\u7528\u4e8ekubelet\u5411API\u670d\u52a1\u5668\u8fdb\u884c\u8ba4\u8bc1\u7684\u5ba2\u6237\u7aef\u8bc1\u4e66
\n\u7528\u4e8eAPI\u670d\u52a1\u5668\u7aef\u70b9\u7684\u670d\u52a1\u5668\u8bc1\u4e66
\n\u7528\u4e8e\u96c6\u7fa4\u7ba1\u7406\u5458\u5411API\u670d\u52a1\u5668\u8fdb\u884c\u8ba4\u8bc1\u7684\u5ba2\u6237\u7aef\u8bc1\u4e66
\n\u7528\u4e8eAPI\u670d\u52a1\u5668\u4e0ekubelet\u8fdb\u884c\u901a\u4fe1\u7684\u5ba2\u6237\u7aef\u8bc1\u4e66
\n\u7528\u4e8eAPI\u670d\u52a1\u5668\u4e0eetcd\u8fdb\u884c\u901a\u4fe1\u7684\u5ba2\u6237\u7aef\u8bc1\u4e66
\n\u7528\u4e8e\u63a7\u5236\u5668\u7ba1\u7406\u5668\u5411API\u670d\u52a1\u5668\u8fdb\u884c\u901a\u4fe1\u7684\u5ba2\u6237\u7aef\u8bc1\u4e66\/ kubeconfig
\n\u7528\u4e8e\u8c03\u5ea6\u5668\u5411API\u670d\u52a1\u5668\u8fdb\u884c\u901a\u4fe1\u7684\u5ba2\u6237\u7aef\u8bc1\u4e66\/ kubeconfig
\n\u7528\u4e8e\u524d\u7aef\u4ee3\u7406\u7684\u5ba2\u6237\u7aef\u548c\u670d\u52a1\u5668\u8bc1\u4e66<\/p><\/blockquote>\n
- \n
- \n
- kubelet\u304cAPI\u30b5\u30fc\u30d0\u3092\u8a8d\u8a3c\u3059\u308b\u305f\u3081\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8<\/ul>\n<\/li>\n<\/ul>\n
- \n
- API\u30b5\u30fc\u30d0\u30fc\u30a8\u30f3\u30c9\u30dd\u30a4\u30f3\u30c8\u306e\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8<\/ul>\n<\/li>\n<\/ul>\n
- \n
- \u30af\u30e9\u30b9\u30bf\u306e\u7ba1\u7406\u8005\u304cAPI\u30b5\u30fc\u30d0\u30fc\u3092\u8a8d\u8a3c\u3059\u308b\u305f\u3081\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8<\/ul>\n<\/li>\n<\/ul>\n
- \n
- API\u30b5\u30fc\u30d0\u304ckubelets\u3068\u901a\u4fe1\u3059\u308b\u305f\u3081\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8<\/ul>\n<\/li>\n<\/ul>\n
- \n
- etcd\u3068\u901a\u4fe1\u3059\u308bAPI\u30b5\u30fc\u30d0\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8<\/ul>\n<\/li>\n<\/ul>\n
- \n
- \u30b3\u30f3\u30c8\u30ed\u30fc\u30e9\u30de\u30cd\u30fc\u30b8\u30e3\u30fc\u304cAPI\u30b5\u30fc\u30d0\u30fc\u3068\u901a\u4fe1\u3059\u308b\u305f\u3081\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3068kubeconfig<\/ul>\n<\/li>\n<\/ul>\n
- \n
- \u30b9\u30b1\u30b8\u30e5\u30fc\u30e9\u30fc\u304cAPI\u30b5\u30fc\u30d0\u30fc\u3068\u901a\u4fe1\u3059\u308b\u305f\u3081\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3068kubeconfig<\/ul>\n<\/li>\n<\/ul>\n
- \n
- \u8a3c\u660e\u66f8\u306f\u4e3b\u306bAPI Server\u5468\u308a\u306e\u8a8d\u8a3c\u306b\u4f7f\u308f\u308c\u3066\u3044\u308b<\/ul>\n<\/li>\n<\/ul>\n
- \n
- \u8a3c\u660e\u66f8\u306f\u30af\u30e9\u30b9\u30bf\u3092\u4f5c\u6210\u3059\u308b\u3068\u304d\u306b\u4e00\u62ec\u3067\u4f5c\u3089\u308c\u308b<\/ul>\n<\/li>\n<\/ul>\n
- \n
- \u8a3c\u660e\u66f8\u306e\u30c7\u30d5\u30a9\u30eb\u30c8\u306e\u6709\u52b9\u671f\u9650\u306f\u3001CA\u306710\u5e74\u3001\u305d\u308c\u4ee5\u5916\u306e\u8a3c\u660e\u66f8\u306f1\u5e74<\/ul>\n<\/li>\n<\/ul>\n
- \n
- \u8a3c\u660e\u66f8\u306e\u6709\u52b9\u671f\u9650\u304c\u5207\u308c\u308b\u3068\u3001API Server\u306b\u30a2\u30af\u30bb\u30b9\u3067\u304d\u306a\u304f\u306a\u308a\u3001\u307b\u3068\u3093\u3069\u306eKubernetes\u306e\u64cd\u4f5c\u3084\u30a2\u30af\u30bb\u30b9\u304c\u3067\u304d\u306a\u304f\u306a\u308b<\/ul>\n<\/li>\n<\/ul>\n
- \n
- Kubernetes \u306e TLS \u8a3c\u660e\u66f8\u306b\u3064\u3044\u3066\u8abf\u3079\u3066\u307f\u305f<\/ul>\n<\/li>\n<\/ul>\n
- \n
- https:\/\/kubernetes.io\/docs\/setup\/certificates<\/ul>\n<\/li>\n<\/ul>\n
- \n
- https:\/\/kubernetes.io\/docs\/concepts\/cluster-administration\/certificates<\/ul>\n<\/li>\n<\/ul>\n
<\/p>\n
- https:\/\/github.com\/kelseyhightower\/kubernetes-the-hard-way\/blob\/master\/docs\/04-certificate-authority.md<\/ul>\n","protected":false},"excerpt":{"rendered":"
\u8fd9\u662fKubernetes2 Advent Calendar 2018\u7684\u7b2c12\u7bc7\u6587\u7ae0\u3002 \u9996\u5148 Kubernete […]<\/p>\n","protected":false},"author":12,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-36218","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"yoast_head":"\n
Kubernetes\u7684TLS\u8bc1\u4e66 - Blog - Silicon Cloud<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes\u7684tls\u8bc1\u4e66\/\" \/>\n<meta property=\"og:locale\" content=\"zh_CN\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Kubernetes\u7684TLS\u8bc1\u4e66\" \/>\n<meta property=\"og:description\" content=\"\u8fd9\u662fKubernetes2 Advent Calendar 2018\u7684\u7b2c12\u7bc7\u6587\u7ae0\u3002 \u9996\u5148 Kubernete […]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes\u7684tls\u8bc1\u4e66\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Silicon Cloud\" \/>\n<meta property=\"article:published_time\" content=\"2023-07-14T10:54:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-29T21:44:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d280437434c4406c3eb0e\/10-0.png\" \/>\n<meta name=\"author\" content=\"\u9038, \u79d1\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u4f5c\u8005\" \/>\n\t<meta name=\"twitter:data1\" content=\"\u9038, \u79d1\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 \u5206\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes%e7%9a%84tls%e8%af%81%e4%b9%a6\/\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes%e7%9a%84tls%e8%af%81%e4%b9%a6\/\",\"name\":\"Kubernetes\u7684TLS\u8bc1\u4e66 - Blog - Silicon Cloud\",\"isPartOf\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\"},\"datePublished\":\"2023-07-14T10:54:52+00:00\",\"dateModified\":\"2024-04-29T21:44:41+00:00\",\"author\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/85c1dae56e6ea1e695c73d33c684d487\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes%e7%9a%84tls%e8%af%81%e4%b9%a6\/#breadcrumb\"},\"inLanguage\":\"zh-Hans\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes%e7%9a%84tls%e8%af%81%e4%b9%a6\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes%e7%9a%84tls%e8%af%81%e4%b9%a6\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"\u9996\u9875\",\"item\":\"https:\/\/www.silicloud.com\/zh\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Kubernetes\u7684TLS\u8bc1\u4e66\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#website\",\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/\",\"name\":\"Blog - Silicon Cloud\",\"description\":\"\",\"inLanguage\":\"zh-Hans\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/85c1dae56e6ea1e695c73d33c684d487\",\"name\":\"\u9038, \u79d1\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/c94f6d9cbbfbca863fab309840bd690c153c95f8490c290ad2ed54dd693dad16?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/c94f6d9cbbfbca863fab309840bd690c153c95f8490c290ad2ed54dd693dad16?s=96&d=mm&r=g\",\"caption\":\"\u9038, \u79d1\"},\"url\":\"https:\/\/www.silicloud.com\/zh\/blog\/author\/keyi\/\"},{\"@type\":\"ImageObject\",\"inLanguage\":\"zh-Hans\",\"@id\":\"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes%e7%9a%84tls%e8%af%81%e4%b9%a6\/#local-main-organization-logo\",\"url\":\"\",\"contentUrl\":\"\",\"caption\":\"Blog - Silicon Cloud\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Kubernetes\u7684TLS\u8bc1\u4e66 - Blog - Silicon Cloud","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes\u7684tls\u8bc1\u4e66\/","og_locale":"zh_CN","og_type":"article","og_title":"Kubernetes\u7684TLS\u8bc1\u4e66","og_description":"\u8fd9\u662fKubernetes2 Advent Calendar 2018\u7684\u7b2c12\u7bc7\u6587\u7ae0\u3002 \u9996\u5148 Kubernete […]","og_url":"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes\u7684tls\u8bc1\u4e66\/","og_site_name":"Blog - Silicon Cloud","article_published_time":"2023-07-14T10:54:52+00:00","article_modified_time":"2024-04-29T21:44:41+00:00","og_image":[{"url":"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d280437434c4406c3eb0e\/10-0.png"}],"author":"\u9038, \u79d1","twitter_card":"summary_large_image","twitter_misc":{"\u4f5c\u8005":"\u9038, \u79d1","\u9884\u8ba1\u9605\u8bfb\u65f6\u95f4":"2 \u5206"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes%e7%9a%84tls%e8%af%81%e4%b9%a6\/","url":"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes%e7%9a%84tls%e8%af%81%e4%b9%a6\/","name":"Kubernetes\u7684TLS\u8bc1\u4e66 - Blog - Silicon Cloud","isPartOf":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website"},"datePublished":"2023-07-14T10:54:52+00:00","dateModified":"2024-04-29T21:44:41+00:00","author":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/85c1dae56e6ea1e695c73d33c684d487"},"breadcrumb":{"@id":"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes%e7%9a%84tls%e8%af%81%e4%b9%a6\/#breadcrumb"},"inLanguage":"zh-Hans","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.silicloud.com\/zh\/blog\/kubernetes%e7%9a%84tls%e8%af%81%e4%b9%a6\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes%e7%9a%84tls%e8%af%81%e4%b9%a6\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"\u9996\u9875","item":"https:\/\/www.silicloud.com\/zh\/blog\/"},{"@type":"ListItem","position":2,"name":"Kubernetes\u7684TLS\u8bc1\u4e66"}]},{"@type":"WebSite","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#website","url":"https:\/\/www.silicloud.com\/zh\/blog\/","name":"Blog - Silicon Cloud","description":"","inLanguage":"zh-Hans"},{"@type":"Person","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/85c1dae56e6ea1e695c73d33c684d487","name":"\u9038, \u79d1","image":{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/c94f6d9cbbfbca863fab309840bd690c153c95f8490c290ad2ed54dd693dad16?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/c94f6d9cbbfbca863fab309840bd690c153c95f8490c290ad2ed54dd693dad16?s=96&d=mm&r=g","caption":"\u9038, \u79d1"},"url":"https:\/\/www.silicloud.com\/zh\/blog\/author\/keyi\/"},{"@type":"ImageObject","inLanguage":"zh-Hans","@id":"https:\/\/www.silicloud.com\/zh\/blog\/kubernetes%e7%9a%84tls%e8%af%81%e4%b9%a6\/#local-main-organization-logo","url":"","contentUrl":"","caption":"Blog - Silicon Cloud"}]}},"_links":{"self":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36218","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/comments?post=36218"}],"version-history":[{"count":2,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36218\/revisions"}],"predecessor-version":[{"id":90054,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/posts\/36218\/revisions\/90054"}],"wp:attachment":[{"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/media?parent=36218"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/categories?post=36218"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.silicloud.com\/zh\/blog\/wp-json\/wp\/v2\/tags?post=36218"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \u8a3c\u660e\u66f8\u306f\u66f4\u65b0\u3059\u308b\u3053\u3068\u304c\u53ef\u80fd<\/ul>\n
\u6700\u540e<\/h1>\n
\u7531\u4e8eKubernetes\u7684\u53d1\u5e03\u5468\u671f\u975e\u5e38\u5feb\uff0c\u5982\u679c\u5b9a\u671f\u66f4\u65b0\u6216\u521b\u5efa\u7fa4\u96c6\uff0c\u5c31\u53ef\u4ee5\u907f\u514d\u8bc1\u4e66\u8fc7\u671f\u7684\u95ee\u9898\u3002<\/p>\n
\u867d\u7136\u8fd9\u6b21\u5c1a\u672a\u9a8c\u8bc1\uff0c\u4f46\u4f7f\u7528\u7c7b\u4f3ccert-manager\u7684\u5de5\u5177\u53ef\u4ee5\u5b9e\u73b0Kubernetes\u8bc1\u4e66\u7684\u81ea\u52a8\u66f4\u65b0\u3002<\/p>\n
\u8bf7\u4f60\u5bf9\u6b64\u8fdb\u884c\u53c2\u8003\u3002<\/h1>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \u30d5\u30ed\u30f3\u30c8\u30d7\u30ed\u30ad\u30b7\u306e\u30af\u30e9\u30a4\u30a2\u30f3\u30c8\u8a3c\u660e\u66f8\u3068\u30b5\u30fc\u30d0\u30fc\u8a3c\u660e\u66f8<\/ul>\n
\u5982\u679c\u4ee5\u56fe\u8868\u5448\u73b0\uff0c\u5c06\u5982\u4e0b\u6240\u793a\u3002<\/p>\n
![\"k8s-cert.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d280437434c4406c3eb0e\/10-0.png\" "\\"\\"")
<\/div>\n\u901a\u5e38\u60c5\u51b5\u4e0b\uff0c\u53ef\u4ee5\u770b\u51faAPI\u670d\u52a1\u5668\u4e3b\u8981\u4f7f\u7528\u670d\u52a1\u5668\u8bc1\u4e66\u548c\u5ba2\u6237\u7aef\u8bc1\u4e66\u3002<\/p>\n
\u8bc1\u4e66\u4f55\u65f6\u88ab\u5236\u4f5c\u51fa\u6765\uff1f<\/h1>\n
\u8bc1\u660e\u8bc1\u636e\u4f3c\u4e4e\u662f\u5728\u521b\u5efa\u65b0\u96c6\u7fa4\u65f6\u6279\u91cf\u751f\u6210\u7684\u3002<\/p>\n
\u5173\u4e8e\u8bc1\u4e66\u7684\u6709\u6548\u671f<\/h1>\n
CA\u7684\u6709\u6548\u671f\u9650\u9ed8\u8ba4\u4e3a10\u5e74\uff0c\u5176\u4ed6\u670d\u52a1\u5668\u8bc1\u4e66\u548c\u5ba2\u6237\u7aef\u8bc1\u4e66\u9ed8\u8ba4\u4e3a1\u5e74\u3002<\/p>\n
kubelet\u4f7f\u7528\u8bc1\u4e66\u6765\u5bf9Kubernetes API\u8fdb\u884c\u8eab\u4efd\u9a8c\u8bc1\u3002\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8fd9\u4e9b\u8bc1\u4e66\u7684\u6709\u6548\u671f\u662f\u4e00\u5e74\uff0c\u4ee5\u4fbf\u4e0d\u9700\u8981\u9891\u7e41\u7eed\u8ba2\u3002<\/p><\/blockquote>\n
\u7576\u8b49\u66f8\u904e\u671f\u5f8c\u6703\u767c\u751f\u4ec0\u9ebc\u60c5\u6cc1\uff1f<\/h1>\n
Kubernetes\u7684\u8bc1\u4e66\u5728API Server\u5468\u56f4\u88ab\u4f7f\u7528\u3002<\/p>\n
\u56e0\u6b64\uff0c\u5982\u679c\u8bc1\u4e66\u8fc7\u671f\uff0c\u53ef\u80fd\u65e0\u6cd5\u4f7f\u7528API Server\u5bf9Kubernetes\u8fdb\u884c\u64cd\u4f5c\u3002<\/p>\n
\u8fdb\u884c\u5b9e\u9a8c<\/h2>\n
\u6211\u4eec\u5c06\u8fdb\u884c\u4e00\u4e2a\u5b9e\u9a8c\uff0c\u4ee5\u4fbf\u7814\u7a76\u8bc1\u4e66\u8fc7\u671f\u65f6\u4f1a\u53d1\u751f\u4ec0\u4e48\u6837\u7684\u73b0\u8c61\u3002
\n\u8fd9\u6b21\u5b9e\u9a8c\u6211\u4eec\u5c06\u4f7f\u7528minikube\u3002<\/p>\n\u7f16\u8f91\u6709\u6548\u671f\u9650<\/h3>\n
\u9996\u5148\uff0c\u6211\u4eec\u9700\u8981\u7f16\u8f91minikube\u7684\u6e90\u4ee3\u7801\u3002<\/p>\n
$ <\/span>mkdir<\/span> -p<\/span> $GOPATH<\/span>\/src\/k8s.io\r\n$ <\/span>cd<\/span> $GOPATH<\/span>\/src\/k8s.io\r\n$ <\/span>git clone https:\/\/github.com\/kubernetes\/minikube.git\r\n$ <\/span>cd <\/span>minikube\r\n<\/code><\/pre>\n\u6211\u5c06\u5728crypto.go\u6587\u4ef6\u7684\u7b2c93\u884c\u8fdb\u884c\u7f16\u8f91\u3002
\n\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u8bc1\u4e66\u7684\u6709\u6548\u671f\u4e3a1\u5e74\uff0c\u4f46\u6211\u5c06\u8fdb\u884c\u7f16\u8f91\u4ee5\u4f7f\u5176\u57285\u5206\u949f\u5185\u5931\u6548\u3002<\/p>\n- NotAfter: time.Now().Add(time.Hour * 24 * 365),\r\n<\/span>+ NotAfter: time.Now().Add(time.Minute * 5),\r\n<\/span><\/code><\/pre>\n\u4fdd\u5b58\u7f16\u8f91\u5185\u5bb9\u5e76\u6267\u884c make\u3002<\/p>\n
$ <\/span>make\r\n<\/code><\/pre>\n\u5728\u5b8c\u6210\u540e\uff0c\u5c06\u5728output\/minikube\u76ee\u5f55\u4e0b\u521b\u5efa\u6267\u884c\u6587\u4ef6\u3002<\/p>\n
\u521b\u5efa\u96c6\u7fa4<\/h3>\n
\u63a5\u4e0b\u6765\uff0c\u6267\u884c minikube start\u3002<\/p>\n
$ <\/span>.\/out\/minikube start --kubernetes-version<\/span> v1.12.3\r\n<\/code><\/pre>\n\u5f53minikube\u542f\u52a8\u540e\uff0c\u6211\u4eec\u5c06\u68c0\u67e5\u8282\u70b9\u7684\u72b6\u6001\u3002<\/p>\n
$ <\/span>kubectl get node\r\nNAME STATUS AGE VERSION\r\nminikube Ready 1m v1.12.3\r\n<\/code><\/pre>\n\u5728\u8fd9\u4e00\u70b9\u4e0a\uff0c\u6211\u4eec\u53ef\u4ee5\u786e\u8ba4\u901a\u8fc7 kubectl \u53ef\u4ee5\u6b63\u5e38\u64cd\u4f5c Kubernetes\u3002<\/p>\n
\u8bc1\u4e66\u5df2\u7ecf\u5931\u6548\uff0c\u9700\u8981\u786e\u8ba4\u3002<\/h3>\n
\u5728\u672c\u6b21\u7f16\u8f91\u4e2d\uff0c\u6211\u4eec\u5c06\u8bc1\u4e66\u7684\u6709\u6548\u671f\u8bbe\u7f6e\u4e3a5\u5206\u949f\u3002
\n\u8bf7\u7b49\u5f85\u5927\u7ea65\u5206\u949f\u540e\uff0c\u540c\u6837\u5730\u786e\u8ba4\u4e00\u4e0bNode\u7684\u72b6\u6001\u3002<\/p>\n$ <\/span>kubectl get nodes\r\nUnable to connect to the server: x509: certificate has expired or is not yet valid\r\n<\/code><\/pre>\n\u53d1\u751f\u4e86\u8bc1\u4e66\u5df2\u8fc7\u671f\u7684\u9519\u8bef\uff0c\u65e0\u6cd5\u8bbf\u95eeAPI\u670d\u52a1\u5668\u3002<\/p>\n
\u6211\u5011\u53ef\u4ee5\u4f7f\u7528 openssl \u4f86\u6aa2\u67e5\u9019\u88e1\u9644\u52a0\u7684 API Server \u8b49\u66f8\u7684\u72c0\u614b\u3002<\/p>\n
$ <\/span>openssl s_client -connect<\/span> `<\/span>minikube ip`<\/span>:8443 < \/dev\/null 2> \/dev\/null | openssl x509 -noout<\/span> -startdate<\/span> -enddate<\/span>\r\nnotBefore<\/span>=<\/span>Dec 10 08:04:58 2018 GMT\r\nnotAfter<\/span>=<\/span>Dec 11 08:09:58 2018 GMT\r\n<\/code><\/pre>\n\u5728API\u670d\u52a1\u5668\u4e0a\uff0c\u53ef\u4ee5\u53d1\u73b0\u8bc1\u4e66\u7684\u5931\u6548\u65f6\u95f4\u8bbe\u7f6e\u4e3a5\u5206\u949f\uff0c\u6b63\u5982\u6240\u914d\u7f6e\u7684\u90a3\u6837\u3002<\/p>\n
\u66f4\u65b0\u8bc1\u660e\u4e66<\/h1>\n
\u6211\u5c06\u5c1d\u8bd5\u66f4\u65b0\u8fc7\u671f\u7684\u8bc1\u4e66\u3002<\/p>\n
\u6709\u51e0\u79cd\u65b9\u6cd5\u53ef\u4ee5\u66f4\u65b0Kubernetes\u8bc1\u4e66\uff0c\u4f46\u8fd9\u6b21\u6211\u4eec\u5c06\u4f7f\u7528kubeadm\u7684cert renew\u547d\u4ee4\u3002<\/p>\n
\u8fdb\u884c\u5b9e\u9a8c\u3002<\/h2>\n
\u767b\u5f55\u5230\u96c6\u7fa4\u4e2d\u3002<\/h3>\n
\u9996\u5148\uff0c\u4f7f\u7528SSH\u767b\u5f55\u5230\u96c6\u7fa4\u4e3b\u673a\u3002<\/p>\n
$ <\/span>minikube ssh\r\n<\/code><\/pre>\n\u8bc1\u4e66\u7684\u66f4\u65b0 de<\/h3>\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u6765\u66f4\u65b0API\u670d\u52a1\u5668\u7684\u8bc1\u4e66\u3002<\/p>\n
$ <\/span>sudo <\/span>kubeadm alpha phase certs renew apiserver --cert-dir<\/span> \/var\/lib\/minikube\/certs\r\n<\/code><\/pre>\nAPI \u670d\u52a1\u5668\u7684\u91cd\u65b0\u542f\u52a8<\/h3>\n
\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u4ee5\u91cd\u65b0\u542f\u52a8API\u670d\u52a1\u5668\uff0c\u65b0\u7684API\u670d\u52a1\u5668\u5bb9\u5668\u5c06\u81ea\u52a8\u542f\u52a8\u8d77\u6765\u3002<\/p>\n
$ <\/span>docker stop $(<\/span>docker ps -q<\/span> -f<\/span> 'name=api'<\/span>)<\/span>\r\n<\/code><\/pre>\n\u5ba2\u6237\u7684\u8bc1\u4e66\u66f4\u65b0<\/h3>\n
\u6839\u636e\u8fd9\u7bc7\u6587\u7ae0\u7684\u53c2\u8003\uff0c\u6211\u4eec\u4f1a\u66f4\u65b0\u5ba2\u6237\u7aef\u8bc1\u4e66\u3002<\/p>\n
\u5728\u4e3b\u673aPC\u7684shell\u4e2d\uff0c\u6267\u884c\u4ee5\u4e0b\u547d\u4ee4\u3002<\/p>\n
$ <\/span>cd<\/span> ~\/.minikube\r\n<\/code><\/pre>\n\u521b\u5efa\u4e00\u4e2a\u540d\u4e3aca-config.json\u7684\u6587\u4ef6\u5e76\u4fdd\u5b58\u3002<\/p>\n
{<\/span>\r\n \"signing\"<\/span>:<\/span> {<\/span>\r\n \"default\"<\/span>:<\/span> {<\/span>\r\n \"expiry\"<\/span>:<\/span> \"8760h\"<\/span>\r\n },<\/span>\r\n \"profiles\"<\/span>:<\/span> {<\/span>\r\n \"kubernetes\"<\/span>:<\/span> {<\/span>\r\n \"usages\"<\/span>:<\/span> [<\/span>\r\n \"signing\"<\/span>,<\/span>\r\n \"key encipherment\"<\/span>,<\/span>\r\n \"server auth\"<\/span>,<\/span>\r\n \"client auth\"<\/span>\r\n ],<\/span>\r\n \"expiry\"<\/span>:<\/span> \"8760h\"<\/span>\r\n }<\/span>\r\n }<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u8bf7\u521b\u5efa\u4e00\u4e2a\u540d\u4e3a client-csr.json \u7684\u6587\u4ef6\u5e76\u4fdd\u5b58\u3002<\/p>\n
{<\/span>\r\n \"CN\"<\/span>:<\/span> \"minikubeCA\"<\/span>,<\/span>\r\n \"key\"<\/span>:<\/span> {<\/span>\r\n \"algo\"<\/span>:<\/span> \"rsa\"<\/span>,<\/span>\r\n \"size\"<\/span>:<\/span> 2048<\/span>\r\n },<\/span>\r\n \"names\"<\/span>:<\/span> [<\/span>\r\n {<\/span>\r\n \"O\"<\/span>:<\/span> \"system:masters\"<\/span>\r\n }<\/span>\r\n ]<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u4f7f\u7528cfssl\u521b\u5efa\u65b0\u8bc1\u4e66\u3002<\/p>\n
$ <\/span>cfssl gencert -ca<\/span>=<\/span>ca.crt -ca-key<\/span>=<\/span>ca.key -config<\/span>=<\/span>ca-config.json -profile<\/span>=<\/span>kubernetes client-csr.json | cfssljson -bare<\/span> client\r\n<\/code><\/pre>\n\u6211\u4f1a\u7ed9\u521b\u5efa\u7684\u6587\u4ef6\u91cd\u65b0\u547d\u540d\uff08\u6216\u8005\u4fee\u6539 ~\/.kube\/config \u4e2d\u7684\u5185\u5bb9\uff09\u3002<\/p>\n
$ <\/span>mv <\/span>client.pem client.crt\r\n$ <\/span>mv <\/span>client-key.pem client.key\r\n<\/code><\/pre>\n\u786e\u8ba4\u884c\u52a8<\/h3>\n
\u8fd0\u884c kubectl \u547d\u4ee4\uff0c\u9a8c\u8bc1\u662f\u5426\u53ef\u4ee5\u83b7\u53d6\u8282\u70b9\u4fe1\u606f\u3002
\n\u5982\u679c\u8fd4\u56de\u4ee5\u4e0b\u7c7b\u4f3c\u7684\u54cd\u5e94\uff0c\u5219\u8bc1\u660e\u8bc1\u4e66\u66ff\u6362\u6210\u529f\u3002<\/p>\n$ <\/span>kubectl get node\r\nNAME STATUS AGE VERSION\r\nminikube Ready 30m v1.12.3\r\n<\/code><\/pre>\n\u603b\u7ed3<\/h1>\n
\u6211\u5bf9Kubernetes\u7684TLS\u8bc1\u4e66\u8fdb\u884c\u4e86\u8c03\u67e5\u3002\u53ef\u4ee5\u603b\u7ed3\u5982\u4e0b\u3002<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n
<\/p>\n
- \n
- \n