在Kubernetes中为Master配置AWS PublicIP [英] Configure AWS publicIP for a Master in Kubernetes

问题描述

我确实使用以下命令创建了主集群:

I did create a Master Cluster with the following command:

kubeadm init --pod-network-cidr $CALICO_NETWORK

现在它正在侦听内部IP 10.3.8.23:6443，这是可以的，因为我希望主服务器使用内部IP与节点进行通信.

Now it is listening in the internal IP 10.3.8.23:6443, which is ok because I want that the master uses the internal IP to communicate with Nodes.

现在，我想使用公共IP访问群集，并且出现以下错误:

Now I want to access the cluster using the public IP and I get the following error:

http:代理错误:x509:证书对10.96.0.1、10.3.8.23有效，对18.230.*.*无效.

如何为publicIP生成其他证书?

How can I generate an additional certificate for the publicIP?

我需要使用公共IP才能通过浏览器访问仪表板.

I need to use the public IP in order to access the dashboard using the browser.

我使用以下方式安装它: https://github.com/kubernetes/dashboard

I install it using: https://github.com/kubernetes/dashboard

推荐答案

如果您不想重新创建集群，也可以执行此处描述的操作:

If you don't want to recreate your cluster you can also do what's described here: Invalid x509 certificate for kubernetes master

对于K8 1.7和更早版本:

For K8s 1.7 and earlier:

rm /etc/kubernetes/pki/apiserver.*
kubeadm alpha phase certs selfsign \
  --apiserver-advertise-address=0.0.0.0 \
  --cert-altnames=10.96.0.1 \
  --cert-altnames=10.3.8.23 \
  --cert-altnames=18.230.x.x  # <== Public IP
docker rm `docker ps -q -f 'name=k8s_kube-apiserver*'`
systemctl restart kubelet

对于K8s 1.8或更高版本:

For K8s 1.8 an newer:

rm /etc/kubernetes/pki/apiserver.*
kubeadm alpha phase certs all \
  --apiserver-advertise-address=0.0.0.0 \
  --apiserver-cert-extra-sans=10.96.0.1,10.3.8.23,18.230.x.x # <== Public IP
docker rm -f `docker ps -q -f 'name=k8s_kube-apiserver*'`
systemctl restart kubelet

您还可以使用--apiserver-cert-extra-sans选项添加DNS名称.

And you can also add DNS name with the --apiserver-cert-extra-sans option.

这篇关于在Kubernetes中为Master配置AWS PublicIP的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！