##########+++++++=== 创建证书:hdss7-200.hostname(10.4.7.200)上面操作: cd /opt/certs 用openssl 创建证书 一、创建私钥: (umask 077; openssl genrsa -out dashboard.od.com.key 2048)二、创建证书签发的请求文件 openssl req -new -key dashboard.od.com.key -out dashboard.od.com.csr -subj "/CN=dashboard.od.com/C=CN/ST=BJ/L=Beijing/O=OldboyEdu/OU=ops"
三、签发证书 openssl x509 -req -in dashboard.od.com.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out dashboard.od.com.crt -days 3650
#######+++++++++ 配置认证:[ 10.4.7.11 10.4.7.12 ] cd /etc/nginx && mkdir certs && cd certs scp hdss7-200:/opt/certs/dashboard.od.com.key . scp hdss7-200:/opt/certs/dashboard.od.com.crt .
cd /etc/nginx/conf.d vim dashboard.od.com.conf server { listen 80; server_name dashboard.od.com; rewrite ^(.*)$ https://${server_name}$1 permanent; } server{ listen 443 ssl; server_name dashboard.od.com; ssl_certificate /etc/nginx/certs/dashboard.od.com.crt; ssl_certificate_key /etc/nginx/certs/dashboard.od.com.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://default_backend_traefik; } } 保存,退出,重启nginx nginx -t nginx -s reload ######++++++++ dashboard ---->sign in 清除浏览器缓存,重新打开dashboard.od.com
hdss7-21
kubectl describe secret kubernetes-dashboard-admin-token-2jvzg -n kube-system
+++++++++ 如果把密钥复制到浏览器里面,点sign in 没有反应,可以尝试换一个新一点版本的dashboard hdss7-200 上面操作: docker pull hexun/kubernetes-dashboard-amd64:v1.10.1 docker images|grep dashboard docker tag f9aed6605b81 harbor.od.com/public/dashboard:v1.10.1
docker login harbor.od.com docker push harbor.od.com/public/dashboard:v1.10.1
#################++++++++ 我们可以通过 在 hdss7-200 上面修改 dashboard 的deployment的yaml文件 再 kubectl apply -f
也可直接在dashboard.od.com 图形化界面里面修改。
hdss7-21 或者 hdss7-22 上面查看新的窗口是否启动成功
浏览器,清除浏览器缓存,重新登录 dashboard.od.com
