Discussion on: Bare metal load balancer on Kubernetes with MetalLB

View post

Replies for: This won't work in Chrome as the Subject Name of the certificate for the Dashboard will be invalid and throw a NET::ERR_CERT_INVALID which won't le...

I set an exception in Firefox, if I recall. Does Chrome no longer let you do that?

For some exceptions yes, not this one though as it is indicative of a Man in the Middle attack.

To do this properly it is necessary to regenerate the certificates that the Dashboard uses and specify the name of the service as the Common Name. I have done so with Ansible here: github.com/zimmertr/Bootstrap-Kube...

But the primary steps are simply:

$ mkdir certs
$ openssl req -nodes -newkey rsa:2048 -keyout certs/dashboard.key -out certs/dashboard.csr -subj "/C=/ST=/L=/O=/OU=/CN=kubernetes-dashboard"
$ openssl x509 -req -sha256 -days 365 -in certs/dashboard.csr -signkey certs/dashboard.key -out certs/dashboard.crt
$ kubectl create secret generic kubernetes-dashboard-certs --from-file=certs -n kubernetes-dashboard
$ kubectl delete pod -n kubernetes-dashboard -l k8s-app=kubernetes-dashboard

Molly Crendraven • Oct 12 '19

Nice! Thank you for sharing.