访问 dashboad 报告 'tls: bad certificate'

[zicjin]

What happened? 发生了什么问题？

浏览器访问 dashboad 时静态资源请求一直为挂起状态。

kubectl get pod -n kube-system | grep dashboard
dashboard-metrics-scraper-5c876f54bd-4zgkx   1/1     Running   0               6m58s
kubernetes-dashboard-89b5448d6-ddkfn         1/1     Running   0               6m58s

kubectl get service -n kube-system | grep dashboard
dashboard-metrics-scraper   ClusterIP   10.68.220.50    <none>        8000/TCP                 90m
kubernetes-dashboard        NodePort    10.68.212.244   <none>        443:61857/TCP            90m

kubectl logs -n kube-system kubernetes-dashboard-89b5448d6-ddkfn
2023/05/18 06:59:53 Starting overwatch
2023/05/18 06:59:53 Using namespace: kube-system
2023/05/18 06:59:53 Using in-cluster config to connect to apiserver
2023/05/18 06:59:53 Using secret token for csrf signing
2023/05/18 06:59:53 Initializing csrf token from kubernetes-dashboard-csrf secret
2023/05/18 06:59:53 Empty token. Generating and storing in a secret kubernetes-dashboard-csrf
2023/05/18 06:59:53 Successful initial request to the apiserver, version: v1.27.1
2023/05/18 06:59:53 Generating JWE encryption key
2023/05/18 06:59:53 New synchronizer has been registered: kubernetes-dashboard-key-holder-kube-system. Starting
2023/05/18 06:59:53 Starting secret synchronizer for kubernetes-dashboard-key-holder in namespace kube-system
2023/05/18 06:59:54 Initializing JWE encryption key from synchronized object
2023/05/18 06:59:54 Creating remote Sidecar client for http://dashboard-metrics-scraper:8000
2023/05/18 06:59:54 Metric client health check failed: Get "http://dashboard-metrics-scraper:8000/healthz": dial tcp 10.68.220.50:8000: connect: connection refused. Retrying in 30 seconds.
2023/05/18 06:59:54 Auto-generating certificates
2023/05/18 06:59:54 Successfully created certificates
2023/05/18 06:59:54 Serving securely on HTTPS port: 8443
2023/05/18 07:00:24 Successful request to sidecar
2023/05/18 07:05:45 http: TLS handshake error from 172.20.181.64:31994: remote error: tls: bad certificate
2023/05/18 07:06:59 http2: received GOAWAY [FrameHeader GOAWAY len=8], starting graceful shutdown
...

然后我清理了所有我所知的与证书相关内容：

rm /root/.kube/config
rm /etc/kubeasz/clusters/k8s-01/ssl/*
rm /etc/kubeasz/clusters/k8s-01/*.kubeconfig
rm /etc/kubernetes/*.kubeconfig # all node
rm /etc/kubernetes/ssl/* # all node
kubectl delete all --all -n default
kubectl delete all --all -n kube-system

重新完整执行 ezctl setup 分步安装，无效。是清理的不够完整？有没有完整卸载证书重新安装的指导？

What did you expect to happen? 期望的结果是什么？

证书体系可完整卸载重装。

How can we reproduce it (as minimally and precisely as possible)? 尽可能最小化、精确地描述如何复现问题

无法精确复现，可能由改变 /etc/kubeasz/clusters/k8s-01/hosts 内的 CLUSTER_DNS_DOMAIN 引起。

Anything else we need to know? 其他需要说明的情况

No response

Kubernetes version k8s 版本

1.27.1

Kubeasz version

3.6.0

OS version 操作系统版本

```console # On Linux: $ cat /etc/os-release $ cat /etc/os-release PRETTY_NAME="Ubuntu 22.04.2 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.2 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy $ uname -a Linux y0 5.15.0-67-generic #74-Ubuntu SMP Wed Feb 22 14:14:39 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux ```

Related plugins (CNI, CSI, ...) and versions (if applicable) 其他网络插件等需要说明的情况

[gjmzj]

dashboard是自签名证书，校验严格的浏览器是打不开；使用firefox 试试 https://github.com/easzlab/kubeasz/blob/master/docs/guide/dashboard.md

[github-actions[bot]]

This issue is stale because it has been open for 30 days with no activity.

[github-actions[bot]]

This issue was closed because it has been inactive for 14 days since being marked as stale.