU3A3cHdnUUxMQXJkSEk4SS9uRmgKYmpmalJZRUNnWUVBMjFaS1pzbjlMY1hmZmZlc1VCODgwL2RxWkM5RXZ1dDE1dkozK3BWY3RoY3ltc0JIOG5JUwppNzNJdCthN0FmeUJyNTlOL00rZXB6dUJNY1l4Yjg0N1BwUmVLRDVGU3FxdytFNVl6eTM2Rm9IZ29McjBMbThyClBscVo5N25SblNzVGpLbUd5ZzRwdkpUamtRamxQREd3RE9iUTlueTVza2JhbG10dktDUVVpaWNDZ1lFQTBtR0MKVDlLTk5Vdm9xc2F3Mzd1Mk9Gak9UUkV2TW41dTNHRmR4ZDNYd2lhbThkdzBmSCtLaHRnVExScUV2NUNiM0kvTQppS0tzZkpDVFZXbzIvNjRYTUc4MFNlNXloNTA2TGRlck03SDhwR1RsNjNwd1RKWmNHSjFTeUZtTXdiWXI2YytVCkFSQi90RVBzeWdMZDU2OVFReFp4TWowcmFGQkJtaU5SNVE4ZnhxMENnWUVBdXRjSDdBVzJrUTVVOG9aUGw3VDAKYVJBQzVqTEoyZVRUKzVhaWs2ZzJZTHJrRmFVajVLZzltaUpoNEI1QlFWRHEzRUxVK1QyWFJaZlAxeW1ncFVCRgpnV3A3eHNZODJuMEs0WXBENXNDZ29CbWswdVpPNlZzenVCc1B1MUhqK0lGZ1Z0dDJnWnFNL1NMTHM1bWpSS0tDCitJcUtpTjM0aGFBTHhrVGdYSTVYbk5NQ2dZRUFqZTIwa1E5VnJsQUFyajJQRTlFNlZIY3M3bmNhWlRGQXJ6S00KcGJGTkhyRWV6V29taXBzc3BGM2ZTZjFxOHlXbTBMeStXcXVNUEJqNUhKV2tkd2RHbzZsU0dGSmlON1ZOaTZIRQo0UUpCazlKeC9sUENzUmg3Rnl3RHJpQWp3b2VZeG9zQXFWc3RIRHI2NHluZDlMQ2tNQzVTdlhiZzh1VzU3RGZKCnh3TldCNTBDZ1lFQXhER2I4dmJOQ1Z5cGFESDlmYjBJREJwZ01uemZxTk9vSGpDbSsyazdUVnMvVGZqQ2tSdFYKRG9ZS2puc1Z6bGh3cXBMZlcxcFFMOHd1K20xNzNJWHlOY1RRNXl3Y0xzWHlZZlphZExITEJ4MXFnRHdjQ0duUApCdlV0ZERDeVNEbXdVRmlTZmxuVXM1YmhDZytpTWFrODFUZGxOWmsvbmJSRlJySTdnYzZxdk5rPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
kind: Secret
metadata:
creationTimestamp: "2020-06-30T15:34:40Z"
name: kubernetes-dashboard-certs
namespace: kube-system
resourceVersion: "1728623"
selfLink: /api/v1/namespaces/kube-system/secrets/kubernetes-dashboard-certs
uid: a915cd0d-195f-47d3-8975-e7350f8800e1
type: Opaque
然后就可以了
如果不行的话,重新部署一下dashboard:
kubectl get deployment kubernetes-dashboard -n kube-system -o yaml >> kubernetes-dashboard.yaml && \
kubectl delete -f kubernetes-dashboard.yaml && \
kubectl apply -f kubernetes-dashboard.yaml && \
rm -rf ./kubernetes-dashboard.yaml
网友评论