custom certificate cannot be used #4484
Description
Environment
Installation method: https://github.com/kubernetes/dashboard/blob/master/docs/user/installation.md#recommended-setup
Kubernetes version: v1.15.0
Dashboard version: 2.0.0-beta5
Operating system: CentOS 7.6.1810
Node.js version ('node --version' output): n/a
Go version ('go version' output): n/a
Steps to reproduce
Note: I am verifying the possibility for using certificates that are enrolled by Microsoft Enterprise CA.
- Using following steps to get certificate from enterprise ca. Citrix Doc (Running commands via cmder on a Windows utility server, certreq is a windows command line tool.)
openssl req -newkey rsa:2048 -keyout dashboard_key.pem -nodes -out dashboard.req -subj "/CN=dashboard.test.contoso.com"
certreq -submit -binary -attrib "CertificateTemplate:K8SDashboard" -config ca01.corp.contoso.com\rootca dashboard.req dashboard.cer
openssl x509 -inform der -in dashboard.cer -out dashboard.pem
openssl pkcs12 -export -inkey dashboard_key.pem -in dashboard.pem -out dashboard.pfx -passout pass:changeme
openssl pkcs12 -in dashboard.pfx -out dashboard_keypair.pem -nodes -password pass:changeme
openssl pkcs12 -in dashboard.pfx -clcerts -nokeys -out dashboard.crt
- SCP cert files to server and run following command.
kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kubernetes-dashboard
- Run following command.
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta5/aio/deploy/recommended.yaml
Observed result
Still using a self-signed certificate.
Expected result
A certificate that enrolled by enterprise ca should be used.
Comments
- Is it the right time to use 2.0.0-beta5?
- Should --auto-generate-certificates be commented out?
- I can confirm the certificate is imported to k8s correctly.
