O le Kubernetes Dashboard ose meafaigaluega e faigofie ona fa'aoga mo le mauaina o fa'amatalaga lata mai e uiga i lau fuifui tamo'e ma fa'afoeina i se taumafaiga itiiti. E amata ona e talisapaia atili pe a manaʻomia le avanoa i nei gafatia e le gata i pulega / DevOps inisinia, ae faʻapea foʻi ma i latou e le masani i le faʻamafanafanaga ma / poʻo le le faʻamoemoe e feagai ma faʻalavelave uma o le fegalegaleai ma kubectl ma isi mea aoga. Na tupu lenei mea ia i matou: na manaʻomia e le au atiaʻe le avanoa vave i le Kubernetes web interface, ma talu ai matou te faʻaogaina le GitLab, na oʻo mai le fofo.
Aisea ua faapea ai?
E mafai ona fiafia le au atinaʻe saʻo i se meafaigaluega e pei o K8s Dashboard mo galuega faʻapipiʻi. O nisi taimi e te manaʻo e vaʻai i ogalaau ma punaoa, ma o nisi taimi e fasioti pods, fua Deployments/StatefulSets, ma e oʻo lava i le faʻamafanafanaga pusa (o loʻo i ai foʻi talosaga, ae ui i lea, o loʻo i ai se isi auala - mo se faʻataʻitaʻiga, e ala i ).
E le gata i lea, o loʻo i ai se taimi faʻapitoa mo pule pe a latou manaʻo e vaʻavaʻai i le fuifui - e vaʻai ai "o mea uma e lanumeamata", ma faʻamautinoa ai i latou lava "o loʻo galue mea uma" (lea, ioe, e matua vavalalata ... ae o le mea lea e sili atu i le lautele o le tusiga).
I le avea ai o se faiga faʻavae CI o loʻo ia i matou GitLab: e faʻaaogaina foi e le au atinaʻe uma. O le mea lea, ina ia tuʻuina atu ia i latou le avanoa, sa talafeagai le tuʻufaʻatasia o le Dashboard ma faʻamatalaga GitLab.
O le a ou matauina foi matou te faʻaaogaina NGINX Ingress. Afai e te galulue ma isi , e tatau ona e su'e tuto'atasi fa'atusa o fa'amatalaga mo fa'atagaga.
Taumafai e tu'ufa'atasia
Fa'apipi'i laupapa
Faʻalogo: Afai o le a e toe faia laasaga o loʻo i lalo, ona - ia aloese mai gaioiga e le manaʻomia - faitau muamua i le isi ulutala.
Talu ai matou te faʻaogaina lenei tuʻufaʻatasiga i le tele o mea faʻapipiʻi, ua matou faʻaogaina otometi lona faʻapipiʻiina. O punaoa e manaʻomia mo lenei mea o loʻo faʻasalalau i totonu . O lo'o fa'avae i luga o fa'asologa YAML la'ititi ua suia mai , faʻapea foʻi ma le Bash script mo le faʻapipiʻiina vave.
E faʻapipiʻi e le tusitusiga le Dashboard i le fuifui ma faʻapipiʻi mo le tuʻufaʻatasia ma GitLab:
$ ./ctl.sh
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
-i, --install install into 'kube-system' namespace
-u, --upgrade upgrade existing installation, will reuse password and host names
-d, --delete remove everything, including the namespace
--gitlab-url set gitlab url with schema (https://gitlab.example.com)
--oauth2-id set OAUTH2_PROXY_CLIENT_ID from gitlab
--oauth2-secret set OAUTH2_PROXY_CLIENT_SECRET from gitlab
--dashboard-url set dashboard url without schema (dashboard.example.com)
Optional arguments:
-h, --help output this messageAe peitaʻi, aʻo leʻi faʻaaogaina, e tatau ona e alu ile GitLab: Admin area → Applications - ma faʻaopoopo se talosaga fou mo le laulau i le lumanaʻi. Tatou ta'ua o le “kubernetes dashboard”:
O se taunuuga o le faʻaopoopoina, GitLab o le a tuʻuina atu faʻailoga:
O i latou ia e faʻaaogaina e fai ma finauga i le faʻamatalaga. O se taunuuga, o le faʻapipiʻiina e pei o lenei:
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.comA maeʻa lena, seʻi o tatou siaki na amata mea uma:
$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp 1/1 Running 0 14s
oauth2-proxy-5586ccf95c-czp2v 1/1 Running 0 14sE le o toe mamao ae amata mea uma, peitaʻi o le a le galue vave le faatagaga! O le mea moni e faapea i le ata na faʻaaogaina (o le tulaga i isi ata e tutusa) o le faʻagasologa o le puʻeina o se toe faʻafeiloaʻi i le toe foʻi ua faʻatinoina le saʻo. O lenei tulaga e taitai atu ai i le mea moni o le oauth e tapeina le kuki lea e tuuina mai e le tautoga lava ia ia i tatou...
E foia le faafitauli e ala i le fausiaina o lau lava ata oauth ma se patch.
Patch le oauth ma toe fa'apipi'i
Ina ia faia lenei mea, matou te faʻaogaina le Dockerfile nei:
FROM golang:1.9-alpine3.7
WORKDIR /go/src/github.com/bitly/oauth2_proxy
RUN apk --update add make git build-base curl bash ca-certificates wget
&& update-ca-certificates
&& curl -sSO https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm
&& chmod +x gpm
&& mv gpm /usr/local/bin
RUN git clone https://github.com/bitly/oauth2_proxy.git .
&& git checkout bfda078caa55958cc37dcba39e57fc37f6a3c842
ADD rd.patch .
RUN patch -p1 < rd.patch
&& ./dist.sh
FROM alpine:3.7
RUN apk --update add curl bash ca-certificates && update-ca-certificates
COPY --from=0 /go/src/github.com/bitly/oauth2_proxy/dist/ /bin/
EXPOSE 8080 4180
ENTRYPOINT [ "/bin/oauth2_proxy" ]
CMD [ "--upstream=http://0.0.0.0:8080/", "--http-address=0.0.0.0:4180" ]Ma o le mea lea e foliga mai ai le rd.patch patch lava ia
diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
echo "... running tests"
-./test.sh
+#./test.sh
-for os in windows linux darwin; do
- echo "... building v$version for $os/$arch"
- EXT=
- if [ $os = windows ]; then
- EXT=".exe"
- fi
- BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
- TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
- FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
- GOOS=$os GOARCH=$arch CGO_ENABLED=0
- go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
- pushd $BUILD/$TARGET
- sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
- cd .. && tar czvf $TARGET.tar.gz $TARGET
- mv $TARGET.tar.gz $DIR/dist
- popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0
+ go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
if redirect_url == p.SignInPath {
redirect_url = "/"
}
-
+ if req.FormValue("rd") != "" {
+ redirect_url = req.FormValue("rd")
+ }
t := struct {
ProviderName string
SignInMessage string
O lea e mafai ona e fausia le ata ma tulei i totonu o la matou GitLab. Sosoo ai i totonu manifests/kube-dashboard-oauth2-proxy.yaml fa'ailoa mai le fa'aogaina o le ata mana'omia (sui i lau oe lava ata):
image: docker.io/colemickens/oauth2_proxy:latestAfai ei ai sau resitala e tapunia e ala i le faʻatagaina, aua neʻi galo e faʻaopopo le faʻaogaina o se mealilo mo ata toso:
imagePullSecrets:
- name: gitlab-registry... ma faʻaopopo le mea lilo lava ia mo le resitala:
---
apiVersion: v1
data:
.dockercfg: eyJyZWdpc3RyeS5jb21wYW55LmNvbSI6IHsKICJ1c2VybmFtZSI6ICJvYXV0aDIiLAogInBhc3N3b3JkIjogIlBBU1NXT1JEIiwKICJhdXRoIjogIkFVVEhfVE9LRU4iLAogImVtYWlsIjogIm1haWxAY29tcGFueS5jb20iCn0KfQoK
=
kind: Secret
metadata:
annotations:
name: gitlab-registry
namespace: kube-system
type: kubernetes.io/dockercfgO le a iloa e le tagata faitau faʻalogo o le manoa umi o loʻo i luga o le base64 mai le config:
{"registry.company.com": {
"username": "oauth2",
"password": "PASSWORD",
"auth": "AUTH_TOKEN",
"email": "[email protected]"
}
}O le faʻamatalaga faʻaoga lea i GitLab, o le Kubernetes code o le a toso le ata mai le resitala.
A maeʻa mea uma, e mafai ona e aveese le taimi nei (e le o galue saʻo) Faʻapipiʻi Dashboard ma le faʻatonuga:
$ ./ctl.sh -d... ma toe faʻapipiʻi mea uma:
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.comUa oʻo i le taimi e alu ai i le Dashboard ma suʻe se faʻamau faʻaoga tuai:
A uma ona kiliki i luga, GitLab o le a faʻafeiloaʻi i matou, ofo atu e saini i lona itulau masani (ioe, pe afai matou te leʻi ulufale muamua i ai):
Matou te ulufale i totonu ma GitLab faʻamaonia - ma ua uma mea uma:
E uiga i foliga o le Dashboard
Afai o oe o se atiaʻe e leʻi galue muamua ma Kubernetes, pe na o se mafuaʻaga e leʻi oʻo i le Dashboard muamua, o le a ou faʻaalia nisi o ona gafatia.
Muamua, e mafai ona e vaʻaia o "meamata uma":
O lo'o maua fo'i fa'amatalaga au'ili'ili mo pods, e pei o suiga o le si'osi'omaga, ata na siiina mai, fa'alauiloa finauga, ma lo latou tulaga:
O fa'agaioiga e iai tulaga va'aia:
... ma isi faʻamatalaga:
... ma o loʻo i ai foʻi le gafatia e faʻateleina le faʻapipiʻiina:
O le taunuuga o lenei gaioiga:
Faatasi ai ma isi mea aoga ua uma ona taʻua i le amataga o le tusiga o loʻo vaʻaia ogalaau:
... ma le galuega e ulufale ai i totonu o le pusa faʻamafanafana o le pod ua filifilia:
Mo se faʻataʻitaʻiga, e mafai foi ona e vaʻavaʻai i tapulaʻa / talosaga i nodes:
Ioe, e le o mea uma ia e mafai e le laulau, ae ou te faʻamoemoe e te maua le manatu lautele.
Le lelei o le tuʻufaʻatasia ma Dashboard
I le faʻamatalaina tuʻufaʻatasiga e leai pulea avanoa. Faatasi ai ma ia, o tagata uma e faʻaogaina soʻo se avanoa i GitLab maua avanoa i le Dashboard. Latou te maua tutusa avanoa i le Dashboard lava ia, e fetaui ma aia tatau a le Dashboard lava ia, lea . E manino lava, e le fetaui lenei mea mo tagata uma, ae mo la matou mataupu na foliga mai ua lava.
Faatasi ai ma tulaga le lelei i totonu o le Dashboard lava ia, ou te matauina mea nei:
- e le mafai ona alu i totonu o le faʻamafanafanaga o le atigipusa init;
- e le mafai ona fa'asa'o Deployments ma StatefulSets, e ui lava e mafai ona fa'amauina i ClusterRole;
- Ole fetaui ole Dashboard ma lomiga fou a Kubernetes ma le lumana'i ole poloketi e tula'i mai ai ni fesili.
O le faafitauli mulimuli e tatau ona gauai faapitoa.
Tulaga Dashboard ma isi mea
Laupapa feso'ota'iga ma fa'asalalauga Kubernetes, o lo'o tu'uina atu i le lomiga fou o le poloketi (), le fiafia tele:
E ui lava i lea, e iai (ua uma ona faʻaaogaina ia Ianuari) , lea e fa'ailoa ai le lagolago mo K8s 1.13. E le gata i lea, i totonu o mataupu faʻatino e mafai ona e mauaina faʻamatalaga i tagata faʻaoga o loʻo galulue ma le laulau ile K8s 1.14. Mulimuli ane, i totonu o le faavae code o le poloketi aua le taofi. O lea (a itiiti ifo!) O le tulaga moni o le poloketi e le o se mea leaga e pei ona foliga mai muamua mai le laulau fesoʻotaʻiga aloaia.
Ma le mea mulimuli, o loʻo i ai isi mea i le Dashboard. Faatasi ai ma i latou:
- - o se atinaʻe talavou (o le mea muamua na tuʻuina atu i tua ia Mati o lenei tausaga), lea ua uma ona ofoina atu foliga lelei, e pei o se faʻaaliga vaaia o le tulaga o loʻo iai nei o le fuifui ma le puleaina o ana mea faitino. Fa'atūina o se "fa'aoga taimi moni", ona fa'afou otometi fa'amatalaga fa'aalia e aunoa ma le mana'omia o oe e fa'afou le itulau i le su'esu'ega.
- - o se 'upega tafaʻilagi mai le Red Hat OpenShift, e ui i lea, o le a aumaia isi atinaʻe o le poloketi i lau fuifui, lea e le fetaui mo tagata uma.
- o se galuega manaia, faia e pei o se tulaga maualalo (nai lo Dashboard) faʻafesoʻotaʻi ma le gafatia e matamata ai mea faʻapipiʻi uma. Ae peitai, e foliga mai ua taofia lona atinae.
- - na o le isi aso o se poloketi e tuʻufaʻatasia galuega a se laulau (faʻaalia le tulaga o loʻo i ai nei o le fuifui, ae le pulea ana mea) ma otometi le "faʻamaonia o faiga sili ona lelei" (siaki le fuifui mo le saʻo o faʻatonuga o Deployments o loʻo taʻavale i totonu).
Ae le o faaiuga
Dashboard ose meafaigaluega masani mo fuifui Kubernetes matou te tautuaina. O lona tu'ufa'atasia ma GitLab ua avea fo'i ma vaega o la matou fa'apipi'i fa'aletonu, ona o le to'atele o tagata atia'e o lo'o fiafia e uiga i mea latou te mafaia i lenei laulau.
Kubernetes Dashboard i lea taimi ma lea taimi e i ai isi mea mai le Open Source community (ma matou te fiafia e mafaufau i ai), ae i le taimi nei matou te tumau i lenei fofo.
SALA
Faitau foi i la matou blog:
- «";
- «";
- «";
- «".
puna: www.habr.com