Hoʻohui ʻia o nā Kubernetes Dashboard a me nā mea hoʻohana GitLab
He mea hana maʻalahi ka Kubernetes Dashboard no ka loaʻa ʻana o ka ʻike hou e pili ana i kāu pūʻulu holo a me ka hoʻokele ʻana me ka hoʻoikaika liʻiliʻi. Hoʻomaka ʻoe e mahalo nui i ka wā e pono ai ke komo ʻana i kēia mau mea hiki ʻaʻole wale e nā luna hoʻomalu / DevOps engineers, akā na ka poʻe i maʻa ʻole i ka console a / a ʻaʻole i manaʻo e hana i nā paʻakikī āpau o ka launa pū ʻana me kubectl a nā pono hana ʻē aʻe. Ua hana ʻia kēia me mākou: makemake ka poʻe hoʻomohala i ke komo wikiwiki ʻana i ke kikowaena pūnaewele Kubernetes, a no ka hoʻohana ʻana iā GitLab, hiki mai ka hopena.
No ke aha kēia?
Hiki paha i nā mea hoʻomohala pololei ke makemake i kahi mea hana e like me K8s Dashboard no ka hana debugging. I kekahi manawa makemake ʻoe e nānā i nā lāʻau a me nā kumuwaiwai, a i kekahi manawa e pepehi i nā pods, scale Deployments/StatefulSets, a hiki i ka hele ʻana i ka pahu console (he mau noi nō naʻe, aia kekahi ala ʻē aʻe - no ka laʻana, ma o kubectl-debug).
Eia kekahi, aia kahi manawa noʻonoʻo no nā mana ke makemake lākou e nānā i ka pūpū - e ʻike i ka "ʻōmaʻomaʻo nā mea āpau", a no laila e hōʻoiaʻiʻo iā lākou iho "ke hana nei nā mea āpau" (ʻo ia hoʻi, pili loa ... akā aia kēia ma waho o ke kiko o ka ʻatikala).
Ma ke ʻano he ʻōnaehana CI maʻamau iā mākou noi ʻia GitLab: hoʻohana nā mea hoʻomohala āpau. No laila, no ka hāʻawi ʻana iā lākou i ke komo ʻana, pono e hoʻohui i ka Dashboard me nā moʻolelo GitLab.
E hoʻomaopopo hoʻi au e hoʻohana mākou i NGINX Ingress. Inā ʻoe e hana pū me nā mea ʻē aʻe nā hoʻonā komo, pono ʻoe e ʻimi kūʻokoʻa i nā analogues o nā annotations no ka ʻae ʻana.
Ke hoʻāʻo nei e hoʻohui
Hoʻokomo ʻia ʻo Dashboard
E nānā: Inā ʻoe e hana hou i nā ʻanuʻu ma lalo nei, a laila - e pale aku i nā hana pono ʻole - heluhelu mua i ke poʻomanaʻo aʻe.
Ma muli o ka hoʻohana ʻana i kēia hoʻohui ʻana i nā hoʻonohonoho he nui, ua hoʻokomo ʻia mākou. Paʻi ʻia nā kumu e pono ai no kēia ma kahi waihona GitHub kūikawā. Hoʻokumu ʻia lākou ma nā hoʻonohonoho YAML i hoʻololi iki ʻia mai waihona Dashboard kūhelu, a me kahi palapala Bash no ka hoʻouka wikiwiki.
Hoʻokomo ka ʻatikala i ka Dashboard i ka hui a hoʻonohonoho iā ia no ka hoʻohui ʻana me GitLab:
$ ./ctl.sh
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
-i, --install install into 'kube-system' namespace
-u, --upgrade upgrade existing installation, will reuse password and host names
-d, --delete remove everything, including the namespace
--gitlab-url set gitlab url with schema (https://gitlab.example.com)
--oauth2-id set OAUTH2_PROXY_CLIENT_ID from gitlab
--oauth2-secret set OAUTH2_PROXY_CLIENT_SECRET from gitlab
--dashboard-url set dashboard url without schema (dashboard.example.com)
Optional arguments:
-h, --help output this message
Eia naʻe, ma mua o ka hoʻohana ʻana, pono ʻoe e hele i GitLab: Admin area → Applications - a hoʻohui i kahi noi hou no ka papa e hiki mai ana. E kapa mākou iā ia "kubernetes dashboard":
Ma muli o ka hoʻohui ʻana, e hāʻawi ʻo GitLab i nā hashes:
ʻO lākou nā mea i hoʻohana ʻia ma ke ʻano he hoʻopaʻapaʻa i ka palapala. ʻO ka hopena, ua like ka hoʻonohonoho ʻana:
Ma hope o kēlā, e nānā kākou ua hoʻomaka nā mea a pau:
$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp 1/1 Running 0 14s
oauth2-proxy-5586ccf95c-czp2v 1/1 Running 0 14s
Ma hope a ma hope paha e hoʻomaka nā mea a pau ʻaʻole e holo koke ka mana! ʻO ka ʻoiaʻiʻo ma ke kiʻi i hoʻohana ʻia (ʻo ke kūlana i nā kiʻi ʻē aʻe e like) ke kaʻina hana o ka hopu ʻana i kahi redirect i ka callback ua hoʻokō hewa ʻia. Ke alakaʻi nei kēia kūlana i ka ʻoiaʻiʻo e holoi ʻo oauth i ke kuki i hāʻawi ʻia e oauth iā mākou ...
Hoʻoholo ʻia ka pilikia ma ke kūkulu ʻana i kāu kiʻi oauth me kahi pā.
Patch oauth a hoʻouka hou
No ka hana ʻana i kēia, e hoʻohana mākou i kēia Dockerfile:
diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
echo "... running tests"
-./test.sh
+#./test.sh
-for os in windows linux darwin; do
- echo "... building v$version for $os/$arch"
- EXT=
- if [ $os = windows ]; then
- EXT=".exe"
- fi
- BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
- TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
- FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
- GOOS=$os GOARCH=$arch CGO_ENABLED=0
- go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
- pushd $BUILD/$TARGET
- sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
- cd .. && tar czvf $TARGET.tar.gz $TARGET
- mv $TARGET.tar.gz $DIR/dist
- popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0
+ go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
if redirect_url == p.SignInPath {
redirect_url = "/"
}
-
+ if req.FormValue("rd") != "" {
+ redirect_url = req.FormValue("rd")
+ }
t := struct {
ProviderName string
SignInMessage string
I kēia manawa hiki iā ʻoe ke kūkulu i ke kiʻi a pana i loko o kā mākou GitLab. Aʻe ma manifests/kube-dashboard-oauth2-proxy.yaml hōʻike i ka hoʻohana ʻana i ke kiʻi i makemake ʻia (e hoʻololi iā ia me kāu iho):
image: docker.io/colemickens/oauth2_proxy:latest
Inā loaʻa iā ʻoe kahi papa inoa i pani ʻia e ka ʻae, mai poina e hoʻohui i ka hoʻohana ʻana i kahi huna no ka huki kiʻi:
imagePullSecrets:
- name: gitlab-registry
... a hoʻohui i ka mea huna iā ia iho no ka hoʻopaʻa inoa:
ʻO ka manawa kēia e hele ai i ka Dashboard a ʻike i kahi pihi komo kahiko:
Ma hope o ke kaomi ʻana iā ia, e aloha mai ʻo GitLab iā mākou, e hāʻawi ana e komo i kāna ʻaoʻao maʻamau (ʻoiaʻiʻo, inā ʻaʻole mākou i komo mua ma laila):
Hoʻopili mākou me nā hōʻoia GitLab - a pau nā mea a pau:
E pili ana i nā hiʻohiʻona Dashboard
Inā he mea hoʻomohala ʻoe ʻaʻole i hana pū me Kubernetes ma mua, a i ʻole no kekahi kumu ʻaʻole i ʻike i ka Dashboard ma mua, e hōʻike wau i kekahi o kāna mau mea hiki.
ʻO ka mea mua, hiki iā ʻoe ke ʻike "he ʻōmaʻomaʻo nā mea āpau":
Loaʻa ka ʻikepili kikoʻī hou aku no nā pods, e like me nā ʻano hoʻololi kaiapuni, nā kiʻi i hoʻoiho ʻia, nā manaʻo hoʻomaka, a me ko lākou mokuʻāina:
Loaʻa nā kūlana ʻike ʻia o nā hoʻolālā:
...a me nā kikoʻī ʻē aʻe:
... a aia nō ka hiki ke hoʻonui i ka hoʻolālā:
ʻO ka hopena o kēia hana:
Ma waena o nā hiʻohiʻona pono ʻē aʻe i ʻōlelo ʻia ma ka hoʻomaka ʻana o ka ʻatikala ke nānā ʻana i nā lāʻau:
... a me ka hana e komo ai i loko o ka pahu pahu o ka pod i koho ʻia:
No ka laʻana, hiki iā ʻoe ke nānā i nā palena/noi ma nā nodes:
ʻOiaʻiʻo, ʻaʻole kēia nā mana āpau o ka panel, akā manaʻo wau e loaʻa iā ʻoe ka manaʻo maʻamau.
Nā hemahema o ka hoʻohui a me ka Dashboard
Ma ka hoʻohui i wehewehe ʻia ʻaʻole mana komo. Me ia, loaʻa nā mea hoʻohana a pau me ka loaʻa ʻana o GitLab i ka Dashboard. Loaʻa iā lākou ke komo like i ka Dashboard pono'ī, e pili ana i nā kuleana o ka Dashboard pono'ī, ka mea ua wehewehe ʻia ma RBAC. ʻIke loa, ʻaʻole kūpono kēia no nā mea āpau, akā no kā mākou hihia ua lawa.
Ma waena o nā hemahema i ʻike ʻia i ka Dashboard ponoʻī, ʻike wau i kēia:
ʻaʻole hiki ke komo i loko o ka console o ka pahu init;
ʻaʻole hiki ke hoʻoponopono i nā Deployments a me StatefulSets, ʻoiai hiki ke hoʻopaʻa ʻia kēia ma ClusterRole;
ʻO ka launa pū ʻana o Dashboard me nā mana hou loa o Kubernetes a me ka wā e hiki mai ana o ka papahana e hāpai i nā nīnau.
Pono ka pilikia hope loa i ka nānā kūikawā.
Ke kūlana Dashboard a me nā mea ʻē aʻe
ʻO ka papa hoʻolikelike Dashboard me nā hoʻokuʻu Kubernetes, hōʻike ʻia ma ka mana hou o ka papahana (v1.10.1), ʻaʻole hauʻoli loa:
ʻOiai kēia, aia (ua hoʻopaʻa ʻia i Ianuali) PR #3476, e hoʻolaha ana i ke kākoʻo no K8s 1.13. Eia kekahi, ma waena o nā pilikia papahana hiki iā ʻoe ke ʻike i nā kuhikuhi i nā mea hoʻohana e hana pū ana me ka panel ma K8s 1.14. ʻO ka hope, hana i loko o ka papahana code base mai hooki. No laila (ma ka liʻiliʻi loa!) ʻAʻole maikaʻi loa ke kūlana maoli o ka papahana e like me ka mea i ʻike mua ʻia mai ka papa hoʻohālikelike kūhelu.
ʻO ka hope, aia nā mea ʻē aʻe i Dashboard. Ma waena o lākou:
K8Dash - kahi'ōpiopio'ōpiopio (ka hana mua i ka lā mai Malaki o kēia makahiki), i hāʻawi mua i nā hiʻohiʻona maikaʻi, e like me ka hiʻohiʻona hiʻohiʻona o ke kūlana o kēia manawa o ka hui a me ka hoʻokele ʻana i kāna mau mea. Hoʻonoho ʻia ma ke ʻano he "manawa manawa maoli", no ka mea hōʻano hou i ka ʻikepili i hōʻike ʻia me ka ʻole e koi iā ʻoe e hōʻano hou i ka ʻaoʻao ma ka polokalamu kele pūnaewele.
OpenShift Console - he kikowaena pūnaewele mai Red Hat OpenShift, eia naʻe, e lawe mai i nā hoʻomohala ʻē aʻe o ka papahana i kāu pūʻulu, ʻaʻole kūpono i nā mea a pau.
Kubernator He papahana hoihoi ia, i hana ʻia ma ke ʻano he haʻahaʻa haʻahaʻa (ma mua o Dashboard) me ka hiki ke nānā i nā mea cluster āpau. Eia naʻe, me he mea lā ua pau kona hoʻomohala ʻana.
Polaris - i ka lā aʻe kūkala ʻia he papahana e hoʻohui i nā hana o kahi papa (e hōʻike ana i ke kūlana o kēia manawa o ka hui, akā ʻaʻole mālama i kāna mau mea) a me ka "hōʻoia o nā hana maikaʻi loa" (e nānā i ka pūʻulu no ka pololei o nā hoʻonohonoho o Deployments e holo ana i loko).
ʻO kahi o nā manaʻo
He mea hana maʻamau ka Dashboard no nā pūʻulu Kubernetes a mākou e lawelawe nei. ʻO kona hoʻohui pū ʻana me GitLab ua lilo pū i ʻāpana o kā mākou hoʻonohonoho paʻamau, ʻoiai he nui nā mea hoʻomohala e hauʻoli nei i nā mea hiki iā lākou me kēia papa.
Loaʻa i nā Kubernetes Dashboard nā koho ʻē aʻe mai ke kaiāulu Open Source (a hauʻoli mākou e noʻonoʻo iā lākou), akā i kēia manawa ke noho nei mākou me kēia hoʻonā.