使用客户端证书进行身份验证的Curl minikube apiserver

如何解决使用客户端证书进行身份验证的Curl minikube apiserver

有关使用curl和客户端证书和密钥对minikube api服务器进行身份验证的基本问题。

当我在api服务器上卷曲/ping端点时，我得到了403（预期失败，验证失败）

curl -k https://127.0.0.1:32776/ping

{
  "kind": "Status","apiVersion": "v1","metadata": {

  },"status": "Failure","message": "forbidden: User \"system:anonymous\" cannot get path \"/ping\"","reason": "Forbidden","details": {

  },"code": 403
}

要解决此问题，我正在尝试使用下面的curl命令

curl -v
--cert /Users/blah/.minikube/profiles/minikube/client.crt \
--cacert /Users/blah/.minikube/ca.cert \
--key /Users/blah/.minikube/profiles/minikube/client.key \
https://127.0.0.1:32776/ping

然后我回来

*   Trying 127.0.0.1:32776...
* Connected to 127.0.0.1 (127.0.0.1) port 32776 (#0)
* ALPN,offering http/1.1
* WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure Transport. The private key must be in the Keychain.
* WARNING: SSL: Certificate type not set,assuming PKCS#12 format.
* SSL: Can't find the certificate "/Users/blah/.minikube/profiles/minikube/client.crt" and its private key in the Keychain.
* Closing connection 0
curl: (58) SSL: Can't find the certificate "/Users/blah/.minikube/profiles/minikube/client.crt" and its private key in the Keychain.

我正在使用上述证书，如 kubectl config view

apiVersion: v1
clusters:
- cluster:
    certificate-authority: /Users/blah/.minikube/ca.crt
    server: https://127.0.0.1:32776
  name: minikube
contexts:
- context:
    cluster: minikube
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    client-certificate: /Users/blah/.minikube/profiles/minikube/client.crt
    client-key: /Users/blah/.minikube/profiles/minikube/client.key

我认为这是我所缺少的更多curl使用细节，minikube似乎很好。 另外，我很好奇其他人如何验证对minikube的curl请求？

解决方法

版权声明：本文内容由互联网用户自发贡献，该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容， 请发送邮件至 dio@foxmail.com 举报，一经查实，本站将立刻删除。