windows7导入k8s用户证书

发布时间：2020-12-14 02:33:31 所属栏目：Windows 来源：网络整理

导读：通过浏览器访问需要给浏览器生成一个 client 证书，访问 apiserver 的 6443 https 端口时使用这里使用部署 kubectl 命令行工具时创建的 admin 证书、私钥和上面的 ca 证书，创建一个浏览器可以使用 PKCS# 12 / PFX 格式的证书：[[email?protected] -node1 k8

通过浏览器访问


需要给浏览器生成一个 client 证书，访问 apiserver 的 6443 https 端口时使用


这里使用部署 kubectl 命令行工具时创建的 admin 证书、私钥和上面的 ca 证书，创建一个浏览器可以使用 PKCS#12/PFX 格式的证书：

[[email?protected]-node1 k8s]# cd /opt/k8s/
[[email?protected]-node1 k8s]# ls
admin.csr       ca-bundle.crt   cert                       etcd-csr.json          flanneld-key.pem    kubernetes
admin-csr.json  ca-config.json  encryption-config.yaml     etcd-key.pem           flanneld.pem        kubernetes.csr
admin-key.pem   ca.csr          etcd-192.168.0.72.service  etcd.pem               flanneld.service    kubernetes-csr.json
admin.pem       ca-csr.json     etcd-192.168.0.73.service  etcd.service.template  kubectl.kubeconfig  kubernetes-key.pem
                ca-key.pem      etcd-192.168.0.74.service  flanneld.csr           kube.p12            kubernetes.pem
                ca.pem          etcd.csr                   flanneld-csr.json      kube.p13

[[email?protected]-node1 k8s]# ls
admin.csr       ca-bundle.crt   cert                       etcd-csr.json          flanneld-key.pem    kubernetes
admin-csr.json  ca-config.json  encryption-config.yaml     etcd-key.pem           flanneld.pem        kubernetes.csr
admin-key.pem   ca.csr          etcd-192.168.0.72.service  etcd.pem               flanneld.service    kubernetes-csr.json
admin.pem       ca-csr.json     etcd-192.168.0.73.service  etcd.service.template  kubectl.kubeconfig  kubernetes-key.pem
admin.pfx       ca-key.pem      etcd-192.168.0.74.service  flanneld.csr           kube.p12            kubernetes.pem
bin             ca.pem          etcd.csr                   flanneld-csr.json      kube.p13


[[email?protected]-node1 k8s]# openssl pkcs12 -export -out admin.pfx -inkey admin-key.pem -in admin.pem -certfile ca.pem
将创建的 admin.pfx 导入到系统的证书中。

把证书安装到本地计算机

先把admin.pfx 导入到windos上

Win+R
运行——MMC
文件——添加/删除管理单元——证书——添加
这时候我们可以选择
我用用户账户
服务器账户
计算机帐户
选择计算机帐户
找到到受信任的证书颁发机构--右键--所有任务--导入--下一步--浏览--右下角选择所有文件（*.*）--找到文件导入



开始访问

https://192.168.0.200:8443/

{
  "paths": [
    "/api","/api/v1","/apis","/apis/","/apis/admissionregistration.k8s.io","/apis/admissionregistration.k8s.io/v1beta1","/apis/apiextensions.k8s.io","/apis/apiextensions.k8s.io/v1beta1","/apis/apiregistration.k8s.io","/apis/apiregistration.k8s.io/v1","/apis/apiregistration.k8s.io/v1beta1","/apis/apps","/apis/apps/v1","/apis/apps/v1beta1","/apis/apps/v1beta2","/apis/authentication.k8s.io","/apis/authentication.k8s.io/v1","/apis/authentication.k8s.io/v1beta1","/apis/authorization.k8s.io","/apis/authorization.k8s.io/v1","/apis/authorization.k8s.io/v1beta1","/apis/autoscaling","/apis/autoscaling/v1","/apis/autoscaling/v2beta1","/apis/batch","/apis/batch/v1","/apis/batch/v1beta1","/apis/certificates.k8s.io","/apis/certificates.k8s.io/v1beta1","/apis/events.k8s.io","/apis/events.k8s.io/v1beta1","/apis/extensions","/apis/extensions/v1beta1","/apis/networking.k8s.io","/apis/networking.k8s.io/v1","/apis/policy","/apis/policy/v1beta1","/apis/rbac.authorization.k8s.io","/apis/rbac.authorization.k8s.io/v1","/apis/rbac.authorization.k8s.io/v1beta1","/apis/scheduling.k8s.io","/apis/scheduling.k8s.io/v1beta1","/apis/storage.k8s.io","/apis/storage.k8s.io/v1","/apis/storage.k8s.io/v1beta1","/healthz","/healthz/autoregister-completion","/healthz/etcd","/healthz/ping","/healthz/poststarthook/apiservice-openapi-controller","/healthz/poststarthook/apiservice-registration-controller","/healthz/poststarthook/apiservice-status-available-controller","/healthz/poststarthook/bootstrap-controller","/healthz/poststarthook/ca-registration","/healthz/poststarthook/generic-apiserver-start-informers","/healthz/poststarthook/kube-apiserver-autoregistration","/healthz/poststarthook/rbac/bootstrap-roles","/healthz/poststarthook/scheduling/bootstrap-system-priority-classes","/healthz/poststarthook/start-apiextensions-controllers","/healthz/poststarthook/start-apiextensions-informers","/healthz/poststarthook/start-kube-aggregator-informers","/healthz/poststarthook/start-kube-apiserver-admission-initializer","/healthz/poststarthook/start-kube-apiserver-informers","/logs","/metrics","/openapi/v2","/swagger-2.0.0.json","/swagger-2.0.0.pb-v1","/swagger-2.0.0.pb-v1.gz","/swagger-ui/","/swagger.json","/swaggerapi","/version"
  ]
}

（编辑：李大同）

【声明】本站内容均来自网络，其相关言论仅代表作者个人观点，不代表本站立场。若无意侵犯到您的权利，请及时与联系站长删除相关内容!