[英]Kubernetes dashboard through Ingress
I have Kubernetes Cluster with Ingress/Traefik controller我有带有 Ingress/Traefik 控制器的 Kubernetes 集群
Also, I installed the dashboard using the standard config from here: https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml另外,我使用这里的标准配置安装了仪表板: https : //raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
I'm trying to access the Dashboard through Ingress, but I get 404 error我正在尝试通过 Ingress 访问仪表板,但出现 404 错误
404 page not found
My ingress.yml file looks like this我的 ingress.yml 文件看起来像这样
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "traefik"
name: app-ingress-system
namespace: kube-system
spec:
tls:
- hosts:
- dashboard.domain.com
secretName: kubernetes-dashboard-certs
rules:
- host: dashboard.domain.com
http:
paths:
- path: /
backend:
serviceName: kubernetes-dashboard
servicePort: 443
I've tried different - path: (like /dashboard, /proxy) same result我尝试了不同的 - 路径:(如 /dashboard、/proxy)相同的结果
This occurs because kubernetes-dashboard-certs
doesnot have the file tls.crt
and tls.key
which are expected by traefik. 发生这种情况是因为kubernetes-dashboard-certs
没有tls.key
期望的文件tls.crt
和tls.key。 You should get this in the traefik logs. 您应该在traefik日志中得到它。
Next problems will be between traefik certificates and dashboard certificates. 下一个问题将出现在traefik证书和仪表板证书之间。 I still not understand how to fix properly this and configure traefik with the option : 我仍然不知道如何正确解决此问题并使用以下选项配置traefik:
ssl.insecureSkipVerify: "true"
The last one I had, is that http endpoint doesnot accept login, then finally I declare the ingress that redirect http to https like this : 我的最后一个是http端点不接受登录,然后最终我声明了将http重定向到https的入口,如下所示:
kubectl apply -f - << EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: dashboard.domain.com
http:
paths:
- path: /
backend:
serviceName: kubernetes-dashboard
servicePort: 443
EOF
This code works on microk8s.此代码适用于 microk8s。 In some systems must change service kubernetes-dasboard type to NodePort在某些系统中必须将服务 kubernetes-dasboard 类型更改为 NodePort
kubectl -n kube-system edit svc kubernetes-dashboard
Create a tls secret for yourdomain.com must be in the same namespace where is kubernates-dashboard, must have the crt and key files.为 yourdomain.com 创建 tls secret 必须在与 kubernates-dashboard 相同的命名空间中,必须有 crt 和密钥文件。
kubectl -n kube-system create secret tls yourdomain.com-tls --key="yourdomain.com.key" --cert="yourdomain.com.crt"
Use this code for create the ingress使用此代码创建入口
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-dashboard
namespace: kube-system
annotations:
kubernetes.io/ingress.class: public
#this redirect to https if try to enter over http
nginx.ingress.kubernetes.io/ssl-redirect: "true"
#this is required, because dashboard only run over HTTPS
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
#this requiered if want to protect site
#nginx.ingress.kubernetes.io/whitelist-source-range: <here your public ip>,<here server ip if want access from server>
spec:
tls:
- hosts:
- dashboard.yourdomain.com
secretName: yourdomain.com-tls
rules:
- host: dashboard.yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 8443
you can access the kubernetes dashboard without disabling ssl verification for the entire traefik server, by creating custom server transport for the ingressroute通过为 ingressroute 创建自定义服务器传输,您可以访问 kubernetes 仪表板,而无需禁用整个 traefik 服务器的 ssl 验证
---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: kubernetes-dashboard-transport
namespace: kubernetes-dashboard
spec:
serverName: kubernetes-dashboard
insecureSkipVerify: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kubernetes-dashboard-ingress
namespace: kubernetes-dashboard
spec:
entryPoints: # [1]
- websecure
routes: # [2]
- kind: Rule
match: Host(`k3sdashboard.example.xyz`) # [3]
priority: 10 # [4]
services: # [8]
- kind: Service
name: kubernetes-dashboard
namespace: kubernetes-dashboard
port: 443 # [9]
serversTransport: kubernetes-dashboard-transport
tls: # [11]
certResolver: dns-cloudflare
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.