连接 Kubernetes 集群为什么需要集群的 CA 证书
0
悬赏园豆:30
[待解决问题]
比如在 GitLab 连接已有 Kubernetes 集群 中就需要通过下面的命令拿到集群的 CA 证书
kubectl get secret \
$(kubectl get secrets | grep default-token | awk '{print $1}') \
-o jsonpath="{['data']['ca\.crt']}" | base64 --decode
为什么这个 CA(Certificate Authority) 证书?
问题补充:
如果没有这个ca证书,curl 命令连接集群时会报错
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
