Kev koom ua ke ntawm Kubernetes Dashboard thiab GitLab cov neeg siv

Kubernetes Dashboard yog ib qho yooj yim-rau-siv cov cuab yeej kom tau txais cov ntaub ntawv tshiab txog kev khiav haujlwm thiab tswj tsawg kawg ntawm nws. Koj pib txaus siab rau nws ntau dua thaum nkag mus rau cov peev txheej no yog xav tau tsis yog los ntawm cov thawj coj / DevOps engineers, tab sis kuj los ntawm cov neeg uas tsis tshua paub siv lub console thiab / lossis tsis npaj siab los cuam tshuam nrog txhua qhov kev cuam tshuam ntawm kev cuam tshuam nrog kubectl thiab lwm yam khoom siv. Qhov no tshwm sim nrog peb: cov neeg tsim khoom xav nkag mus rau Kubernetes lub vev xaib nrawm, thiab txij li peb siv GitLab, cov kev daws teeb meem tuaj ib txwm muaj.

Vim li cas qhov no?

Cov neeg tsim khoom ncaj qha tuaj yeem txaus siab rau lub cuab yeej zoo li K8s Dashboard rau kev ua haujlwm debugging. Qee lub sij hawm koj xav saib cov cav thiab cov peev txheej, thiab qee zaum tua cov pods, scale Deployments / StatefulSets, thiab txawm mus rau lub thawv console (tseem muaj xws li kev thov, uas, txawm li cas los xij, muaj lwm txoj hauv kev - piv txwv li, los ntawm kubectl-debug).

Tsis tas li ntawd, muaj lub sijhawm puas siab ntsws rau cov thawj coj thaum lawv xav saib hauv pawg - pom tias "txhua yam yog ntsuab", thiab yog li qhia lawv tus kheej tias "txhua yam ua haujlwm" (uas, ntawm chav kawm, yog txheeb ze heev ... tab sis qhov no yog dhau ntawm cov kab lus ntawm kab lus).

Raws li tus qauv CI system peb muaj siv rau GitLab: txhua tus tsim tawm siv nws ib yam nkaus. Yog li, txhawm rau muab lawv nkag mus, nws yog qhov tsim nyog los koom ua ke Dashboard nrog GitLab cov nyiaj.

Kuv tseem yuav nco ntsoov tias peb siv NGINX Ingress. Yog tias koj ua haujlwm nrog lwm tus ingress daws, koj yuav tsum tau nrhiav nws tus kheej nrhiav analogues ntawm annotations rau kev tso cai.

Sim kev koom ua ke

installation ntawm dashboard

Nco ntsoov: Yog tias koj yuav rov ua cov kauj ruam hauv qab no, tom qab ntawd - kom tsis txhob muaj kev ua haujlwm tsis tsim nyog - ua ntej nyeem rau cov kab ntawv txuas ntxiv.

Txij li thaum peb siv qhov kev sib koom ua ke hauv ntau qhov kev teeb tsa, peb tau ua haujlwm nws lub installation. Cov peev txheej xav tau rau qhov no tau tshaj tawm hauv tshwj xeeb GitHub repository. Lawv yog raws li hloov me ntsis YAML teeb tsa los ntawm official Dashboard repository, nrog rau Bash tsab ntawv rau kev xa tawm sai.

Tsab ntawv teeb tsa Dashboard hauv pawg thiab teeb tsa nws rau kev koom ua ke nrog GitLab:

$ ./ctl.sh  
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
 -i, --install                install into 'kube-system' namespace
 -u, --upgrade                upgrade existing installation, will reuse password and host names
 -d, --delete                 remove everything, including the namespace
     --gitlab-url             set gitlab url with schema (https://gitlab.example.com)
     --oauth2-id              set OAUTH2_PROXY_CLIENT_ID from gitlab
     --oauth2-secret          set OAUTH2_PROXY_CLIENT_SECRET from gitlab
     --dashboard-url          set dashboard url without schema (dashboard.example.com)
Optional arguments:
 -h, --help                   output this message

Txawm li cas los xij, ua ntej siv nws, koj yuav tsum mus rau GitLab: Chaw Tswj Xyuas → Daim Ntawv Thov - thiab ntxiv daim ntawv thov tshiab rau lub vaj huam sib luag yav tom ntej. Cia peb hu nws "kubernetes dashboard":

Raws li qhov tshwm sim ntawm kev ntxiv nws, GitLab yuav muab cov hashes:

Lawv yog cov uas tau siv los ua kev sib cav rau tsab ntawv. Yog li ntawd, lub installation zoo li no:

$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.com

Tom qab ntawd, cia peb txheeb xyuas tias txhua yam pib:

$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp   1/1       Running   0          14s
oauth2-proxy-5586ccf95c-czp2v           1/1       Running   0          14s

Tsis ntev los sis tom qab txhua yam yuav pib, txawm li cas los xij kev tso cai yuav tsis ua haujlwm tam sim ntawd! Qhov tseeb yog tias hauv daim duab siv (qhov xwm txheej hauv lwm cov duab zoo ib yam) cov txheej txheem ntawm kev ntes tus xa rov qab hauv kev hu rov qab yog siv tsis raug. Qhov xwm txheej no ua rau qhov tseeb tias oauth lwv cov ncuav qab zib uas oauth nws tus kheej muab rau peb ...

Qhov teeb meem yog daws los ntawm kev tsim koj tus kheej oauth duab nrog ib thaj.

Patch oauth thiab reinstall

Txhawm rau ua qhov no, peb yuav siv Dockerfile hauv qab no:

FROM golang:1.9-alpine3.7
WORKDIR /go/src/github.com/bitly/oauth2_proxy

RUN apk --update add make git build-base curl bash ca-certificates wget 
&& update-ca-certificates 
&& curl -sSO https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm 
&& chmod +x gpm 
&& mv gpm /usr/local/bin
RUN git clone https://github.com/bitly/oauth2_proxy.git . 
&& git checkout bfda078caa55958cc37dcba39e57fc37f6a3c842  
ADD rd.patch .
RUN patch -p1 < rd.patch 
&& ./dist.sh

FROM alpine:3.7
RUN apk --update add curl bash  ca-certificates && update-ca-certificates
COPY --from=0 /go/src/github.com/bitly/oauth2_proxy/dist/ /bin/

EXPOSE 8080 4180
ENTRYPOINT [ "/bin/oauth2_proxy" ]
CMD [ "--upstream=http://0.0.0.0:8080/", "--http-address=0.0.0.0:4180" ]

Thiab ntawm no yog dab tsi rd.patch thaj nws tus kheej zoo li

diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
 
echo "... running tests"
-./test.sh
+#./test.sh
 
-for os in windows linux darwin; do
-    echo "... building v$version for $os/$arch"
-    EXT=
-    if [ $os = windows ]; then
-        EXT=".exe"
-    fi
-    BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
-    TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
-    FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
-    GOOS=$os GOARCH=$arch CGO_ENABLED=0 
-        go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
-    pushd $BUILD/$TARGET
-    sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
-    cd .. && tar czvf $TARGET.tar.gz $TARGET
-    mv $TARGET.tar.gz $DIR/dist
-    popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0 
+    go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
  
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
       if redirect_url == p.SignInPath {
               redirect_url = "/"
       }
-
+       if req.FormValue("rd") != "" {
+               redirect_url = req.FormValue("rd")
+       }
       t := struct {
               ProviderName  string
               SignInMessage string

Tam sim no koj tuaj yeem tsim cov duab thiab thawb nws rau hauv peb GitLab. Tom ntej no hauv manifests/kube-dashboard-oauth2-proxy.yaml qhia txog kev siv cov duab xav tau (hloov nws nrog koj tus kheej):

 image: docker.io/colemickens/oauth2_proxy:latest

Yog tias koj muaj daim ntawv teev npe uas raug kaw los ntawm kev tso cai, tsis txhob hnov ​​​​qab ntxiv kev siv cov zais cia rau rub cov duab:

      imagePullSecrets:
     - name: gitlab-registry

... thiab ntxiv qhov zais cia nws tus kheej rau kev sau npe:

---
apiVersion: v1
data:
 .dockercfg: eyJyZWdpc3RyeS5jb21wYW55LmNvbSI6IHsKICJ1c2VybmFtZSI6ICJvYXV0aDIiLAogInBhc3N3b3JkIjogIlBBU1NXT1JEIiwKICJhdXRoIjogIkFVVEhfVE9LRU4iLAogImVtYWlsIjogIm1haWxAY29tcGFueS5jb20iCn0KfQoK
=
kind: Secret
metadata:
 annotations:
 name: gitlab-registry
 namespace: kube-system
type: kubernetes.io/dockercfg

Tus neeg nyeem nyeem yuav pom tias txoj hlua ntev saum toj no yog base64 los ntawm config:

{"registry.company.com": {
 "username": "oauth2",
 "password": "PASSWORD",
 "auth": "AUTH_TOKEN",
 "email": "[email protected]"
}
}

Qhov no yog cov neeg siv cov ntaub ntawv hauv GitLab, Kubernetes code yuav rub cov duab los ntawm kev sau npe.

Tom qab txhua yam ua tiav, koj tuaj yeem tshem tawm tam sim no (tsis ua haujlwm raug) Dashboard installation nrog cov lus txib:

$ ./ctl.sh -d

... thiab nruab txhua yam ntxiv:

$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.com

Nws yog lub sij hawm mus rau lub Dashboard thiab nrhiav ib tug archaic tus ID nkag mus khawm:

Tom qab nyem rau ntawm nws, GitLab yuav tos txais peb, muab nkag rau hauv nws nplooj ntawv ib txwm muaj (ntawm chav kawm, yog tias peb tsis tau nkag mus rau qhov ntawd):

Peb nkag mus nrog GitLab daim ntawv pov thawj - thiab txhua yam ua tiav:

Hais txog Dashboard nta

Yog tias koj yog tus tsim tawm uas tsis tau ua haujlwm nrog Kubernetes ua ntej, lossis tsuas yog vim qee qhov tsis tau ntsib Dashboard ua ntej, kuv yuav piav qhia qee qhov ntawm nws lub peev xwm.

Ua ntej, koj tuaj yeem pom tias "txhua yam yog ntsuab":

Cov ntaub ntawv ntxaws ntxiv kuj tseem muaj rau cov pods, xws li ib puag ncig hloov pauv, cov duab rub tawm, kev sib cav, thiab lawv lub xeev:

Kev xa tawm muaj cov xwm txheej pom:

... thiab lwm yam ntsiab lus:

... thiab tseem muaj peev xwm los ntsuas qhov kev xa tawm:

Qhov tshwm sim ntawm qhov kev ua haujlwm no:

Ntawm lwm yam tseem ceeb uas twb tau hais nyob rau hauv qhov pib ntawm tsab xov xwm yog saib cov cav:

... thiab muaj nuj nqi kom nkag mus rau hauv lub thawv console ntawm lub pod xaiv:

Piv txwv li, koj tuaj yeem saib qhov txwv / thov ntawm nodes:

Tau kawg, cov no tsis yog tag nrho cov peev txheej ntawm lub vaj huam sib luag, tab sis kuv vam tias koj tau txais lub tswv yim dav dav.

Disadvantages ntawm kev koom ua ke thiab Dashboard

Hauv kev piav qhia kev koom ua ke tsis muaj tswj kev nkag. Nrog nws, txhua tus neeg siv nrog kev nkag mus rau GitLab tau nkag mus rau Dashboard. Lawv muaj tib qho kev nkag mus rau hauv Dashboard nws tus kheej, sib xws rau cov cai ntawm Dashboard nws tus kheej, uas tau txhais hauv RBAC. Obviously, qhov no tsis haum rau txhua tus neeg, tab sis rau peb cov ntaub ntawv nws tau ua kom txaus.

Ntawm qhov tsis pom kev tsis zoo hauv Dashboard nws tus kheej, kuv nco qab cov hauv qab no:

• nws yog tsis yooj yim sua kom nkag mus rau hauv lub console ntawm lub thawv ntim khoom;
• Nws tsis tuaj yeem hloov kho Deployments thiab StatefulSets, txawm hais tias qhov no tuaj yeem kho tau hauv ClusterRole;
• Dashboard qhov kev sib raug zoo nrog qhov tseeb versions ntawm Kubernetes thiab yav tom ntej ntawm qhov project tsa cov lus nug.

Qhov teeb meem kawg tsim nyog tau txais kev saib xyuas tshwj xeeb.

Dashboard xwm txheej thiab lwm yam

Dashboard compatibility rooj nrog Kubernetes tso tawm, nthuav tawm nyob rau hauv qhov tseeb version ntawm qhov project (v1.10.1), tsis zoo siab:

Txawm li cas los xij, muaj (twb tau saws nyob rau lub Ib Hlis) PIB #3476, uas tshaj tawm kev txhawb nqa rau K8s 1.13. Tsis tas li ntawd, ntawm qhov project teeb meem koj tuaj yeem nrhiav cov lus qhia rau cov neeg siv ua haujlwm nrog lub vaj huam sib luag hauv K8s 1.14. Thaum kawg, cog lus mus rau hauv qhov project's code base tsis nres. Yog li (tsawg kawg!) cov xwm txheej tiag tiag ntawm qhov project tsis yog qhov phem npaum li nws yuav ua ntej zoo li los ntawm cov lus sib raug zoo.

Thaum kawg, muaj lwm txoj hauv kev rau Dashboard. Ntawm lawv:

1. K8 Dash - cov tub ntxhais hluas interface (thawj thawj zaug rov qab mus rau lub Peb Hlis ntawm lub xyoo no), uas twb muaj cov yam ntxwv zoo, xws li cov duab sawv cev ntawm cov xwm txheej tam sim no ntawm pawg thiab kev tswj hwm ntawm nws cov khoom. Positioned li "real-time interface", vim hais tias cia li hloov kho cov ntaub ntawv tso tawm yam tsis tas yuav kom koj hloov kho nplooj ntawv hauv browser.
2. OpenShift Console - lub vev xaib cuam tshuam los ntawm Red Hat OpenShift, uas, txawm li cas los xij, yuav coj lwm yam kev txhim kho ntawm qhov project rau koj pawg, uas tsis haum rau txhua tus.
3. Kubernator yog ib qhov project nthuav, tsim raws li qib qis (tshaj li Dashboard) interface nrog lub peev xwm los saib tag nrho cov khoom pawg. Txawm li cas los xij, nws zoo li nws txoj kev loj hlob tau nres.
4. Polaris - tsuas yog lwm hnub tshaj tawm ib qhov project uas sib txuas cov haujlwm ntawm lub vaj huam sib luag (qhia txog lub xeev tam sim no ntawm pawg, tab sis tsis tswj hwm nws cov khoom) thiab tsis siv neeg "validation ntawm cov kev coj ua zoo tshaj" (xyuas cov pawg rau qhov tseeb ntawm kev teeb tsa ntawm Kev xa tawm khiav hauv nws).

Hloov chaw xaus

Dashboard yog cov cuab yeej txheem rau Kubernetes pawg peb pab. Nws kev koom ua ke nrog GitLab kuj tau dhau los ua ib feem ntawm peb lub neej ntawd kev teeb tsa, vim tias ntau tus neeg tsim khoom txaus siab rau lub peev xwm uas lawv muaj nrog lub vaj huam sib luag no.

Kubernetes Dashboard ib ntus muaj lwm txoj hauv kev los ntawm Open Source zej zog (thiab peb zoo siab los xav txog lawv), tab sis nyob rau theem no peb tseem nrog cov kev daws teeb meem no.

PS

Nyeem kuj ntawm peb blog:

• «kubebox thiab lwm lub plhaub rau Kubernetes»;
• «Qhov zoo tshaj plaws CI / CD kev coj ua nrog Kubernetes thiab GitLab (saib xyuas thiab tshaj tawm video)»;
• «Tsim thiab xa cov ntawv thov hauv Kubernetes siv dapp thiab GitLab CI»;
• «GitLab CI rau kev sib koom ua ke txuas ntxiv thiab xa khoom hauv kev tsim khoom. Ntu 1: peb lub raj xa dej".

Tau qhov twg los: www.hab.com