0

我正在尝试使用X.509 客户端证书授予用户对 Kubernetes 的访问权限

我正在使用(subjectAltName= my_domain.com):

openssl req -new -newkey rsa:4096 -nodes -keyout Bob.key -out Bob.csr -subj "/C=DK/ST=Frb/L=Cph/O=engineering/CN=Bob" -addext "subjectAltName = DNS:my_domain.com"

库/配置:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <..Q0FURS0tLS0tCk..>
    server: https://my_domain.com:<port>
  name: bob
contexts:
- context:
    cluster: bob
    user: Bob
  name: bob
current-context: bob
kind: Config
preferences: {}
users:
- name: Bob
  user:
    client-certificate: /home/cred/Bob.crt
    client-key: /home/cred/Bob.key

错误:

Unable to connect to the server: x509: certificate is valid for control-plane,... not my_domain.com

你知道如何在域后面进行这项工作,本地k8s服务器IP地址映射到哪里?

4

1 回答 1

0

正如 Anant Swaraj 所提到的,解决方案是这里的问题你需要添加subjectAltNamekubeadm-config并重新启动kube-apiserver

于 2021-10-01T14:21:43.950 回答