zoukankan      html  css  js  c++  java
  • Kubernetes dashboard认证访问

    一、Dashboard部署

    部署的过程

    [root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
    secret/kubernetes-dashboard-certs created
    serviceaccount/kubernetes-dashboard created
    role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
    rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
    deployment.apps/kubernetes-dashboard created
    service/kubernetes-dashboard created
    [root@csserver12 ~]# kubectl get po -n kube-system|grep kubernetes-dashboard
    NAME                                   READY   STATUS    RESTARTS   AGE kubernetes
    -dashboard-d894c6994-l68db 1/1 Running 0 21d

      [root@csserver12 ~]# kubectl get svc -n kube-system|grep kubernetes-dashboard

      NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
      kubernetes-dashboard   NodePort    10.101.0.99      <none>       443/TCP         21d

    [root@k8s-master ~]# kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system  #以打补丁方式修改dasboard的访问方式或者设置ingress访问
    service/kubernetes-dashboard patched
    [root@k8s-master ~]# kubectl get svc -n kube-system
    NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
    kubernetes-dashboard   NodePort    10.105.204.4   <none>        443:30015/TCP   31m

    浏览器访问:https://172.18.128.119:30015,如图:这里需要注意的是谷歌浏览器会禁止不安全证书访问,建议使用火狐浏览器,并且需要在高级选项中添加信

    在k8s中 dashboard可以有两种访问方式:kubeconfig(HTTPS)和token(http)

    1、token认证

     (1)创建dashboard专用证书

    [root@csserver12 ~]# cd /etc/kubernetes/pki/
    [root@csserver12 pki]# (umask 077;openssl genrsa -out dashboard.key 2048) Generating RSA private key, 2048 bit long modulus .....................................................................................................+++ ..........................+++ e is 65537 (0x10001)

    (2)证书签署请求

    [root@csserver12 pki]# openssl req -new -key dashboard.key -out dashboard.csr -subj "/O=wicrenet/CN=dashboard"
    [root@csserver12 pki]# openssl x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out dashboard.crt -days 36500
    Signature ok
    subject=/O=wicrenet/CN=dashboard
    Getting CA Private Key

    (3)定义令牌方式仅能访问default名称空间

    复制代码
    [root@csserver12 pki]# kubectl create secret generic dashboard-cert -n kube-system --from-file=./dashboard.crt --from-file=dashboard.key=./dashboard.key   #secret创建
    secret/dashboard-cert created
    
    [root@csserver12 pki]# kubectl get secret -n kube-system |grep dashboard
    dashboard-cert                                   Opaque                                2         1m
    kubernetes-dashboard-certs                       Opaque                                0         3h
    kubernetes-dashboard-key-holder                  Opaque                                2         3h
    kubernetes-dashboard-token-jpbgw                 kubernetes.io/service-account-token   3         3h
    
    [root@csserver12 pki]# kubectl create serviceaccount def-ns-admin -n default  #创建serviceaccount
    serviceaccount/def-ns-admin created
    
    [root@csserver12 pki]# kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin  #service account账户绑定到集群角色admin
    rolebinding.rbac.authorization.k8s.io/def-ns-admin created
    
    [root@csserver12 pki]# kubectl describe secret def-ns-admin-token-k9fz9  #查看def-ns-admin这个serviceaccount的token
    Name:         def-ns-admin-token-k9fz9
    Namespace:    default
    Labels:       <none>
    Annotations:  kubernetes.io/service-account.name=def-ns-admin
                  kubernetes.io/service-account.uid=56ed901c-d042-11e8-801a-000c2972dc1f
    
    Type:  kubernetes.io/service-account-token
    
    Data
    ====
    ca.crt:     1025 bytes
    namespace:  7 bytes
    token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi1rOWZ6OSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1NmVkOTAxYy1kMDQyLTExZTgtODAxYS0wMDBjMjk3MmRjMWYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.QfB5RR19nBv4-kFYyzW5-2n5Ksg-kON8lU18-COLBNfObQTDHs926m4k9f_5bto4YGncYi7sV_3oEec8ouW1FRjJWfY677L1IqIlwcuqc-g0DUo21zkjY_s3Lv3JSb_AfXUbZ7VTeWOhvwonqfK8uriGO1-XET-RBk1CE4Go1sL7X5qDgPjNO1g85D9IbIZG64VygplT6yZNc-b7tLNn_O49STthy6J0jdNk8lYxjy6UJohoTicy2XkZMHp8bNPBj9RqGqMSnnJxny5WO3vHxYAodKx7h6w-PtuON84lICnhiJ06RzsWjZfdeaQYg4gCZmd2J6Hdq0_K32n3l3kFLg
    复制代码

    将该token复制后,填入验证,要知道的是,该token认证仅可以查看default名称空间的内容,如下图:

     

    2、kubeconfig认证 

    (1)配置k8s-dashboard-admin的集群信息

    [root@k8s-master pki]# kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://172.18.128.119:6443" --embed-certs=true --kubeconfig=/root/k8s-dashboard-admin.conf
    Cluster "kubernetes" set.

    (2)使用token写入集群验证

    [root@k8s-master ~]# kubectl config set-credentials -h  #认证的方式可以通过crt和key文件,也可以使用token进行配置,这里使用tonken
    
    Usage:
      kubectl config set-credentials NAME [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile]
    [--token=bearer_token] [--username=basic_user] [--password=basic_password] [--auth-provider=provider_name]
    [--auth-provider-arg=key=value] [options]
    [root@csserver12 pki]# kubectl describe secret dashboard-admin-token-bgjrh -n kube-system
    Name: dashboard-admin-token-bgjrh
    Namespace: kube-system
    Labels: <none>
    Annotations: kubernetes.io/service-account.name: dashboard-admin
    kubernetes.io/service-account.uid: a4eed7a5-c729-11e9-90fc-000c291e9d7e
    
    Type: kubernetes.io/service-account-token
    
    Data
    ====
    ca.crt: 1025 bytes
    namespace: 11 bytes
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYmdqcmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTRlZWQ3YTUtYzcyOS0xMWU5LTkwZmMtMDAwYzI5MWU5ZDdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.oH3kBBCrwh70HYKFZ-KA25fBrysyBnqNbxAuZsVJayjXaWyrEM9Ce_Ypsa8EnV38H8S2yxXNM10ratGKgLAt_G0NRAkTOnxakPy-CqrF_Z01ZcDmNG6wdifMS3q_5-ORqI9-0v3NZBBHckdm0x3MBx7BHPuoAZzyf4Gu--BtX4g3sgc-o7LW9uMEZlPO3WIt01w__85oPnkP10-com0MiJgy0qluKDsQKn2-EsylPLO9ymre6-eNeAJMc9x9FEGz8rVtUf_jK3A_eV2vkhwhqKPjRumubnNXp8sGXWz8BS6DNTX3FCeTlXbukU5Pd0nmv7SGc87K51bWjxXbaVbJZQ
    
    这里的token是base64编码,此处需要进行解码操作
    [root@csserver12 pki]# kubectl get secret dashboard-admin-token-bgjrh -o jsonpath={.data.token} -n kube-system|base64 -d
    eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYmdqcmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTRlZWQ3YTUtYzcyOS0xMWU5LTkwZmMtMDAwYzI5MWU5ZDdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.oH3kBBCrwh70HYKFZ-KA25fBrysyBnqNbxAuZsVJayjXaWyrEM9Ce_Ypsa8EnV38H8S2yxXNM10ratGKgLAt_G0NRAkTOnxakPy-CqrF_Z01ZcDmNG6wdifMS3q_5-ORqI9-0v3NZBBHckdm0x3MBx7BHPuoAZzyf4Gu--BtX4g3sgc-o7LW9uMEZlPO3WIt01w__85oPnkP10-com0MiJgy0qluKDsQKn2-EsylPLO9ymre6-eNeAJMc9x9FEGz8rVtUf_jK3A_eV2vkhwhqKPjRumubnNXp8sGXWz8BS6DNTX3FCeTlXbukU5Pd0nmv7SGc87K51bWjxXbaVbJZQ
    
    配置token信息
    [root@csserver12 pki]# kubectl config set-credentials k8s-dashboard-admin --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYmdqcmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTRlZWQ3YTUtYzcyOS0xMWU5LTkwZmMtMDAwYzI5MWU5ZDdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.oH3kBBCrwh70HYKFZ-KA25fBrysyBnqNbxAuZsVJayjXaWyrEM9Ce_Ypsa8EnV38H8S2yxXNM10ratGKgLAt_G0NRAkTOnxakPy-CqrF_Z01ZcDmNG6wdifMS3q_5-ORqI9-0v3NZBBHckdm0x3MBx7BHPuoAZzyf4Gu--BtX4g3sgc-o7LW9uMEZlPO3WIt01w__85oPnkP10-com0MiJgy0qluKDsQKn2-EsylPLO9ymre6-eNeAJMc9x9FEGz8rVtUf_jK3A_eV2vkhwhqKPjRumubnNXp8sGXWz8BS6DNTX3FCeTlXbukU5Pd0nmv7SGc87K51bWjxXbaVbJZQ --kubeconfig=/root/k8s-dashboard-admin.conf 
    User "k8s-dashboard-admin" set.

    (3)配置上下文和当前上下文

    [root@csserver12 pki]# kubectl config set-context k8s-dashboard-admin@kubernetes --cluster=kubernetes --user=k8s-dashboard-admin --kubeconfig=/root/k8s-dashboard-admin.conf 
    Context "k8s-dashboard-admin@kubernetes" created.
    [root@csserver12 pki]# kubectl config use-context k8s-dashboard-admin@kubernetes --kubeconfig=/root/k8s-dashboard-admin.conf             
    Switched to context "k8s-dashboard-admin@kubernetes".
    [root@csserver12 pki]# kubectl config view --kubeconfig=/root/k8s-dashboard-admin.conf 
    apiVersion: v1
    clusters:
    - cluster:
        certificate-authority-data: DATA+OMITTED
        server: https://172.18.128.119:6443
      name: kubernetes
    contexts:
    - context:
        cluster: kubernetes
        user: k8s-dashboard-admin
      name: k8s-dashboard-admin@kubernetes
    current-context: k8s-dashboard-admin@kubernetes
    kind: Config
    preferences: {}
    users:
    - name: k8s-dashboard-admin
      user:
        token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYmdqcmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTRlZWQ3YTUtYzcyOS0xMWU5LTkwZmMtMDAwYzI5MWU5ZDdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.oH3kBBCrwh70HYKFZ-KA25fBrysyBnqNbxAuZsVJayjXaWyrEM9Ce_Ypsa8EnV38H8S2yxXNM10ratGKgLAt_G0NRAkTOnxakPy-CqrF_Z01ZcDmNG6wdifMS3q_5-ORqI9-0v3NZBBHckdm0x3MBx7BHPuoAZzyf4Gu--BtX4g3sgc-o7LW9uMEZlPO3WIt01w__85oPnkP10-com0MiJgy0qluKDsQKn2-EsylPLO9ymre6-eNeAJMc9x9FEGz8rVtUf_jK3A_eV2vkhwhqKPjRumubnNXp8sGXWz8BS6DNTX3FCeTlXbukU5Pd0nmv7SGc87K51bWjxXbaVbJZQ

    将/root/k8s-dashboard-admin.conf文件发送到宿主机,浏览器访问时选择Kubeconfig认证,载入该配置文件,点击登陆,即可实现访问,如图: 

     3、设置ingress访问

    [root@csserver12 plugin]# cat kubernetes-dashboard-ingress.yaml 
    kind: Ingress
    apiVersion: extensions/v1beta1
    metadata: 
      name: dashboard
      namespace: kube-system
      annotations:
        kubernetes.io/ingress.class: traefik
    spec:
      tls:
      - hosts:
        - dashboard-dev.wicrenet.com
        secretName: kube-system-ingress-secret
      rules:
      - host: dashboard-dev.wicrenet.com
        http:
          paths:
          - backend:
              serviceName: kubernetes-dashboard
              servicePort: 443
            path: /
    [root@csserver12 plugin]# kubectl apply -f kubernetes-dashboard-ingress.yaml

    二、总结

    1、部署dashboard:

    kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

    2、将Service改为Node Port方式或者Ingress方式进行访问:

    kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system

    3、访问认证:

    认证时的账号必须为ServiceAccount:其作用是被dashboard pod拿来由kubenetes进行认证;认证方式有2种:
    token:

    • (1)创建ServiceAccount,根据其管理目标,使用rolebinding或clusterbinding绑定至合理的role或clusterrole;
    • (2)获取此ServiceAccount的secret,查看secret的详细信息,其中就有token;
    • (3)复制token到认证页面即可登录。

    kubeconfig:把ServiceAccount的token封装为kubeconfig文件

    • (1)创建ServiceAccount,根据其管理目标,使用rolebinding或clusterbinding绑定至合理的role或clusterrole;
    • (2)kubectl get secret |awk '/^ServiceAccount/{print $1}'
    • KUBE_TOKEN=$(kubectl get secret SERVICEACCOUNT_SECRET_NAME -o jsonpath={.data.token} | base64 -d)
    • (3)生成kubeconfig文件
    kubectl config set-cluster
    kubectl config set-credentials NAME --token=$KUBE_TOKEN
    kubectl config set-context
    kubectl config use-context

    三、附kubenetes-dashboard.yaml文件

    [root@csserver12 plugin]# cat kubernetes-dashboard.yaml 
    # Copyright 2017 The Kubernetes Authors.
    #
    # Licensed under the Apache License, Version 2.0 (the "License");
    # you may not use this file except in compliance with the License.
    # You may obtain a copy of the License at
    #
    #     http://www.apache.org/licenses/LICENSE-2.0
    #
    # Unless required by applicable law or agreed to in writing, software
    # distributed under the License is distributed on an "AS IS" BASIS,
    # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    # See the License for the specific language governing permissions and
    # limitations under the License.
    
    # Configuration to deploy release version of the Dashboard UI compatible with
    # Kubernetes 1.8.
    #
    # Example usage: kubectl create -f <this_file>
    
    ---
    apiVersion: v1
    kind: Secret
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
        # Allows editing resource and makes sure it is created first.
        addonmanager.kubernetes.io/mode: EnsureExists
      name: kubernetes-dashboard-certs
      namespace: kube-system
    type: Opaque
    ---
    apiVersion: v1
    kind: Secret
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
        # Allows editing resource and makes sure it is created first.
        addonmanager.kubernetes.io/mode: EnsureExists
      name: kubernetes-dashboard-key-holder
      namespace: kube-system
    type: Opaque
    ---
    # ------------------- Dashboard Service Account ------------------- #
    
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard-admin
      namespace: kube-system
    
    ---
    # ------------------- Dashboard Role & Role Binding ------------------- #
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      name: kubernetes-dashboard-admin
      namespace: kube-system
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
    subjects:
    - kind: ServiceAccount
      name: kubernetes-dashboard-admin
      namespace: kube-system
    
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
        name: cluster-watcher
    rules:
    - apiGroups:
      - '*'
      resources:
      - '*'
      verbs:
      - 'get'
      - 'list'
    - nonResourceURLs:
      - '*'
      verbs:
      - 'get'
      - 'list'
    - apiGroups: [""]
      resources: ["secrets"]
      resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
      verbs: ["get", "update", "delete"]
      # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
    - apiGroups: [""]
      resources: ["configmaps"]
      resourceNames: ["kubernetes-dashboard-settings"]
      verbs: ["get", "update"]
      # Allow Dashboard to get metrics from heapster.
    - apiGroups: [""]
      resources: ["services"]
      resourceNames: ["heapster"]
      verbs: ["proxy"]
    ---
    # ------------------- Dashboard Deployment ------------------- #
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: kubernetes-dashboard
      namespace: kube-system
      labels:
        k8s-app: kubernetes-dashboard
        kubernetes.io/cluster-service: "true"
        addonmanager.kubernetes.io/mode: Reconcile
    spec:
      selector:
        matchLabels:
          k8s-app: kubernetes-dashboard
      template:
        metadata:
          labels:
            k8s-app: kubernetes-dashboard
          annotations:
            scheduler.alpha.kubernetes.io/critical-pod: ''
            seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
        spec:
          priorityClassName: system-cluster-critical
          containers:
          - name: kubernetes-dashboard
            image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
            resources:
              limits:
                cpu: 100m
                memory: 300Mi
              requests:
                cpu: 50m
                memory: 100Mi
            ports:
            - containerPort: 8443
              protocol: TCP
            args:
              - --auto-generate-certificates
            volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
            - name: tmp-volume
              mountPath: /tmp
            livenessProbe:
              httpGet:
                scheme: HTTPS
                path: /
                port: 8443
              initialDelaySeconds: 30
              timeoutSeconds: 30
          volumes:
          - name: kubernetes-dashboard-certs
            secret:
              secretName: kubernetes-dashboard-certs
          - name: tmp-volume
            emptyDir: {}
          serviceAccountName: kubernetes-dashboard-admin
          tolerations:
          - key: node-role.kubernetes.io/master
            effect: NoSchedule
    
    ---
    # ------------------- Dashboard Service ------------------- #
    
    kind: Service
    apiVersion: v1
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard
      namespace: kube-system
    spec:
      ports:
      - port: 443
        targetPort: 8443
      selector:
        k8s-app: kubernetes-dashboard
    ---
    kind: Ingress
    apiVersion: extensions/v1beta1
    metadata: 
      name: dashboard
      namespace: kube-system
      annotations:
        kubernetes.io/ingress.class: traefik
    spec:
      tls:
      - hosts:
        - dashboard-dev.wicrenet.com
        secretName: kube-system-ingress-secret
      rules:
      - host: dashboard-dev.wicrenet.com
        http:
          paths:
          - backend:
              serviceName: kubernetes-dashboard
              servicePort: 443
            path: /
  • 相关阅读:
    面试题:redis事务
    哲学家就餐问题
    面试题:Redis常见性能问题和解决方案?
    取势、明道、优术、践行、合众
    自主可控和开源
    关于独立思考
    警惕软件复杂度困局
    如何构建研发体系
    大数据整体链路
    银行数仓的建设实践
  • 原文地址:https://www.cnblogs.com/malukang/p/11527822.html
Copyright © 2011-2022 走看看