kubernetes之Ingress发布Dashboard(二) - 梨花海棠
source link: https://www.cnblogs.com/xunweidezui/p/17157939.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
1.什么是Dashboard
Dashboard 是基于网页的 Kubernetes 用户界面。 你可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中,也可以对容器应用排错,还能管理集群资源。 你可以使用 Dashboard 获取运行在集群中的应用的概览信息,也可以创建或者修改 Kubernetes 资源 (如 Deployment,Job,DaemonSet 等等)。 例如,你可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。
2. 使用Ingress对外发布Dashboard
默认安装完成的dashboard的访问方式是ClusterIP,进而想访问dashboard需更改为nodeport或者loadbalancer或者配置为ingress的方式才能访问dashbaord。本文将以ingress-nginx发布dashboard在外部访问。
2.1 查看dashboard默认的访问方式
我们可以看到默认是clusterip只能在集群内部访问,是无法在集群外部访问的。
# kubectl get pods,svc -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
pod/dashboard-metrics-scraper-7c857855d9-chmm9 1/1 Running 0 74m
pod/kubernetes-dashboard-6b79449649-xgdph 1/1 Running 0 74m
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/dashboard-metrics-scraper ClusterIP 10.96.129.181 <none> 8000/TCP 74m
service/kubernetes-dashboard ClusterIP 10.96.13.147 <none> 443/TCP 74m
2.2 检查Ingress Controller是否正常。
# kubectl get pods -n ingress-nginx
NAME READY STATUS RESTARTS AGE
ingress-nginx-controller-bnmpt 1/1 Running 25 (3d2h ago) 18d
ingress-nginx-controller-cfblk 1/1 Running 26 (3d1h ago) 18d
2.3 创建自签证书,并创建tls类型Secrets
自签发证书。当然生产环境中理应当使用机构签发的证书。
# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout kube-dashboard.key -out kube-dashboard.crt -subj "/CN=dashboard.kube.com/O=k8s.dashboard.local"
Generating a 2048 bit RSA private key
......+++
.......+++
writing new private key to 'kube-dashboard.key'
-----
创建tls类型的Secret为ingress提供配置。
# kubectl create secret tls dashboard-tls --key kube-dashboard.key --cert kube-dashboard.crt -n kubernetes-dashboard
secret/dashboard-tls created
查看secrets,可以看见类型为tls类型
# kubectl get secret -n kubernetes-dashboard
NAME TYPE DATA AGE
dashboard-tls kubernetes.io/tls 2 15h
default-token-7d7z8 kubernetes.io/service-account-token 3 17h
kubernetes-dashboard-certs Opaque 0 17h
kubernetes-dashboard-csrf Opaque 1 17h
kubernetes-dashboard-key-holder Opaque 2 17h
kubernetes-dashboard-token-c2z56 kubernetes.io/service-account-token 3 17h
2.4 配置Ingress规则。
Nginx Ingress Controller默认使用HTTP协议转发请求到后端业务容器。当您的业务容器为HTTPS协议时,可以通过使用注解nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"来使得Nginx Ingress Controller使用HTTP协议转发请求到后端业务容器。
# cat ingress-dashboard.yaml
apiVersion: networking.k8s.io/v1 类型为v1
kind: Ingress
metadata:
name: dashboard-ingress
namespace: kubernetes-dashboard
annotations:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" #注意这里:必须指定后端服务为HTTPS服务。
spec:
ingressClassName: "nginx" 控制器的类型为nginx
tls:
- hosts:
- k8s.dashboard.local 主机名
secretName: dashboard-tls 这里引用创建的secrets
rules:
- host: k8s.dashboard.local
http:
paths:
- path: /
pathType: Prefix 起始与根都进行代理。
backend:
service:
name: kubernetes-dashboard service名称
port: 后端端口
number: 443
加载配置文件
# kubectl apply -f ingress-dashboard.yaml
ingress.networking.k8s.io/dashboard-ingress created
2.5 检查Ingress配置文件
# kubectl describe ingress -n kubernetes-dashboard
Name: dashboard-ingress
Namespace: kubernetes-dashboard
Address: xxxxx
Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
TLS:
dashboard-tls terminates k8s.dashboard.local
Rules:
Host Path Backends
---- ---- --------
k8s.dashboard.local 可以看到后端的服务已被代理到。
/ kubernetes-dashboard:443 (192.168.3.56:8443)
Annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 6s (x2 over 54s) nginx-ingress-controller Scheduled for sync
2.6 编辑本地hosts解析并访问UI
echo "xxxxx k8s.dashboard.local" >> /etc/hosts
2.7 登陆dashboard
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK