Kubernetes ããã·ã¥ããŒãã¯ãå®è¡äžã®ã¯ã©ã¹ã¿ãŒã«é¢ããææ°æ
å ±ãååŸãããã®ã¯ã©ã¹ã¿ãŒãæå°éã«ç®¡çããããã®äœ¿ããããããŒã«ã§ãã ãããã®æ©èœãžã®ã¢ã¯ã»ã¹ã管çè
ã DevOps ãšã³ãžãã¢ã ãã§ãªããã³ã³ãœãŒã«ã«ããŸãæ
£ããŠããªã人ããkubectl ã kubectl ãšå¯Ÿè©±ããéã®ãã¹ãŠã®è€éãªæäœã«å¯ŸåŠããã€ããããªã人ã«ãã£ãŠãå¿
èŠã«ãªããšããã®ããããã¿ãããã«é«ãŸããŸããä»ã®ãŠãŒãã£ãªãã£ã ããã¯ç§ãã¡ã«ãèµ·ãããŸãããéçºè
㯠Kubernetes Web ã€ã³ã¿ãŒãã§ã€ã¹ã«çŽ æ©ãã¢ã¯ã»ã¹ããããšèããŠããŸããããç§ãã¡ã¯ GitLab ã䜿çšããŠããããããœãªã¥ãŒã·ã§ã³ã¯èªç¶ã«çãŸããŸããã
ããã¯ãªãã§ããïŒ
çŽæ¥ã®éçºè
ã¯ãã¿ã¹ã¯ããããã°ããããã® K8s Dashboard ã®ãããªããŒã«ã«èå³ããããããããŸããã ãã°ããªãœãŒã¹ã衚瀺ãããå Žåãããã°ããããã匷å¶çµäºããããDeployment/StatefulSet ãã¹ã±ãŒãªã³ã°ããããã³ã³ãã ã³ã³ãœãŒã«ã«ç§»åãããããããšãå¿
èŠã§ã (ãã®ãªã¯ãšã¹ãããããŸãããå¥ã®æ¹æ³ããããŸããããšãã°ã
ããã«ããããŒãžã£ãŒã«ã¯ã¯ã©ã¹ã¿ãŒã確èªãããå¿ççç¬éããããŸããããã¹ãŠãç·è²ãã§ããããšã確èªããŠãããã¹ãŠãæ©èœããŠãããããšã確èªããŠèªåèªèº«ãå®å¿ãããããšèããŠããŸã (ãã¡ãããããã¯éåžžã«çžå¯Ÿçãªãã®ã§ã...)ãã ããããã¯èšäºã®ç¯å²ãè¶ ããŠããŸã)ã
æšæºç㪠CI ã·ã¹ãã ãšããŠã
NGINX Ingress ã䜿çšããŠããããšã«ã泚æããŠãã ããã ä»ã®äººãšäžç·ã«ä»äºãããå Žå
çµ±åãè©Šã¿ã
ããã·ã¥ããŒãã®èšçœ®
泚ç®: 以äžã®æé ãç¹°ãè¿ãå Žåã¯ãäžèŠãªæäœãé¿ããããã«ããŸã次ã®å°èŠåºããèªãã§ãã ããã
ãã®çµ±åã¯å€ãã®ã€ã³ã¹ããŒã«ã§äœ¿çšããããããã€ã³ã¹ããŒã«ãèªååããŸããã ããã«å¿
èŠãªãœãŒã¹ã¯æ¬¡ã®å Žæã§å
¬éãããŠããŸãã
ãã®ã¹ã¯ãªããã¯ãã¯ã©ã¹ã¿ãŒã«ããã·ã¥ããŒããã€ã³ã¹ããŒã«ããGitLab ãšçµ±åã§ããããã«æ§æããŸãã
$ ./ctl.sh
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
-i, --install install into 'kube-system' namespace
-u, --upgrade upgrade existing installation, will reuse password and host names
-d, --delete remove everything, including the namespace
--gitlab-url set gitlab url with schema (https://gitlab.example.com)
--oauth2-id set OAUTH2_PROXY_CLIENT_ID from gitlab
--oauth2-secret set OAUTH2_PROXY_CLIENT_SECRET from gitlab
--dashboard-url set dashboard url without schema (dashboard.example.com)
Optional arguments:
-h, --help output this message
ãã ãã䜿çšããåã«ãGitLab: 管çãšãªã¢ â ã¢ããªã±ãŒã·ã§ã³ - ã«ç§»åããå°æ¥ã®ããã«ã«æ°ããã¢ããªã±ãŒã·ã§ã³ãè¿œå ããå¿ èŠããããŸãã ããããkubernetes ããã·ã¥ããŒãããšåŒã³ãŸãã
è¿œå ã®çµæãGitLab ã¯ããã·ã¥ãæäŸããŸãã
ãããã¯ãã¹ã¯ãªãããžã®åŒæ°ãšããŠäœ¿çšããããã®ã§ãã ãã®çµæãã€ã³ã¹ããŒã«ã¯æ¬¡ã®ããã«ãªããŸãã
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e⊠--oauth2-secret 6b79168f⊠--dashboard-url dashboard.example.com
ãã®åŸããã¹ãŠãéå§ãããããšã確èªããŠã¿ãŸãããã
$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp 1/1 Running 0 14s
oauth2-proxy-5586ccf95c-czp2v 1/1 Running 0 14s
é ããæ©ãããã¹ãŠãå§ãŸãã ãããã© èªèšŒã¯ããã«ã¯æ©èœããŸããïŒ å®éã®ãšããã䜿çšãããŠããã€ã¡ãŒãžã§ã¯ (ä»ã®ã€ã¡ãŒãžã§ãç¶æ³ã¯åæ§ã§ã)ãã³ãŒã«ããã¯ã§ãªãã€ã¬ã¯ãããã£ããããããã»ã¹ãæ£ããå®è£ ãããŠããŸããã ãã®ç¶æ³ã¯ãoauth èªäœãæäŸãã Cookie ã oauth ãæ¶å»ãããšããäºå®ã«ã€ãªãããŸã...
ãã®åé¡ã¯ããããã䜿çšããŠç¬èªã® oauth ã€ã¡ãŒãžãæ§ç¯ããããšã§è§£æ±ºãããŸãã
oauth ã«ããããé©çšããŠåã€ã³ã¹ããŒã«ãã
ãããè¡ãã«ã¯ã次㮠Dockerfile ã䜿çšããŸãã
FROM golang:1.9-alpine3.7
WORKDIR /go/src/github.com/bitly/oauth2_proxy
RUN apk --update add make git build-base curl bash ca-certificates wget
&& update-ca-certificates
&& curl -sSO https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm
&& chmod +x gpm
&& mv gpm /usr/local/bin
RUN git clone https://github.com/bitly/oauth2_proxy.git .
&& git checkout bfda078caa55958cc37dcba39e57fc37f6a3c842
ADD rd.patch .
RUN patch -p1 < rd.patch
&& ./dist.sh
FROM alpine:3.7
RUN apk --update add curl bash ca-certificates && update-ca-certificates
COPY --from=0 /go/src/github.com/bitly/oauth2_proxy/dist/ /bin/
EXPOSE 8080 4180
ENTRYPOINT [ "/bin/oauth2_proxy" ]
CMD [ "--upstream=http://0.0.0.0:8080/", "--http-address=0.0.0.0:4180" ]
rd.patch ãããèªäœã¯æ¬¡ã®ããã«ãªããŸã
diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
echo "... running tests"
-./test.sh
+#./test.sh
-for os in windows linux darwin; do
- echo "... building v$version for $os/$arch"
- EXT=
- if [ $os = windows ]; then
- EXT=".exe"
- fi
- BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
- TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
- FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
- GOOS=$os GOARCH=$arch CGO_ENABLED=0
- go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
- pushd $BUILD/$TARGET
- sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
- cd .. && tar czvf $TARGET.tar.gz $TARGET
- mv $TARGET.tar.gz $DIR/dist
- popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0
+ go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
if redirect_url == p.SignInPath {
redirect_url = "/"
}
-
+ if req.FormValue("rd") != "" {
+ redirect_url = req.FormValue("rd")
+ }
t := struct {
ProviderName string
SignInMessage string
ããã§ãã€ã¡ãŒãžããã«ãã㊠GitLab ã«ããã·ã¥ã§ããããã«ãªããŸããã 次㞠manifests/kube-dashboard-oauth2-proxy.yaml
ç®çã®ç»åã®äœ¿çšã瀺ããŸã (ç¬èªã®ç»åã«çœ®ãæããŸã)ã
image: docker.io/colemickens/oauth2_proxy:latest
æ¿èªã«ãã£ãŠéããããã¬ãžã¹ããªãããå Žåã¯ããã« ã€ã¡ãŒãžã«ã·ãŒã¯ã¬ããã®äœ¿çšãè¿œå ããããšãå¿ããªãã§ãã ããã
imagePullSecrets:
- name: gitlab-registry
...ãããŠãã¬ãžã¹ããªã®ã·ãŒã¯ã¬ããèªäœãè¿œå ããŸãã
---
apiVersion: v1
data:
.dockercfg: eyJyZWdpc3RyeS5jb21wYW55LmNvbSI6IHsKICJ1c2VybmFtZSI6ICJvYXV0aDIiLAogInBhc3N3b3JkIjogIlBBU1NXT1JEIiwKICJhdXRoIjogIkFVVEhfVE9LRU4iLAogImVtYWlsIjogIm1haWxAY29tcGFueS5jb20iCn0KfQoK
=
kind: Secret
metadata:
annotations:
name: gitlab-registry
namespace: kube-system
type: kubernetes.io/dockercfg
泚ææ·±ãèªè ã¯ãæ§æããäžèšã®é·ãæååã Base64 ã§ããããšããããã§ãããã
{"registry.company.com": {
"username": "oauth2",
"password": "PASSWORD",
"auth": "AUTH_TOKEN",
"email": "[email protected]"
}
}
ãã㯠GitLab ã®ãŠãŒã¶ãŒ ããŒã¿ã§ãããKubernetes ã³ãŒããã¬ãžã¹ããªããã€ã¡ãŒãžããã«ããŸãã
ãã¹ãŠãå®äºãããã次ã®ã³ãã³ãã䜿çšããŠãçŸåšã® (æ£ããåäœããŠããªã) ããã·ã¥ããŒãã®ã€ã³ã¹ããŒã«ãåé€ã§ããŸãã
$ ./ctl.sh -d
...ãã¹ãŠãå床ã€ã³ã¹ããŒã«ããŸãã
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e⊠--oauth2-secret 6b79168f⊠--dashboard-url dashboard.example.com
ããã§ããã·ã¥ããŒãã«ç§»åããããªãå€é¢šãªãã°ã€ã³ ãã¿ã³ãèŠã€ããŸãã
ãããã¯ãªãã¯ãããšãGitLab ãæšæ¶ããéåžžã®ããŒãžãžã®ãã°ã€ã³ãææ¡ããŸã (ãã¡ããã以åã«ãã°ã€ã³ããããšããªãå Žå)ã
GitLab èªèšŒæ
å ±ã䜿çšããŠãã°ã€ã³ãããšããã¹ãŠãå®äºããŸãã
ããã·ã¥ããŒãã®æ©èœã«ã€ããŠ
ãããŸã§ã« Kubernetes ã䜿çšããããšããªãéçºè ããŸãã¯åã«äœããã®çç±ã§ãããŸã§ Dashboard ã«è§Šããããšããªãéçºè ã®ããã«ããã®æ©èœã®äžéšã説æããŸãã
ãŸããããã¹ãŠãç·è²ãã§ããããšãããããŸãã
ãããã«ã€ããŠã¯ãç°å¢å€æ°ãããŠã³ããŒããããã€ã¡ãŒãžãèµ·ååŒæ°ãç¶æ
ãªã©ã®ãã詳现ãªããŒã¿ãå©çšã§ããŸãã
ãããã€ã¡ã³ãã«ã¯ã¹ããŒã¿ã¹ã衚瀺ãããŸãã
...ãã®ä»ã®è©³çŽ°:
...ãããŠãå±éãæ¡åŒµããæ©èœããããŸãã
ãã®æäœã®çµæ:
èšäºã®åé ã§ãã§ã«è¿°ã¹ããã®ä»ã®äŸ¿å©ãªæ©èœã«ã¯ããã°ã®è¡šç€ºããããŸãã
...ãããŠãéžæãããããã®ã³ã³ããã³ã³ãœãŒã«ã«ãã°ã€ã³ããé¢æ°:
ããšãã°ãããŒãã®å¶é/ãªã¯ãšã¹ãã確èªããããšãã§ããŸãã
ãã¡ãããããããããã«ã®æ©èœã®ãã¹ãŠã§ã¯ãããŸãããã倧ãŸããªæŠèŠã¯ç解ããŠããã ããã°å¹žãã§ãã
çµ±åãšããã·ã¥ããŒãã®æ¬ ç¹
説æãããŠããçµ±åã«ã¯ã ã¢ã¯ã»ã¹å¶åŸ¡ã ããã«ãããGitLab ã«ã¢ã¯ã»ã¹ã§ãããã¹ãŠã®ãŠãŒã¶ãŒãããã·ã¥ããŒãã«ã¢ã¯ã»ã¹ã§ããããã«ãªããŸãã ãããã¯ãããã·ã¥ããŒãèªäœã®æš©éã«å¯Ÿå¿ããŠãããã·ã¥ããŒãèªäœã§åãã¢ã¯ã»ã¹æš©ãæã¡ãŸãã
ããã·ã¥ããŒãèªäœã®é¡èãªæ¬ ç¹ã®äžã§ã次ã®ããšã«æ³šæããŠãã ããã
- init ã³ã³ããã®ã³ã³ãœãŒã«ã«ã¢ã¯ã»ã¹ããããšã¯äžå¯èœã§ãã
- Deployment ãš StatefulSet ãç·šéããããšã¯ã§ããŸãããããã㯠ClusterRole ã§ä¿®æ£ã§ããŸãã
- ææ°ããŒãžã§ã³ã® Kubernetes ãš Dashboard ã®äºææ§ãšãããžã§ã¯ãã®å°æ¥ã«ã¯çåãçããŸãã
æåŸã®åé¡ã¯ç¹ã«æ³šæããå¿ èŠããããŸãã
ããã·ã¥ããŒãã®ã¹ããŒã¿ã¹ãšä»£æ¿æ¡
ãããžã§ã¯ãã®ææ°ããŒãžã§ã³ã§ç€ºãããŠãããKubernetes ãªãªãŒã¹ãšã®ããã·ã¥ããŒãäºææ§ããŒãã« (
ããã«ãããããããïŒXNUMXæã«ãã§ã«æ¡çšãããŠããïŒ
æåŸã«ãããã·ã¥ããŒãã®ä»£æ¿æ段ããããŸãã ãã®äžã§ïŒ
-
K8ããã·ã¥ â è¥ãã€ã³ã¿ãŒãã§ã€ã¹ (æåã®ã³ãããã¯ä»å¹Ž XNUMX æã«é¡ããŸã)ãã¯ã©ã¹ã¿ãŒã®çŸåšã®ã¹ããŒã¿ã¹ã®èŠèŠçè¡šçŸããã®ãªããžã§ã¯ãã®ç®¡çãªã©ãåªããæ©èœããã§ã«æäŸããŠããŸãã ããªã¢ã«ã¿ã€ã ã€ã³ã¿ãŒãã§ãŒã¹ããšããŠäœçœ®ä»ããããŠããããã ãã©ãŠã¶ã§ããŒãžãæŽæ°ããªããŠãã衚瀺ãããããŒã¿ãèªåçã«æŽæ°ãããŸãã -
OpenShift ã³ã³ãœãŒã« - Red Hat OpenShift ã® Web ã€ã³ã¿ãŒãã§ã€ã¹ããã ãããããžã§ã¯ãã®ä»ã®éçºãã¯ã©ã¹ã¿ãŒã«åã蟌ãããããã¹ãŠã®äººã«é©ããŠããããã§ã¯ãããŸããã -
ã¯ãã«ããŒã¿ãŒ ããã¯èå³æ·±ããããžã§ã¯ãã§ããã¹ãŠã®ã¯ã©ã¹ã¿ãŒ ãªããžã§ã¯ãã衚瀺ããæ©èœãåããäžäœã¬ãã« (ããã·ã¥ããŒããã) ã®ã€ã³ã¿ãŒãã§ã€ã¹ãšããŠäœæãããŠããŸãã ãããããã®éçºã¯äžæ¢ãããããã§ãã -
ãã©ãªã¹ - ã€ãå æ¥çºè¡š ããã«ã®æ©èœ (ã¯ã©ã¹ã¿ãŒã®çŸåšã®ç¶æ ã衚瀺ããŸããããã®ãªããžã§ã¯ãã¯ç®¡çããŸãã) ãšèªåã®ããã¹ã ãã©ã¯ãã£ã¹ã®æ€èšŒã (ã¯ã©ã¹ã¿ãŒå ã§å®è¡ãããŠãããããã€ã¡ã³ãã®æ§æãæ£ãããã©ãããã¯ã©ã¹ã¿ãŒã§ç¢ºèªããŸã) ãçµã¿åããããããžã§ã¯ãã§ãã
çµè«ã®ä»£ããã«
ããã·ã¥ããŒãã¯ãåœç€ŸãæäŸãã Kubernetes ã¯ã©ã¹ã¿ãŒã®æšæºããŒã«ã§ãã å€ãã®éçºè ããã®ããã«ã®æ©èœã«è奮ããŠãããããGitLab ãšã®çµ±åãããã©ã«ãã®ã€ã³ã¹ããŒã«ã®äžéšã«ãªã£ãŠããŸãã
Kubernetes ããã·ã¥ããŒãã«ã¯ãªãŒãã³ãœãŒã¹ ã³ãã¥ããã£ããã®ä»£æ¿æ¡ãå®æçã«æäŸãããŠããŸã (åãã§æ€èšããŸã) ããçŸæ®µéã§ã¯ãã®ãœãªã¥ãŒã·ã§ã³ã䜿çšãç¶ããŸãã
PS
ç§ãã¡ã®ããã°ããèªã¿ãã ãã:
- «
kubebox ããã³ Kubernetes çšã®ãã®ä»ã®ã·ã§ã« "; - «
Kubernetes ãš GitLab ã䜿çšãã CI/CD ã®ãã¹ã ãã©ã¯ãã£ã¹ (ã¬ãã¥ãŒãšãã㪠ã¬ããŒã) "; - «
dapp ãš GitLab CI ã䜿çšã㊠Kubernetes ã§ã¢ããªã±ãŒã·ã§ã³ãæ§ç¯ããã³ãããã€ãã "; - «
æ¬çªç°å¢ã§ã®ç¶ç¶çãªçµ±åãšé ä¿¡ã®ããã® GitLab CIã ããŒã 1: åœç€Ÿã®ãã€ãã©ã€ã³ 'ã
åºæïŒ habr.com