通过浏览器访问
需要给浏览器生成一个 client 证书,访问 apiserver 的 6443 https 端口时使用
这里使用部署 kubectl 命令行工具时创建的 admin 证书、私钥和上面的 ca 证书,创建一个浏览器可以使用 PKCS#12/PFX 格式的证书:
[root@kube-node1 k8s]# cd /opt/k8s/
[root@kube-node1 k8s]# ls
admin.csr ca-bundle.crt cert etcd-csr.json flanneld-key.pem kubernetes
admin-csr.json ca-config.json encryption-config.yaml etcd-key.pem flanneld.pem kubernetes.csr
admin-key.pem ca.csr etcd-192.168.0.72.service etcd.pem flanneld.service kubernetes-csr.json
admin.pem ca-csr.json etcd-192.168.0.73.service etcd.service.template kubectl.kubeconfig kubernetes-key.pem
ca-key.pem etcd-192.168.0.74.service flanneld.csr kube.p12 kubernetes.pem
ca.pem etcd.csr flanneld-csr.json kube.p13
[root@kube-node1 k8s]# ls
admin.csr ca-bundle.crt cert etcd-csr.json flanneld-key.pem kubernetes
admin-csr.json ca-config.json encryption-config.yaml etcd-key.pem flanneld.pem kubernetes.csr
admin-key.pem ca.csr etcd-192.168.0.72.service etcd.pem flanneld.service kubernetes-csr.json
admin.pem ca-csr.json etcd-192.168.0.73.service etcd.service.template kubectl.kubeconfig kubernetes-key.pem
admin.pfx ca-key.pem etcd-192.168.0.74.service flanneld.csr kube.p12 kubernetes.pem
bin ca.pem etcd.csr flanneld-csr.json kube.p13
[root@kube-node1 k8s]# openssl pkcs12 -export -out admin.pfx -inkey admin-key.pem -in admin.pem -certfile ca.pem
将创建的 admin.pfx 导入到系统的证书中。
把证书安装到本地计算机
先把admin.pfx 导入到windos上
Win+R
运行——MMC
文件——添加/删除管理单元——证书——添加
这时候我们可以选择
我用用户账户
服务器账户
计算机帐户
选择计算机帐户
找到到受信任的证书颁发机构--右键--所有任务--导入--下一步--浏览--右下角选择所有文件(*.*)--找到文件导入
开始访问
https://192.168.0.200:8443/
{
"paths": [
"/api",
"/api/v1",
"/apis",
"/apis/",
"/apis/admissionregistration.k8s.io",
"/apis/admissionregistration.k8s.io/v1beta1",
"/apis/apiextensions.k8s.io",
"/apis/apiextensions.k8s.io/v1beta1",
"/apis/apiregistration.k8s.io",
"/apis/apiregistration.k8s.io/v1",
"/apis/apiregistration.k8s.io/v1beta1",
"/apis/apps",
"/apis/apps/v1",
"/apis/apps/v1beta1",
"/apis/apps/v1beta2",
"/apis/authentication.k8s.io",
"/apis/authentication.k8s.io/v1",
"/apis/authentication.k8s.io/v1beta1",
"/apis/authorization.k8s.io",
"/apis/authorization.k8s.io/v1",
"/apis/authorization.k8s.io/v1beta1",
"/apis/autoscaling",
"/apis/autoscaling/v1",
"/apis/autoscaling/v2beta1",
"/apis/batch",
"/apis/batch/v1",
"/apis/batch/v1beta1",
"/apis/certificates.k8s.io",
"/apis/certificates.k8s.io/v1beta1",
"/apis/events.k8s.io",
"/apis/events.k8s.io/v1beta1",
"/apis/extensions",
"/apis/extensions/v1beta1",
"/apis/networking.k8s.io",
"/apis/networking.k8s.io/v1",
"/apis/policy",
"/apis/policy/v1beta1",
"/apis/rbac.authorization.k8s.io",
"/apis/rbac.authorization.k8s.io/v1",
"/apis/rbac.authorization.k8s.io/v1beta1",
"/apis/scheduling.k8s.io",
"/apis/scheduling.k8s.io/v1beta1",
"/apis/storage.k8s.io",
"/apis/storage.k8s.io/v1",
"/apis/storage.k8s.io/v1beta1",
"/healthz",
"/healthz/autoregister-completion",
"/healthz/etcd",
"/healthz/ping",
"/healthz/poststarthook/apiservice-openapi-controller",
"/healthz/poststarthook/apiservice-registration-controller",
"/healthz/poststarthook/apiservice-status-available-controller",
"/healthz/poststarthook/bootstrap-controller",
"/healthz/poststarthook/ca-registration",
"/healthz/poststarthook/generic-apiserver-start-informers",
"/healthz/poststarthook/kube-apiserver-autoregistration",
"/healthz/poststarthook/rbac/bootstrap-roles",
"/healthz/poststarthook/scheduling/bootstrap-system-priority-classes",
"/healthz/poststarthook/start-apiextensions-controllers",
"/healthz/poststarthook/start-apiextensions-informers",
"/healthz/poststarthook/start-kube-aggregator-informers",
"/healthz/poststarthook/start-kube-apiserver-admission-initializer",
"/healthz/poststarthook/start-kube-apiserver-informers",
"/logs",
"/metrics",
"/openapi/v2",
"/swagger-2.0.0.json",
"/swagger-2.0.0.pb-v1",
"/swagger-2.0.0.pb-v1.gz",
"/swagger-ui/",
"/swagger.json",
"/swaggerapi",
"/version"
]
}