1.什么是Dashboard
Dashboard 是基于网页的 Kubernetes 用户界面。 你可以使用 Dashboard 将容器应用部署到 Kubernetes 集群中,也可以对容器应用排错,还能管理集群资源。 你可以使用 Dashboard 获取运行在集群中的应用的概览信息,也可以创建或者修改 Kubernetes 资源 (如 Deployment,Job,DaemonSet 等等)。 例如,你可以对 Deployment 实现弹性伸缩、发起滚动升级、重启 Pod 或者使用向导创建新的应用。
2. 使用Ingress对外发布Dashboard
默认安装完成的dashboard的访问方式是ClusterIP,进而想访问dashboard需更改为nodeport或者loadbalancer或者配置为ingress的方式才能访问dashbaord。本文将以ingress-nginx发布dashboard在外部访问。
2.1 查看dashboard默认的访问方式
- 我们可以看到默认是clusterip只能在集群内部访问,是无法在集群外部访问的。
- # kubectl get pods,svc -n kubernetes-dashboard
- NAME READY STATUS RESTARTS AGE
- pod/dashboard-metrics-scraper-7c857855d9-chmm9 1/1 Running 0 74m
- pod/kubernetes-dashboard-6b79449649-xgdph 1/1 Running 0 74m
- NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
- service/dashboard-metrics-scraper ClusterIP 10.96.129.181 <none> 8000/TCP 74m
- service/kubernetes-dashboard ClusterIP 10.96.13.147 <none> 443/TCP 74m
- # kubectl get pods -n ingress-nginx
- NAME READY STATUS RESTARTS AGE
- ingress-nginx-controller-bnmpt 1/1 Running 25 (3d2h ago) 18d
- ingress-nginx-controller-cfblk 1/1 Running 26 (3d1h ago) 18d
自签发证书。当然生产环境中理应当使用机构签发的证书。- # openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout kube-dashboard.key -out kube-dashboard.crt -subj "/CN=dashboard.kube.com/O=k8s.dashboard.local"
- Generating a 2048 bit RSA private key
- ......+++
- .......+++
- writing new private key to 'kube-dashboard.key'
- -----
- 创建tls类型的Secret为ingress提供配置。
- # kubectl create secret tls dashboard-tls --key kube-dashboard.key --cert kube-dashboard.crt -n kubernetes-dashboard
- secret/dashboard-tls created
- 查看secrets,可以看见类型为tls类型
- # kubectl get secret -n kubernetes-dashboard
- NAME TYPE DATA AGE
- dashboard-tls kubernetes.io/tls 2 15h
- default-token-7d7z8 kubernetes.io/service-account-token 3 17h
- kubernetes-dashboard-certs Opaque 0 17h
- kubernetes-dashboard-csrf Opaque 1 17h
- kubernetes-dashboard-key-holder Opaque 2 17h
- kubernetes-dashboard-token-c2z56 kubernetes.io/service-account-token 3 17h
Nginx Ingress Controller默认使用HTTP协议转发请求到后端业务容器。当您的业务容器为HTTPS协议时,可以通过使用注解nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"来使得Nginx Ingress Controller使用HTTP协议转发请求到后端业务容器。- # cat ingress-dashboard.yaml
- apiVersion: networking.k8s.io/v1 类型为v1
- kind: Ingress
- metadata:
- name: dashboard-ingress
- namespace: kubernetes-dashboard
- annotations:
- nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" #注意这里:必须指定后端服务为HTTPS服务。
- spec:
- ingressClassName: "nginx" 控制器的类型为nginx
- tls:
- - hosts:
- - k8s.dashboard.local 主机名
- secretName: dashboard-tls 这里引用创建的secrets
- rules:
- - host: k8s.dashboard.local
- http:
- paths:
- - path: /
- pathType: Prefix 起始与根都进行代理。
- backend:
- service:
- name: kubernetes-dashboard service名称
- port: 后端端口
- number: 443
- 加载配置文件
- # kubectl apply -f ingress-dashboard.yaml
- ingress.networking.k8s.io/dashboard-ingress created
- # kubectl describe ingress -n kubernetes-dashboard
- Name: dashboard-ingress
- Namespace: kubernetes-dashboard
- Address: xxxxx
- Default backend: default-http-backend:80 (<error: endpoints "default-http-backend" not found>)
- TLS:
- dashboard-tls terminates k8s.dashboard.local
- Rules:
- Host Path Backends
- ---- ---- --------
- k8s.dashboard.local 可以看到后端的服务已被代理到。
- / kubernetes-dashboard:443 (192.168.3.56:8443)
- Annotations: nginx.ingress.kubernetes.io/backend-protocol: HTTPS
- Events:
- Type Reason Age From Message
- ---- ------ ---- ---- -------
- Normal Sync 6s (x2 over 54s) nginx-ingress-controller Scheduled for sync
- echo "xxxxx k8s.dashboard.local" >> /etc/hosts
2.7 登陆dashboard
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作! |
