1. 程式人生 > >windows7導入k8s用戶證書

windows7導入k8s用戶證書

生成 cer dmi cert 訪問 art crt flanneld sts

通過瀏覽器訪問


需要給瀏覽器生成一個 client 證書,訪問 apiserver 的 6443 https 端口時使用


這裏使用部署 kubectl 命令行工具時創建的 admin 證書、私鑰和上面的 ca 證書,創建一個瀏覽器可以使用 PKCS#12/PFX 格式的證書:

[root@kube-node1 k8s]# cd /opt/k8s/
[root@kube-node1 k8s]# ls
admin.csr       ca-bundle.crt   cert                       etcd-csr.json          flanneld-key.pem    kubernetes
admin
-csr.json ca-config.json encryption-config.yaml etcd-key.pem flanneld.pem kubernetes.csr admin-key.pem ca.csr etcd-192.168.0.72.service etcd.pem flanneld.service kubernetes-csr.json admin.pem ca-csr.json etcd-192.168.0.73.service etcd.service.template kubectl.kubeconfig kubernetes-key.pem ca
-key.pem etcd-192.168.0.74.service flanneld.csr kube.p12 kubernetes.pem ca.pem etcd.csr flanneld-csr.json kube.p13 [root@kube-node1 k8s]# ls admin.csr ca-bundle.crt cert etcd-csr.json flanneld-key.pem kubernetes admin
-csr.json ca-config.json encryption-config.yaml etcd-key.pem flanneld.pem kubernetes.csr admin-key.pem ca.csr etcd-192.168.0.72.service etcd.pem flanneld.service kubernetes-csr.json admin.pem ca-csr.json etcd-192.168.0.73.service etcd.service.template kubectl.kubeconfig kubernetes-key.pem admin.pfx ca-key.pem etcd-192.168.0.74.service flanneld.csr kube.p12 kubernetes.pem bin ca.pem etcd.csr flanneld-csr.json kube.p13 [root@kube-node1 k8s]# openssl pkcs12 -export -out admin.pfx -inkey admin-key.pem -in admin.pem -certfile ca.pem 將創建的 admin.pfx 導入到系統的證書中。 把證書安裝到本地計算機 先把admin.pfx 導入到windos上 Win+R 運行——MMC 文件——添加/刪除管理單元——證書——添加 這時候我們可以選擇 我用用戶賬戶 服務器賬戶 計算機帳戶 選擇計算機帳戶 找到到受信任的證書頒發機構--右鍵--所有任務--導入--下一步--瀏覽--右下角選擇所有文件(*.*)--找到文件導入 開始訪問 https://192.168.0.200:8443/ { "paths": [ "/api", "/api/v1", "/apis", "/apis/", "/apis/admissionregistration.k8s.io", "/apis/admissionregistration.k8s.io/v1beta1", "/apis/apiextensions.k8s.io", "/apis/apiextensions.k8s.io/v1beta1", "/apis/apiregistration.k8s.io", "/apis/apiregistration.k8s.io/v1", "/apis/apiregistration.k8s.io/v1beta1", "/apis/apps", "/apis/apps/v1", "/apis/apps/v1beta1", "/apis/apps/v1beta2", "/apis/authentication.k8s.io", "/apis/authentication.k8s.io/v1", "/apis/authentication.k8s.io/v1beta1", "/apis/authorization.k8s.io", "/apis/authorization.k8s.io/v1", "/apis/authorization.k8s.io/v1beta1", "/apis/autoscaling", "/apis/autoscaling/v1", "/apis/autoscaling/v2beta1", "/apis/batch", "/apis/batch/v1", "/apis/batch/v1beta1", "/apis/certificates.k8s.io", "/apis/certificates.k8s.io/v1beta1", "/apis/events.k8s.io", "/apis/events.k8s.io/v1beta1", "/apis/extensions", "/apis/extensions/v1beta1", "/apis/networking.k8s.io", "/apis/networking.k8s.io/v1", "/apis/policy", "/apis/policy/v1beta1", "/apis/rbac.authorization.k8s.io", "/apis/rbac.authorization.k8s.io/v1", "/apis/rbac.authorization.k8s.io/v1beta1", "/apis/scheduling.k8s.io", "/apis/scheduling.k8s.io/v1beta1", "/apis/storage.k8s.io", "/apis/storage.k8s.io/v1", "/apis/storage.k8s.io/v1beta1", "/healthz", "/healthz/autoregister-completion", "/healthz/etcd", "/healthz/ping", "/healthz/poststarthook/apiservice-openapi-controller", "/healthz/poststarthook/apiservice-registration-controller", "/healthz/poststarthook/apiservice-status-available-controller", "/healthz/poststarthook/bootstrap-controller", "/healthz/poststarthook/ca-registration", "/healthz/poststarthook/generic-apiserver-start-informers", "/healthz/poststarthook/kube-apiserver-autoregistration", "/healthz/poststarthook/rbac/bootstrap-roles", "/healthz/poststarthook/scheduling/bootstrap-system-priority-classes", "/healthz/poststarthook/start-apiextensions-controllers", "/healthz/poststarthook/start-apiextensions-informers", "/healthz/poststarthook/start-kube-aggregator-informers", "/healthz/poststarthook/start-kube-apiserver-admission-initializer", "/healthz/poststarthook/start-kube-apiserver-informers", "/logs", "/metrics", "/openapi/v2", "/swagger-2.0.0.json", "/swagger-2.0.0.pb-v1", "/swagger-2.0.0.pb-v1.gz", "/swagger-ui/", "/swagger.json", "/swaggerapi", "/version" ] }

windows7導入k8s用戶證書