Kubernetes Dashboard ndi chida chosavuta kugwiritsa ntchito chopezera zidziwitso zaposachedwa za gulu lomwe likuyendetsa ndikuwongolera pang'ono kwake. Mumayamba kuyamikiridwa kwambiri pamene mwayi wopeza izi umafunika osati ndi olamulira/DevOps mainjiniya, komanso ndi omwe sazolowera kutonthoza komanso / kapena sakufuna kuthana ndi zovuta zonse zolumikizana ndi kubectl ndi zida zina. Izi zidachitika ndi ife: omangawo adafuna kupeza mwachangu mawonekedwe awebusayiti a Kubernetes, ndipo popeza timagwiritsa ntchito GitLab, yankho linabwera mwachibadwa.
Chifukwa chiyani?
Madivelopa achindunji atha kukhala ndi chidwi ndi chida ngati K8s Dashboard chantchito zowongolera. Nthawi zina mumafuna kuwona zipika ndi zothandizira, ndipo nthawi zina kupha ma pod, sikelo Deployments/StatefulSets, ngakhale kupita ku kontrakitala (palinso zopempha zomwe, komabe, pali njira ina - mwachitsanzo, kudzera ).
Kuonjezera apo, pali nthawi yamaganizo kwa oyang'anira pamene akufuna kuyang'ana gululo - kuti awone kuti "zonse ndi zobiriwira", ndipo motero amadzitsimikizira kuti "zonse zikugwira ntchito" (zomwe, ndithudi, zimakhala zogwirizana kwambiri ... koma izi ndizoposa zomwe zalembedwa).
Monga dongosolo la CI lomwe tili nalo GitLab: Madivelopa onse amagwiritsanso ntchito. Chifukwa chake, kuti awapatse mwayi wopeza, zinali zomveka kuphatikiza Dashboard ndi maakaunti a GitLab.
Ndiwonanso kuti timagwiritsa ntchito NGINX Ingress. Ngati mumagwira ntchito ndi ena , mufunika kupeza paokha ma analogue a zofotokozera kuti muvomerezedwe.
Kuyesa kuphatikiza
Kukhazikitsa Dashboard
Chenjerani: Ngati mubwereza zomwe zili pansipa, ndiye - kupewa ntchito zosafunikira - choyamba werengani mutu waung'ono wotsatira.
Popeza timagwiritsa ntchito kuphatikiza uku m'mayikidwe ambiri, tapanga makina ake. Magwero ofunikira pa izi amasindikizidwa mu . Zimatengera masinthidwe osinthidwa pang'ono a YAML kuchokera , komanso Bash script kuti atumizidwe mwamsanga.
Zolemba zimayika Dashboard mgululi ndikulikonza kuti liphatikizidwe ndi GitLab:
$ ./ctl.sh
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
-i, --install install into 'kube-system' namespace
-u, --upgrade upgrade existing installation, will reuse password and host names
-d, --delete remove everything, including the namespace
--gitlab-url set gitlab url with schema (https://gitlab.example.com)
--oauth2-id set OAUTH2_PROXY_CLIENT_ID from gitlab
--oauth2-secret set OAUTH2_PROXY_CLIENT_SECRET from gitlab
--dashboard-url set dashboard url without schema (dashboard.example.com)
Optional arguments:
-h, --help output this messageKomabe, musanagwiritse ntchito, muyenera kupita ku GitLab: Dera la Admin β Mapulogalamu - ndikuwonjezera pulogalamu yatsopano pagulu lamtsogolo. Tiyeni tizitcha "kubernetes dashboard":
Chifukwa chowonjezera, GitLab ipereka ma hashes:
Ndiwo omwe amagwiritsidwa ntchito ngati mikangano ku script. Chifukwa chake, kukhazikitsa kumawoneka motere:
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e⦠--oauth2-secret 6b79168f⦠--dashboard-url dashboard.example.comPambuyo pake, tiyeni tiwone kuti zonse zidayamba:
$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp 1/1 Running 0 14s
oauth2-proxy-5586ccf95c-czp2v 1/1 Running 0 14sPosakhalitsa chilichonse chidzayamba, komabe chilolezo sichigwira ntchito nthawi yomweyo! Chowonadi ndi chakuti mu chithunzi chomwe chimagwiritsidwa ntchito (zimene zili muzithunzi zina ndizofanana) njira yopezera kubweza mu callback imayendetsedwa molakwika. Izi zimatsogolera ku mfundo yoti kulumbira kumachotsa cookie yomwe kulumbira komwe kumatipatsa ...
Vuto limathetsedwa pomanga chithunzi chanu chalumbiriro ndi chigamba.
Lumbirani lumbiro ndikukhazikitsanso
Kuti tichite izi, tidzagwiritsa ntchito Dockerfile yotsatirayi:
FROM golang:1.9-alpine3.7
WORKDIR /go/src/github.com/bitly/oauth2_proxy
RUN apk --update add make git build-base curl bash ca-certificates wget
&& update-ca-certificates
&& curl -sSO https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm
&& chmod +x gpm
&& mv gpm /usr/local/bin
RUN git clone https://github.com/bitly/oauth2_proxy.git .
&& git checkout bfda078caa55958cc37dcba39e57fc37f6a3c842
ADD rd.patch .
RUN patch -p1 < rd.patch
&& ./dist.sh
FROM alpine:3.7
RUN apk --update add curl bash ca-certificates && update-ca-certificates
COPY --from=0 /go/src/github.com/bitly/oauth2_proxy/dist/ /bin/
EXPOSE 8080 4180
ENTRYPOINT [ "/bin/oauth2_proxy" ]
CMD [ "--upstream=http://0.0.0.0:8080/", "--http-address=0.0.0.0:4180" ]Ndipo izi ndi momwe chigamba cha rd.patch chimawonekera
diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
echo "... running tests"
-./test.sh
+#./test.sh
-for os in windows linux darwin; do
- echo "... building v$version for $os/$arch"
- EXT=
- if [ $os = windows ]; then
- EXT=".exe"
- fi
- BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
- TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
- FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
- GOOS=$os GOARCH=$arch CGO_ENABLED=0
- go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
- pushd $BUILD/$TARGET
- sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
- cd .. && tar czvf $TARGET.tar.gz $TARGET
- mv $TARGET.tar.gz $DIR/dist
- popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0
+ go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
if redirect_url == p.SignInPath {
redirect_url = "/"
}
-
+ if req.FormValue("rd") != "" {
+ redirect_url = req.FormValue("rd")
+ }
t := struct {
ProviderName string
SignInMessage string
Tsopano mutha kupanga chithunzicho ndikuchikankhira mu GitLab yathu. Kenako mu manifests/kube-dashboard-oauth2-proxy.yaml onetsani kugwiritsa ntchito chithunzi chomwe mukufuna (chisinthe ndi chanu):
image: docker.io/colemickens/oauth2_proxy:latestNgati muli ndi zolembera zomwe zatsekedwa ndi chilolezo, musaiwale kuwonjezera kugwiritsa ntchito chinsinsi pazithunzi zokoka:
imagePullSecrets:
- name: gitlab-registry... ndikuwonjezera chinsinsi chokha cha registry:
---
apiVersion: v1
data:
.dockercfg: eyJyZWdpc3RyeS5jb21wYW55LmNvbSI6IHsKICJ1c2VybmFtZSI6ICJvYXV0aDIiLAogInBhc3N3b3JkIjogIlBBU1NXT1JEIiwKICJhdXRoIjogIkFVVEhfVE9LRU4iLAogImVtYWlsIjogIm1haWxAY29tcGFueS5jb20iCn0KfQoK
=
kind: Secret
metadata:
annotations:
name: gitlab-registry
namespace: kube-system
type: kubernetes.io/dockercfgWowerenga mwachidwi adzawona kuti chingwe chachitali pamwambapa ndi base64 kuchokera pa config:
{"registry.company.com": {
"username": "oauth2",
"password": "PASSWORD",
"auth": "AUTH_TOKEN",
"email": "[email protected]"
}
}Izi ndizomwe ogwiritsa ntchito mu GitLab, code ya Kubernetes imakoka chithunzicho kuchokera ku registry.
Zonse zikachitika, mutha kuchotsa zomwe zilipo (zosagwira ntchito bwino) Kuyika Dashboard ndi lamulo:
$ ./ctl.sh -d... ndikukhazikitsanso zonse:
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e⦠--oauth2-secret 6b79168f⦠--dashboard-url dashboard.example.comYakwana nthawi yoti mupite ku Dashboard ndikupeza batani lolowera zakale kwambiri:
Pambuyo podina, GitLab itipatsa moni, ndikulonjeza kulowa patsamba lake lanthawi zonse (zowona, ngati sitinalowemo kale):
Timalowa ndi zidziwitso za GitLab - ndipo zonse zachitika:
Za mawonekedwe a Dashboard
Ngati ndinu wopanga mapulogalamu omwe sanagwirepo ntchito ndi Kubernetes m'mbuyomu, kapena pazifukwa zina simunakumanepo ndi Dashboard m'mbuyomu, ndikuwonetsa zina mwazochita zake.
Choyamba, mutha kuwona kuti "chilichonse ndi chobiriwira":
Zambiri zatsatanetsatane zimapezekanso pazida, monga zosintha zachilengedwe, zithunzi zomwe zidatsitsidwa, mikangano yoyambitsa, ndi mawonekedwe ake:
Kutumizidwa kuli ndi mawonekedwe:
... ndi zina zambiri:
... ndipo palinso kuthekera kokulitsa kutumizidwa:
Zotsatira za opaleshoniyi:
Zina mwazinthu zothandiza zomwe zatchulidwa kumayambiriro kwa nkhaniyi ndikuwona zipika:
... ndi ntchito yolowera mu chotengera cha pod chosankhidwa:
Mwachitsanzo, mutha kuyang'ananso malire / zopempha pama node:
Zachidziwikire, izi sizinthu zonse za gululi, koma ndikhulupilira kuti mumvetsetsa lingaliro lonse.
Kuipa kwa kuphatikiza ndi Dashboard
Pakuphatikizana kofotokozedwa palibe mwayi wolowera. Ndi iyo, ogwiritsa ntchito onse omwe ali ndi mwayi wopita ku GitLab amapeza mwayi wopita ku Dashboard. Iwo ali ndi mwayi wofanana mu Dashboard palokha, mogwirizana ndi ufulu wa Dashboard palokha, amene . Mwachiwonekere, izi sizoyenera kwa aliyense, koma kwa ife zinakhala zokwanira.
Zina mwazovuta zomwe zili mu Dashboard yokha, ndikuwona izi:
- sizingatheke kulowa mu chotengera cha init;
- ndizosatheka kusintha Deployments ndi StatefulSets, ngakhale izi zitha kukhazikitsidwa mu ClusterRole;
- Kugwirizana kwa Dashboard ndi mitundu yaposachedwa ya Kubernetes komanso tsogolo la polojekitiyi kumabweretsa mafunso.
Vuto lomaliza liyenera kusamalidwa mwapadera.
Maonekedwe a Dashboard ndi zina
Gome lofananira la Dashboard ndi Kubernetes zotulutsidwa, zoperekedwa mu mtundu waposachedwa wa polojekitiyi (), osasangalala kwambiri:
Ngakhale izi, pali (yakhazikitsidwa kale mu Januwale) , yomwe imalengeza kuthandizira kwa K8s 1.13. Kuphatikiza apo, pakati pazantchitoyi mutha kupeza zonena za ogwiritsa ntchito ndi gulu mu K8s 1.14. Pomaliza, mu code maziko a polojekiti musayime. Kotero (osachepera!) Mkhalidwe weniweni wa polojekitiyi siwoipa monga momwe zingawonekere poyamba pa tebulo lovomerezeka.
Pomaliza, pali njira zina za Dashboard. Mwa iwo:
- - mawonekedwe achichepere (oyamba kuchita kuyambira pa Marichi chaka chino), omwe amapereka kale zinthu zabwino, monga chiwonetsero chazomwe zikuchitika pagulu ndi kasamalidwe ka zinthu zake. Kuyikidwa ngati "mawonekedwe a nthawi yeniyeni", chifukwa imasintha zokha zomwe zikuwonetsedwa popanda kukufunani kuti mutsitsimutse tsamba mumsakatuli.
- - mawonekedwe a intaneti kuchokera ku Red Hat OpenShift, yomwe, komabe, idzabweretsa zochitika zina za polojekiti kumagulu anu, omwe si oyenera aliyense.
- ndi pulojekiti yosangalatsa, yopangidwa ngati mawonekedwe apansi (kuposa Dashboard) yomwe imatha kuwona zinthu zonse zamagulu. Komabe, zikuwoneka kuti chitukuko chake chasiya.
- - tsiku lina basi pulojekiti yomwe imagwirizanitsa ntchito za gulu (imasonyeza momwe gululi lilili panopa, koma silimayendetsa zinthu zake) ndi "kutsimikiziridwa kwa machitidwe abwino" (onani gululo kuti likhale lolondola la makonzedwe a Deployments omwe akuyenda mmenemo).
M'malo momaliza
Dashboard ndi chida chokhazikika chamagulu a Kubernetes omwe timatumikira. Kuphatikiza kwake ndi GitLab kwakhalanso gawo la kukhazikitsa kwathu kosasintha, popeza opanga ambiri ali okondwa ndi kuthekera komwe ali nako ndi gululi.
Kubernetes Dashboard nthawi ndi nthawi imakhala ndi njira zina kuchokera kugulu la Open Source (ndipo ndife okondwa kuziganizira), koma pakadali pano tikhalabe ndi yankho ili.
PS
Werenganinso pa blog yathu:
- Β«";
- Β«";
- Β«";
- Β«".
Source: www.habr.com