How to access the LINSTOR GUI within a Kubernetes cluster using a TLS-secured connection
Prerequisites: A deployed and secured LINSTOR cluster. If you need to secure your LINSTOR deployment, follow the instructions in the LINSTOR User's Guide before proceeding to the steps below.
1. Fetch the client certificate and key from Kubernetes:
kubectl get secret linstor-op-client-secret -ogo-template='' > client.pem
2. Convert the fetched certificate to PKCS12 format, because that seems to be the format of choice for browsers. You will need to provide a password, which you should remember for step 3.
openssl pkcs12 -export -out linstor-client.p12 -in client.pem -inkey client.pem
3. Import the certificate in your browser.
a. For Firefox, go to Settings -> Privacy & Security -> scroll to "Certificates" -> View Certificates -> Your Certificates -> Import linstor-client.p12 -> enter password from step 2.
b. For Chrome, enter chrome://settings/certificates in the address bar -> Import linstor-client.p12 -> enter password from step 2.
4. Create a local port forward,
kubectl port-forward deploy/linstor-op-cs-controller 3371:3371
or create a Kubernetes node port service.
5. Browse to https://localhost:3371/ui/ (or wherever else you forwarded it to) ignore the unknown/mismatched/self-signed certificate warning. Your browser should automatically pick up the required client certificate and ask you for confirmation. Confirm and you get full access to the LINSTOR GUI.
Created 2022/10/05 – MAT (based on original content by MW)
Reviewed 2022/11/30 – MDK