Kubernetes K8S通过MacOS终端上的kubectl安全访问API服务器？_Kubernetes

Kubernetes K8S通过MacOS终端上的kubectl安全访问API服务器？

kubernetes

Kubernetes K8S通过MacOS终端上的kubectl安全访问API服务器？,kubernetes,Kubernetes,我有一个工作不安全的K8S集群设置：CoreOS alpha image+Vagrant（自定义解决方案遵循K8S scratch设置入门指南）。现在，我想为K8s集群管理员设置身份验证，他们可以通过kubectl Cluster info命令等访问API。我想设置类似的东西，比如简单概要文件然后，我遵循docs，我选择了客户端证书身份验证作为身份验证插件我准备并保存了/srv/kubernetes/ca.crt， /srv/kubernetes/server.crt，/srv/kubern

我有一个工作不安全的K8S集群设置：CoreOS alpha image+Vagrant（自定义解决方案遵循K8S scratch设置入门指南）。现在，我想为K8s集群管理员设置身份验证，他们可以通过

kubectl Cluster info

命令等访问API。我想设置类似的东西，比如简单概要文件

然后，我遵循docs，我选择了客户端证书身份验证作为身份验证插件

我准备并保存了

/srv/kubernetes/ca.crt

，

/srv/kubernetes/server.crt

，

/srv/kubernetes/server.key

位于主节点上
我还按照指南设置了
kubeconfig
文件

kubectl config set-cluster $CLUSTER_NAME --certificate-authority=$CA_CERT --embed-certs=true --server=https://$MASTER_IP kubectl config set-credentials $CLUSTER_NAME --client-certificate=$CLI_CERT --client-key=$CLI_KEY --embed-certs=true --token=$TOKEN kubectl config set-context $CLUSTER_NAME --cluster=$CLUSTER_NAME --user=admin kubectl config use-context $CONTEXT --cluster=$CONTEXT
当api服务器启动时，它也使用相同的值。请参见
$CA\u CERT
，
$CLI\u CERT
，
$CLI\u KEY
。问题1：这些vlaues在正确的位置吗

/kube-apiserver \ --allow_privileged=true \ --bind_address=0.0.0.0 \ --secure_port=6443 \ --kubelet_https=true \ --service-cluster-ip-range=${SERVICE_CLUSTER_IP_RANGE} \ --etcd_servers=$ETCD_SERVER \ --service-node-port-range=${SERVICE_NODE_PORT_RANGE} \ --cluster-name=$CLUSTER_NAME \ --client-ca-file=$CA_CERT \ --tls-cert-file=$CLI_CERT \ --tls-private-key-file=$CLI_KEY \ --admission-control=NamespaceLifecycle,NamespaceExists,LimitRanger,SecurityContextDeny,ServiceAccount,ResourceQuota \ --logtostderr=true
日志如下

Aug 30 06:31:30 kube-master docker[3706]: E0830 06:31:30.373083 1 reflector.go:136] Failed to list *api.ResourceQuota: Get http://127.0.0.1:8080/api/v1/resourcequotas: dial tcp 127.0.0.1:8080: connection refused Aug 30 06:31:30 kube-master docker[3706]: E0830 06:31:30.373523 1 reflector.go:136] Failed to list *api.Secret: Get http://127.0.0.1:8080/api/v1/secrets?fieldSelector=type%3Dkubernetes.io%2Fservice-account-token: dial tcp 127.0.0.1:8080: connection refused Aug 30 06:31:30 kube-master docker[3706]: E0830 06:31:30.373631 1 reflector.go:136] Failed to list *api.ServiceAccount: Get http://127.0.0.1:8080/api/v1/serviceaccounts: dial tcp 127.0.0.1:8080: connection refused Aug 30 06:31:30 kube-master docker[3706]: E0830 06:31:30.373695 1 reflector.go:136] Failed to list *api.LimitRange: Get http://127.0.0.1:8080/api/v1/limitranges: dial tcp 127.0.0.1:8080: connection refused Aug 30 06:31:30 kube-master docker[3706]: E0830 06:31:30.373748 1 reflector.go:136] Failed to list *api.Namespace: Get http://127.0.0.1:8080/api/v1/namespaces: dial tcp 127.0.0.1:8080: connection refused Aug 30 06:31:30 kube-master docker[3706]: E0830 06:31:30.373788 1 reflector.go:136] Failed to list *api.Namespace: Get http://127.0.0.1:8080/api/v1/namespaces: dial tcp 127.0.0.1:8080: connection refused Aug 30 06:31:30 kube-master docker[3706]: [restful] 2015/08/30 06:31:30 log.go:30: [restful/swagger] listing is available at https://10.0.2.15:6443/swaggerapi/ Aug 30 06:31:30 kube-master docker[3706]: [restful] 2015/08/30 06:31:30 log.go:30: [restful/swagger] https://10.0.2.15:6443/swaggerui/ is mapped to folder /swagger-ui/ Aug 30 06:31:30 kube-master docker[3706]: I0830 06:31:30.398612 1 server.go:441] Serving securely on 0.0.0.0:6443 Aug 30 06:31:30 kube-master docker[3706]: I0830 06:31:30.399042 1 server.go:483] Serving insecurely on 127.0.0.1:8080
在我的MacOS计算机上，我想将
kubectl
连接到我的$CLUSTER\u NAME集群

export KUBERNETES_MASTER=http://172.17.8.100:6443 kubectl cluster-info
终端输出：

➜ kubectl cluster-info error: couldn't read version from server: Get http://172.17.8.100:6443/api: malformed HTTP response "\x15\x03\x01\x00\x02\x02"
这是我在MacOS机器上的
kubeconfig
文件
~/.kube/config

➜ kubectl config view apiVersion: v1 clusters: - cluster: certificate-authority-data: REDACTED server: http://172.17.8.100:6443 name: kube-01 contexts: - context: cluster: kube-01 user: admin name: kube current-context: kube kind: Config preferences: {} users: - name: admin user: client-certificate-data: REDACTED client-key-data: REDACTED token: cxKranwtWI2nyASebbF1HV3p1EWJbNcE
Q：我的MacOS上的
kubectl
如何安全地访问我的K8S群集？由于我从未在我的api服务器上添加用户
admin
，因此我假设所有身份验证都是由
ca文件
？
Q：一旦我解决了安全登录问题，我如何更新
准入控制
插件api错误问题，比如上面的
servicecomport
连接拒绝？
Q：我是使用
http
还是
https
？我更喜欢使用
http://IP:6443
，不确定是问题吗？
Q：我需要应用
--token auth file=
还是
--basic auth file
？通过阅读文档，我想我可以选择一种身份验证方法。我更喜欢在
ca
中做，哪个更安全，对吗？

我使用
参见函数create certs in cluster/gce/util.sh
生成我的
证书
文件。我不太熟悉
证书
和
钥匙
，所以我把它们贴在这里。嗯，它实际上是一个虚拟的
证书
和
密钥
，用于测试。它没有在任何地方使用。如果我在这里做错了什么，就把它贴在这里
ca.crt

Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=172.17.8.100@1440780281 Validity Not Before: Aug 28 16:44:41 2015 GMT Not After : Aug 25 16:44:41 2025 GMT Subject: CN=kube-master Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:ab:3f:cf:95:50:3d:7f:b4:82:ba:72:7a:88:2e: 41:79:67:7d:9a:4a:22:27:5f:fd:5c:78:6f:3d:ad: 57:4c:fd:37:9e:b5:35:f1:88:59:c1:e9:10:38:3e: de:7f:57:cf:e9:fc:fd:d7:b5:a8:7a:0e:5f:e4:16: 6f:2a:66:98:28:6c:42:a8:5f:95:3d:0b:02:f2:ec: ab:aa:19:40:60:b3:e5:7a:64:7d:5b:f2:9c:84:d5: bb:06:79:e7:00:2f:2c:a0:0a:88:f4:b0:c5:31:de: 7d:30:d6:b3:4d:ea:64:85:bb:f9:89:5a:f5:22:41: 92:35:d4:a4:7d:80:64:65:d9:1d:c9:30:39:af:34: 57:cd:d5:56:5d:9f:35:5d:ee:a3:07:ed:f1:c5:68: db:db:12:65:31:e6:6c:1e:77:44:3e:7c:03:bc:89: f0:4c:14:a6:41:39:22:a3:a3:a0:8d:20:eb:69:7a: c5:de:b0:2f:94:67:68:ab:8c:8a:24:59:38:a4:57: 19:2d:c2:0e:37:c8:73:98:ae:d8:0a:a4:e2:72:22: 49:9a:55:58:ad:8e:c3:eb:42:b5:41:02:c9:40:27: d1:77:41:ab:4f:0b:2a:6b:b2:b6:38:7f:a0:ce:cf: 9f:cd:7c:54:72:c6:43:cd:1d:5b:60:b9:45:eb:10: ab:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: B2:46:5F:5A:68:3E:08:78:25:8C:AE:5E:EB:F1:3B:7B:CF:9D:A6:F3 X509v3 Authority Key Identifier: keyid:E3:48:61:B5:AD:DE:5F:43:E6:3F:55:BC:90:03:51:07:E6:20:1A:50 DirName:/CN=172.17.8.100@1440780281 serial:C6:D3:05:A5:1C:41:26:C6 X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Subject Alternative Name: IP Address:172.17.8.100, IP Address:10.100.0.1, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:kube-master Signature Algorithm: sha256WithRSAEncryption 58:b1:63:41:3e:94:ed:3d:bd:3c:e8:0c:78:30:54:c1:6d:33: 00:42:74:c8:7a:64:cc:fd:9a:70:ab:38:5b:1c:92:7c:9b:56: 1a:d7:fd:38:51:07:cf:5a:b5:0a:11:85:01:3d:52:86:96:ad: 16:be:ea:9c:2c:ee:3c:14:c9:5b:58:d7:ab:45:ae:d8:e0:2d: 70:7c:55:40:44:b8:98:ad:1b:d4:66:35:c5:78:13:4c:e7:5a: de:82:15:43:cb:bb:83:3a:09:04:fa:5e:6f:d9:ca:17:b8:40: 00:b0:ba:06:ed:73:ed:c8:c7:5a:53:aa:d3:43:a2:f1:c2:cf: 14:9b:c2:7b:b7:c0:2a:56:a0:53:2e:af:2d:07:65:c0:70:c1: 92:86:34:05:39:3c:ed:3f:6e:f9:31:7f:de:5a:ed:9b:c8:83: e0:f4:9c:de:c7:9c:04:be:d2:6e:8d:5e:3e:ad:46:d4:82:70: 9d:79:b9:c3:dd:b4:c0:6e:1b:23:d0:45:be:26:c6:7e:4c:ec: c5:c3:c9:ee:1e:93:d4:a5:11:e9:6a:1d:e1:ee:af:eb:83:e6: dd:ec:13:7b:45:60:18:f5:05:3f:61:7b:3c:2b:b1:28:c4:92: 5e:bc:67:c0:02:22:a9:aa:69:d5:e9:0e:75:80:36:b2:66:84: fe:05:c2:75 -----BEGIN CERTIFICATE----- MIID3DCCAsSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDDBcxNzIu MTcuOC4xMDBAMTQ0MDc4MDI4MTAeFw0xNTA4MjgxNjQ0NDFaFw0yNTA4MjUxNjQ0 NDFaMBYxFDASBgNVBAMMC2t1YmUtbWFzdGVyMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAqz/PlVA9f7SCunJ6iC5BeWd9mkoiJ1/9XHhvPa1XTP03nrU1 8YhZwekQOD7ef1fP6fz917Woeg5f5BZvKmaYKGxCqF+VPQsC8uyrqhlAYLPlemR9 W/KchNW7BnnnAC8soAqI9LDFMd59MNazTepkhbv5iVr1IkGSNdSkfYBkZdkdyTA5 rzRXzdVWXZ81Xe6jB+3xxWjb2xJlMeZsHndEPnwDvInwTBSmQTkio6OgjSDraXrF 3rAvlGdoq4yKJFk4pFcZLcION8hzmK7YCqTiciJJmlVYrY7D60K1QQLJQCfRd0Gr Twsqa7K2OH+gzs+fzXxUcsZDzR1bYLlF6xCrrQIDAQABo4IBJzCCASMwCQYDVR0T BAIwADAdBgNVHQ4EFgQUskZfWmg+CHgljK5e6/E7e8+dpvMwUgYDVR0jBEswSYAU 40hhta3eX0PmP1W8kANRB+YgGlChJqQkMCIxIDAeBgNVBAMMFzE3Mi4xNy44LjEw MEAxNDQwNzgwMjgxggkAxtMFpRxBJsYwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYD VR0PBAQDAgWgMIGABgNVHREEeTB3hwSsEQhkhwQKZAABggprdWJlcm5ldGVzghJr dWJlcm5ldGVzLmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCJGt1YmVy bmV0ZXMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbIILa3ViZS1tYXN0ZXIwDQYJ KoZIhvcNAQELBQADggEBAFixY0E+lO09vTzoDHgwVMFtMwBCdMh6ZMz9mnCrOFsc knybVhrX/ThRB89atQoRhQE9UoaWrRa+6pws7jwUyVtY16tFrtjgLXB8VUBEuJit G9RmNcV4E0znWt6CFUPLu4M6CQT6Xm/Zyhe4QACwugbtc+3Ix1pTqtNDovHCzxSb wnu3wCpWoFMury0HZcBwwZKGNAU5PO0/bvkxf95a7ZvIg+D0nN7HnAS+0m6NXj6t RtSCcJ15ucPdtMBuGyPQRb4mxn5M7MXDye4ek9SlEelqHeHur+uD5t3sE3tFYBj1 BT9hezwrsSjEkl68Z8ACIqmqadXpDnWANrJmhP4FwnU= -----END CERTIFICATE-----
-----开始证书----- MiidccakgGawibagijambtbaucqsbgma0gcsqgsib3dqebcwuamcixidaebgnv BAMMFzE3Mi4xNy44LjEwMEAxNDQwNzgwMjgxMB4XDTE1MDgyODE2NDQ0MVoXDTI1 MDGynte2NDQ0MovoijEGMB4Ga1ueawwxmtcylje3ljgumtawqde0nda3odayodew GGEIMA0GCSQGSIB3DQEBAQAA4IBDWAWGGEKAOIBAQDNMT08SBXTD2HTBB+hnsq P/YFUNYTxZLY6+T/d9/KRrxq1JWO70E7L2hFOvOdGF0gZuoAefki5ymkFYfwoZsK NEXvA1AxBMtQnMCdUOp7m5XW+c9uFepW+JZVB4PRBOUHZJW5HHXT6UZ21FIEWHP NBNCl9GP1NiCNOAUIZVFI7HPKO0TFAFYY0NKHRO6MLPVZAGTIPPZYSMLY7CS4 ICURFGJBSTNISCSCG/+A6I62sQAURr0hjeW9FmGHxwYW+0wdyyTtlFPTKrVrC4 ETC5WEQOJEZHJOH7DKJ8L6QBVV2CDTZWNY2OCUGXF63C3C时长EFIS1RWQCQKOT agmbaagjgzewgy4whqydvr0obbyefoniybwt3l9d5j9vvjaduqfmibqmfiga1d IWRLMEAFONIYBWT3L9D5J9VVJADUQFMIBPQOSAKJDAIMSAWHGYDVQDDBCXNZIU MTCUOC4XMDBAMTQ0MDC4MDI4MYIBTBAUCQSBGMAWGA1UDEWQFMABAF8WCWYD VR0PBAQDAgEGMA0GCSqGSIb3DQEBCwUAA4IBAQCJtrf1Mf+pHwCsMG8HPcuR4oij ugYkzawEF2FSCe2VbFMDxwmHbHw2N9ZOwRLyeSuR0JAY5aN31pqIzYCmmKf2otKU +mtTaK5YIsZU2IdxoR6VHaHT83zSGq9RhteqDdM8tuMvNsV5I9pJCu+Bkv3MsJpN 0PIc+GFs52A+BQC3CJWQLKGJEYEQOLNJPEEX9G3OVQBTZAVGM8Q5GJDTYZ8TDIO Dc4RKcuwyrAnkiJ93HdWLwkKcEXzrX/LU9NYSVMYCVBKRAIH7MD82HCUIWKMMJC Xz3+XVRGHZMO0DGOINZCPFRWPC00CZCB5P5VREPA2RPWEYNGEP3BSQLXFIT -----结束证书-----
server.crt

Certificate: Data: Version: 3 (0x2) Serial Number: 1 (0x1) Signature Algorithm: sha256WithRSAEncryption Issuer: CN=172.17.8.100@1440780281 Validity Not Before: Aug 28 16:44:41 2015 GMT Not After : Aug 25 16:44:41 2025 GMT Subject: CN=kube-master Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:ab:3f:cf:95:50:3d:7f:b4:82:ba:72:7a:88:2e: 41:79:67:7d:9a:4a:22:27:5f:fd:5c:78:6f:3d:ad: 57:4c:fd:37:9e:b5:35:f1:88:59:c1:e9:10:38:3e: de:7f:57:cf:e9:fc:fd:d7:b5:a8:7a:0e:5f:e4:16: 6f:2a:66:98:28:6c:42:a8:5f:95:3d:0b:02:f2:ec: ab:aa:19:40:60:b3:e5:7a:64:7d:5b:f2:9c:84:d5: bb:06:79:e7:00:2f:2c:a0:0a:88:f4:b0:c5:31:de: 7d:30:d6:b3:4d:ea:64:85:bb:f9:89:5a:f5:22:41: 92:35:d4:a4:7d:80:64:65:d9:1d:c9:30:39:af:34: 57:cd:d5:56:5d:9f:35:5d:ee:a3:07:ed:f1:c5:68: db:db:12:65:31:e6:6c:1e:77:44:3e:7c:03:bc:89: f0:4c:14:a6:41:39:22:a3:a3:a0:8d:20:eb:69:7a: c5:de:b0:2f:94:67:68:ab:8c:8a:24:59:38:a4:57: 19:2d:c2:0e:37:c8:73:98:ae:d8:0a:a4:e2:72:22: 49:9a:55:58:ad:8e:c3:eb:42:b5:41:02:c9:40:27: d1:77:41:ab:4f:0b:2a:6b:b2:b6:38:7f:a0:ce:cf: 9f:cd:7c:54:72:c6:43:cd:1d:5b:60:b9:45:eb:10: ab:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Basic Constraints: CA:FALSE X509v3 Subject Key Identifier: B2:46:5F:5A:68:3E:08:78:25:8C:AE:5E:EB:F1:3B:7B:CF:9D:A6:F3 X509v3 Authority Key Identifier: keyid:E3:48:61:B5:AD:DE:5F:43:E6:3F:55:BC:90:03:51:07:E6:20:1A:50 DirName:/CN=172.17.8.100@1440780281 serial:C6:D3:05:A5:1C:41:26:C6 X509v3 Extended Key Usage: TLS Web Server Authentication X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Subject Alternative Name: IP Address:172.17.8.100, IP Address:10.100.0.1, DNS:kubernetes, DNS:kubernetes.default, DNS:kubernetes.default.svc, DNS:kubernetes.default.svc.cluster.local, DNS:kube-master Signature Algorithm: sha256WithRSAEncryption 58:b1:63:41:3e:94:ed:3d:bd:3c:e8:0c:78:30:54:c1:6d:33: 00:42:74:c8:7a:64:cc:fd:9a:70:ab:38:5b:1c:92:7c:9b:56: 1a:d7:fd:38:51:07:cf:5a:b5:0a:11:85:01:3d:52:86:96:ad: 16:be:ea:9c:2c:ee:3c:14:c9:5b:58:d7:ab:45:ae:d8:e0:2d: 70:7c:55:40:44:b8:98:ad:1b:d4:66:35:c5:78:13:4c:e7:5a: de:82:15:43:cb:bb:83:3a:09:04:fa:5e:6f:d9:ca:17:b8:40: 00:b0:ba:06:ed:73:ed:c8:c7:5a:53:aa:d3:43:a2:f1:c2:cf: 14:9b:c2:7b:b7:c0:2a:56:a0:53:2e:af:2d:07:65:c0:70:c1: 92:86:34:05:39:3c:ed:3f:6e:f9:31:7f:de:5a:ed:9b:c8:83: e0:f4:9c:de:c7:9c:04:be:d2:6e:8d:5e:3e:ad:46:d4:82:70: 9d:79:b9:c3:dd:b4:c0:6e:1b:23:d0:45:be:26:c6:7e:4c:ec: c5:c3:c9:ee:1e:93:d4:a5:11:e9:6a:1d:e1:ee:af:eb:83:e6: dd:ec:13:7b:45:60:18:f5:05:3f:61:7b:3c:2b:b1:28:c4:92: 5e:bc:67:c0:02:22:a9:aa:69:d5:e9:0e:75:80:36:b2:66:84: fe:05:c2:75 -----BEGIN CERTIFICATE----- MIID3DCCAsSgAwIBAgIBATANBgkqhkiG9w0BAQsFADAiMSAwHgYDVQQDDBcxNzIu MTcuOC4xMDBAMTQ0MDc4MDI4MTAeFw0xNTA4MjgxNjQ0NDFaFw0yNTA4MjUxNjQ0 NDFaMBYxFDASBgNVBAMMC2t1YmUtbWFzdGVyMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEAqz/PlVA9f7SCunJ6iC5BeWd9mkoiJ1/9XHhvPa1XTP03nrU1 8YhZwekQOD7ef1fP6fz917Woeg5f5BZvKmaYKGxCqF+VPQsC8uyrqhlAYLPlemR9 W/KchNW7BnnnAC8soAqI9LDFMd59MNazTepkhbv5iVr1IkGSNdSkfYBkZdkdyTA5 rzRXzdVWXZ81Xe6jB+3xxWjb2xJlMeZsHndEPnwDvInwTBSmQTkio6OgjSDraXrF 3rAvlGdoq4yKJFk4pFcZLcION8hzmK7YCqTiciJJmlVYrY7D60K1QQLJQCfRd0Gr Twsqa7K2OH+gzs+fzXxUcsZDzR1bYLlF6xCrrQIDAQABo4IBJzCCASMwCQYDVR0T BAIwADAdBgNVHQ4EFgQUskZfWmg+CHgljK5e6/E7e8+dpvMwUgYDVR0jBEswSYAU 40hhta3eX0PmP1W8kANRB+YgGlChJqQkMCIxIDAeBgNVBAMMFzE3Mi4xNy44LjEw MEAxNDQwNzgwMjgxggkAxtMFpRxBJsYwEwYDVR0lBAwwCgYIKwYBBQUHAwEwCwYD VR0PBAQDAgWgMIGABgNVHREEeTB3hwSsEQhkhwQKZAABggprdWJlcm5ldGVzghJr dWJlcm5ldGVzLmRlZmF1bHSCFmt1YmVybmV0ZXMuZGVmYXVsdC5zdmOCJGt1YmVy bmV0ZXMuZGVmYXVsdC5zdmMuY2x1c3Rlci5sb2NhbIILa3ViZS1tYXN0ZXIwDQYJ KoZIhvcNAQELBQADggEBAFixY0E+lO09vTzoDHgwVMFtMwBCdMh6ZMz9mnCrOFsc knybVhrX/ThRB89atQoRhQE9UoaWrRa+6pws7jwUyVtY16tFrtjgLXB8VUBEuJit G9RmNcV4E0znWt6CFUPLu4M6CQT6Xm/Zyhe4QACwugbtc+3Ix1pTqtNDovHCzxSb wnu3wCpWoFMury0HZcBwwZKGNAU5PO0/bvkxf95a7ZvIg+D0nN7HnAS+0m6NXj6t RtSCcJ15ucPdtMBuGyPQRb4mxn5M7MXDye4ek9SlEelqHeHur+uD5t3sE3tFYBj1 BT9hezwrsSjEkl68Z8ACIqmqadXpDnWANrJmhP4FwnU= -----END CERTIFICATE-----
服务器密钥
-----开始RSA私钥----- MIIEpAIBAAKCAQEAqz/PLVA9F7SCUNJ6IC5EWD9MKOIJ1/9XHhvPa1XTP03nrU1 8YhZwekQOD7ef1fP6fz917Woeg5f5BZvKmaYKGxCqF+VPQsC8uyrqhlAYLPlemR9 W/KCHNW7BNNAC8SOAQI9LDFMD59MNAZTEPKHV5IVR1IKGSNDSKFYBKZDKDYTA5 rzRXzdVWXZ81Xe6jB+3XWJB2xJLMEZSHNDEPNWDVINWTBSMQTKIO6OGJSDRAXRF 3RAVLGDOQ4YKJFK4PFCZLCION8HZMK7YCQTICIJJMLvYR7D60K1QLJQCFRD0GR Twsqa7K2OH+gzs+FZXXUCSZDZR1BYLF6XCRRQIDAQABAOIBAATMWM46LYQOB3B3B FGGOSMPFPGP9BQPRSNE1YRC/OKER5NCDVKU2ELGO6JPIM2SZFYNQMEDRIN4LBD LR6jsXb9uW906XQkRw3aqYuiIaRKTfLSuYBhnAM2LjU/4xcgCtaV3IJjOrUVETst BRSL1YCL9IYQHBZCPFNVK5CP74DTZLEBJL7NG1Y8IJGOTCP5JWUBRRQZ0U9UQJS NCAJB63E8X7JSWXX1JO4PDUEMJZYJ1EHNA0OXWSBGZ/q/OuhhyyykurfkPyIIAMKU lZO/LH2TRNDBF8LXUPWMHFCWDO9DYCRR4V37HNDQNWWHEDGR9HBorc6VZYAMPB 0LRIFAECGYEA0RT7BFDCBMK5YDW2COL1CHT1BTQ7ELW2CJAGGJAYGX0PUGKUNR QBYEAQX3ZZHLMSIT3GSBRP9CLWS+QgSUf87deM0kBoiWG6m+KGSMBIMRJCDO+S c+3QZwWLBFHQLaJCDRN4XNr1HuHzcKYO4th/SpDZ3lQc9wO7S3dBHpsCgYEA0A+B OGW30ZF1RIAV8RRMOITQA6PGR6DBSAYXZYEKUEXSVHOW6KMDRZ7IWZZRVUKJI UPFEKQQAQAHYPEGZI/BIsnj/Ku91THkzkkDBolpuJAa068GupQgbLCLhKWa1h7qrI mAFOxy+9ZIFWbmy4UDaqgT5O78gw1CFwibYXn1cCgYEAlDPX5AepcikXY7o3rfN+ 4AYrCDDuS+QcDBK3i5g8geDg68AX4gXZSxDDadgr4r+g+XcnWt4Jl89HWq2AtGiI +kObfv+gKPs4zRqHNr6A9icin+FH/jxdtky/GLc9YHxrAK3v52KadjVL07z5jXI/ ZI8A2WGO3EGTv1c4Nav1AECGYAP0GP6IEB754WTLYB+gxFFpL8OPlwcgfhiJK2J wIlOsOrMTutKAcOyewXvmt0qA7yd+9izK8BKxj74SmHYqdRYWoKzDxj8Zn+U4Fkz DTEHXRXKXN7KGKIUH274GQKWMRZKHG8QPVZ6FFCITFRMPGYWWJS1VR5SZDBTFR Y7E1OWKBGQDMKHPUE9LT3LJIZFIOU6YXBWU/+rMaJwqmV5bEXbfrL06PjTw7kp/ UNLHJ3TvdcxNy2J4Si39cYAHL5WR5JUBVIAW5ZCJJOXBRE3CK16KKJSS8DOXJHT nHNGV48GE51THWl/NbuRQz/rD9McsCwixNm66C2EiakKuKLuv3tI3Q==
-----结束RSA私钥------
我想您可能遇到与我刚才解决的问题完全相同的问题。我相信是你在“谷歌容器”上问了一个类似的问题，用户“vishh”说这帮我解决了这个问题。确保您的主IP/主机名位于证书的
主题备选名称下api服务器使用的证书中：