在Kubernetes中为Master配置AWS PublicIP [英] Configure AWS publicIP for a Master in Kubernetes
问题描述
我确实使用以下命令创建了主集群:
I did create a Master Cluster with the following command:
kubeadm init --pod-network-cidr $CALICO_NETWORK
现在它正在侦听内部IP 10.3.8.23:6443,这是可以的,因为我希望主服务器使用内部IP与节点进行通信.
Now it is listening in the internal IP 10.3.8.23:6443, which is ok because I want that the master uses the internal IP to communicate with Nodes.
现在,我想使用公共IP访问群集,并且出现以下错误:
Now I want to access the cluster using the public IP and I get the following error:
http:代理错误:x509:证书对10.96.0.1、10.3.8.23有效,对18.230.*.*无效.
如何为publicIP生成其他证书?
How can I generate an additional certificate for the publicIP?
我需要使用公共IP才能通过浏览器访问仪表板.
I need to use the public IP in order to access the dashboard using the browser.
我使用以下方式安装它: https://github.com/kubernetes/dashboard
I install it using: https://github.com/kubernetes/dashboard
推荐答案
If you don't want to recreate your cluster you can also do what's described here: Invalid x509 certificate for kubernetes master
对于K8 1.7和更早版本:
For K8s 1.7 and earlier:
rm /etc/kubernetes/pki/apiserver.*
kubeadm alpha phase certs selfsign \
--apiserver-advertise-address=0.0.0.0 \
--cert-altnames=10.96.0.1 \
--cert-altnames=10.3.8.23 \
--cert-altnames=18.230.x.x # <== Public IP
docker rm `docker ps -q -f 'name=k8s_kube-apiserver*'`
systemctl restart kubelet
对于K8s 1.8或更高版本:
For K8s 1.8 an newer:
rm /etc/kubernetes/pki/apiserver.*
kubeadm alpha phase certs all \
--apiserver-advertise-address=0.0.0.0 \
--apiserver-cert-extra-sans=10.96.0.1,10.3.8.23,18.230.x.x # <== Public IP
docker rm -f `docker ps -q -f 'name=k8s_kube-apiserver*'`
systemctl restart kubelet
您还可以使用--apiserver-cert-extra-sans
选项添加DNS名称.
And you can also add DNS name with the --apiserver-cert-extra-sans
option.
这篇关于在Kubernetes中为Master配置AWS PublicIP的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!