无法连接到服务器：x509：证书对控制平面有效，而不是 my_domain.com

Question

我正在尝试使用 X.509 Client Certificate

授予用户对 Kubernetes 的访问权限

我正在使用（subjectAltName= my_domain.com）：

openssl req -new -newkey rsa:4096 -nodes -keyout Bob.key -out Bob.csr -subj "/C=DK/ST=Frb/L=Cph/O=engineering/CN=Bob" -addext "subjectAltName = DNS:my_domain.com"

kube/config:

apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: <..Q0FURS0tLS0tCk..>
    server: https://my_domain.com:<port>
  name: bob
contexts:
- context:
    cluster: bob
    user: Bob
  name: bob
current-context: bob
kind: Config
preferences: {}
users:
- name: Bob
  user:
    client-certificate: /home/cred/Bob.crt
    client-key: /home/cred/Bob.key

错误：

Unable to connect to the server: x509: certificate is valid for control-plane,... not my_domain.com

你知道如何在本地 k8s 服务器 ip 地址映射的域后面进行这项工作吗？

Answer 1

如 Anant Swaraj 所述，解决方案在这里 您需要将 subjectAltName 添加到 kubeadm-config 并重新启动 kube-apiserver