How to access the LINSTOR® GUI within a Kubernetes cluster using a TLS-secured connection
Prerequisites: A deployed and secured LINSTOR cluster. If you need to secure your LINSTOR deployment, follow the instructions in the LINSTOR User's Guide before proceeding to the steps below.
Fetch the client certificate and key from Kubernetes:
kubectl get secret linstor-op-client-secret -ogo-template='' > client.pem
Convert the fetched certificate to PKCS12 format, because that seems to be the format of choice for browsers. You will need to provide a password, which you should remember for step 3.
openssl pkcs12 -export -out linstor-client.p12 -in client.pem -inkey client.pem
Importing the Certificate in Your Browser
For Mozilla Firefox, go to Settings -> Privacy & Security -> scroll to Certificates -> View Certificates -> Your Certificates -> Import linstor-client.p12 -> enter password from step 2. b. For Chrome, enter chrome://settings/certificates in the address bar -> Import linstor-client.p12 -> enter password from step 2.
Creating a Local Port Forward
To create a local port forward, enter the following command:
kubectl port-forward deploy/linstor-op-cs-controller 3371:3371
Creating a Kubernetes Node Port Service
Browse to https://localhost:3371/ui/ (or wherever else you forwarded it to) ignore the unknown/mismatched/self-signed certificate warning. Your browser should automatically pick up the required client certificate and ask you for an exception confirmation. Confirm and you get full access to the LINSTOR GUI.
Created 2022/10/05 – MAT (based on original content by MW)
Reviewed 2022/11/30 – MDK