Kubernetes Dashboard chishandiso chiri nyore-kushandisa chekuwana ruzivo rwemazuva ano nezve cluster inomhanya uye kushomeka kwekutonga kwayo. Iwe unotanga kuzvikoshesa zvakanyanya kana kuwana kweaya hunyanzvi kuchidikanwa kwete chete nevatungamiriri / DevOps mainjiniya, asiwo nevaya vasina kujaira kunyaradza uye / kana vasingadi kubata nekunetsekana kwese kwekudyidzana ne kubectl uye. zvimwe zvinoshandiswa. Izvi zvakaitika nesu: vagadziri vaida kukurumidza kuwana iyo Kubernetes web interface, uye sezvo isu tichishandisa GitLab, mhinduro yakauya yega.
Sei izvi?
Vagadziri vakananga vanogona kufarira chishandiso chakaita seK8s Dashboard chekugadzirisa mabasa. Dzimwe nguva iwe unoda kuona matanda uye zviwanikwa, uye dzimwe nguva kuuraya mapods, chiyero Deployments/StatefulSets, uye kunyange kuenda kucontainer console (kunewo zvikumbiro izvo, zvisinei, kune imwe nzira - semuenzaniso, kuburikidza
Mukuwedzera, pane nguva yepfungwa yevatungamiri pavanenge vachida kutarisa boka racho - kuona kuti "zvose zvakasvibirira", uye nokudaro vanozvisimbisa kuti "zvose zviri kushanda" (izvo, zvechokwadi, zvine hukama ... asi izvi zviri kunze kwechikamu chechinyorwa).
Seyakajairika CI system yatinayo
Ini ndichacherechedzawo kuti tinoshandisa NGINX Ingress. Kana ukashanda nevamwe
Kuedza kusanganisa
Dashboard kuiswa
Cherechedza: Kana uchizodzokorora nhanho dziri pazasi, zvino - kudzivirira mashandiro asina kufanira - tanga waverenga kune kamusoro kanotevera.
Sezvo isu tichishandisa iyi yekubatanidza mune akawanda ekuisa, isu takaita otomatiki kuiswa kwayo. Mabviro anodiwa kune izvi anoburitswa mukati
Iyo script inoisa Dashboard musumbu uye inoigadzira kuti ibatanidzwe neGitLab:
$ ./ctl.sh
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
-i, --install install into 'kube-system' namespace
-u, --upgrade upgrade existing installation, will reuse password and host names
-d, --delete remove everything, including the namespace
--gitlab-url set gitlab url with schema (https://gitlab.example.com)
--oauth2-id set OAUTH2_PROXY_CLIENT_ID from gitlab
--oauth2-secret set OAUTH2_PROXY_CLIENT_SECRET from gitlab
--dashboard-url set dashboard url without schema (dashboard.example.com)
Optional arguments:
-h, --help output this message
Nekudaro, usati waishandisa, unofanirwa kuenda kuGitLab: Admin nharaunda β Zvishandiso - uye wedzera chishandiso chitsva chepanera remangwana. Ngatizvidaidze "kubernetes dashboard":
Nekuda kwekuwedzera, GitLab ichapa iwo hashes:
Ndidzo dzinoshandiswa senharo kune script. Nekuda kweizvozvo, kuiswa kunoratidzika seizvi:
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e⦠--oauth2-secret 6b79168f⦠--dashboard-url dashboard.example.com
Mushure meizvozvo, ngatitarisei kuti zvese zvakatanga:
$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp 1/1 Running 0 14s
oauth2-proxy-5586ccf95c-czp2v 1/1 Running 0 14s
Nokukurumidza kana kuti gare gare zvinhu zvose zvichatanga, zvisinei mvumo haishande nekukasika! Icho chokwadi ndechekuti mumufananidzo wakashandiswa (mamiriro mune mamwe mifananidzo akafanana) maitiro ekubata redirect mucallback anoitwa zvisizvo. Aya mamiriro anotungamira kune chokwadi chekuti mhiko inodzima cookie iyo mhiko pachayo inopa kwatiri ...
Dambudziko rinogadziriswa nekuvaka yako wega mufananidzo wemhiko nechigamba.
Patch oauth uye dzorera zvakare
Kuti tiite izvi, isu tichashandisa inotevera Dockerfile:
FROM golang:1.9-alpine3.7
WORKDIR /go/src/github.com/bitly/oauth2_proxy
RUN apk --update add make git build-base curl bash ca-certificates wget
&& update-ca-certificates
&& curl -sSO https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm
&& chmod +x gpm
&& mv gpm /usr/local/bin
RUN git clone https://github.com/bitly/oauth2_proxy.git .
&& git checkout bfda078caa55958cc37dcba39e57fc37f6a3c842
ADD rd.patch .
RUN patch -p1 < rd.patch
&& ./dist.sh
FROM alpine:3.7
RUN apk --update add curl bash ca-certificates && update-ca-certificates
COPY --from=0 /go/src/github.com/bitly/oauth2_proxy/dist/ /bin/
EXPOSE 8080 4180
ENTRYPOINT [ "/bin/oauth2_proxy" ]
CMD [ "--upstream=http://0.0.0.0:8080/", "--http-address=0.0.0.0:4180" ]
Uye hezvino zvinoita rd.patch patch pachayo
diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
echo "... running tests"
-./test.sh
+#./test.sh
-for os in windows linux darwin; do
- echo "... building v$version for $os/$arch"
- EXT=
- if [ $os = windows ]; then
- EXT=".exe"
- fi
- BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
- TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
- FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
- GOOS=$os GOARCH=$arch CGO_ENABLED=0
- go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
- pushd $BUILD/$TARGET
- sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
- cd .. && tar czvf $TARGET.tar.gz $TARGET
- mv $TARGET.tar.gz $DIR/dist
- popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0
+ go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
if redirect_url == p.SignInPath {
redirect_url = "/"
}
-
+ if req.FormValue("rd") != "" {
+ redirect_url = req.FormValue("rd")
+ }
t := struct {
ProviderName string
SignInMessage string
Iye zvino unogona kuvaka mufananidzo uye wousundira muGitLab yedu. Next in manifests/kube-dashboard-oauth2-proxy.yaml
ratidza kushandiswa kwechifananidzo chaunoda (chitsive nechako):
image: docker.io/colemickens/oauth2_proxy:latest
Kana iwe uine registry yakavharwa nemvumo, usakanganwa kuwedzera kushandiswa kwechakavanzika chekudhonza mifananidzo:
imagePullSecrets:
- name: gitlab-registry
... uye wedzera chakavanzika pachacho chekunyoresa:
---
apiVersion: v1
data:
.dockercfg: eyJyZWdpc3RyeS5jb21wYW55LmNvbSI6IHsKICJ1c2VybmFtZSI6ICJvYXV0aDIiLAogInBhc3N3b3JkIjogIlBBU1NXT1JEIiwKICJhdXRoIjogIkFVVEhfVE9LRU4iLAogImVtYWlsIjogIm1haWxAY29tcGFueS5jb20iCn0KfQoK
=
kind: Secret
metadata:
annotations:
name: gitlab-registry
namespace: kube-system
type: kubernetes.io/dockercfg
Muverengi anoteerera achaona kuti tambo refu iri pamusoro iri base64 kubva kune config:
{"registry.company.com": {
"username": "oauth2",
"password": "PASSWORD",
"auth": "AUTH_TOKEN",
"email": "[email protected]"
}
}
Iri ndiro data remushandisi muGitLab, iyo Kubernetes kodhi inodhonza mufananidzo kubva kune registry.
Mushure mekunge zvese zvaitwa, unogona kubvisa ikozvino (isiri kushanda nemazvo) Dashboard kuisirwa nemurairo:
$ ./ctl.sh -d
... uye isa zvese zvakare:
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e⦠--oauth2-secret 6b79168f⦠--dashboard-url dashboard.example.com
Yave nguva yekuenda kuDashboard wotsvaga bhatani rekupinda rekare:
Mushure mekudzvanya pairi, GitLab ichatikwazisa, ichipa kupinda kune yayo yakajairika peji (hongu, kana isu tisina kumbopindamo):
Isu tinopinda neGitLab zvitupa - uye zvese zvinoitwa:
About Dashboard features
Kana iwe uri mugadziri asina kumboshanda naKubernetes kare, kana nekuda kwechimwe chikonzero usati wambosangana neDashboard, ini ndicharatidza humwe hugonero hwayo.
Kutanga, iwe unogona kuona kuti "zvese zvakasvibira":
Yakawanda yakadzama data inowanikwawo kune pods, senge nharaunda siyana, yakatorwa mufananidzo, kutanga nharo, uye mamiriro avo:
Deployments ine mastatus anooneka:
... uye mamwe mashoko:
... uye kune zvakare kugona kuyera kutumirwa:
Mhedzisiro yekuvhiya uku:
Pakati pezvimwe zvinobatsira zvakatotaurwa pakutanga kwechinyorwa kuona matanda:
... uye basa rekupinda mumudziyo wekoni yepodhi yakasarudzwa:
Semuenzaniso, iwe unogona zvakare kutarisa pamiganho / zvikumbiro pane node:
Ehe, aya haasi ese masimba epaneru, asi ndinovimba kuti iwe unowana iyo pfungwa yakajairika.
Kuipa kwekubatanidzwa uye Dashboard
Mukubatanidza kwakatsanangurwa hakuna access control. Nayo, vese vashandisi vane chero mukana weGitLab vanowana mukana weDashboard. Vane mukana wakafanana muDashboard pachayo, inoenderana nekodzero dzeDashboard pachayo, iyo
Pakati pezvakashata zvinoonekwa muDashboard pachayo, ini ndinocherekedza zvinotevera:
- hazvibviri kupinda mu console yeinit container;
- hazvibviri kugadzirisa Deployments uye StatefulSets, kunyangwe izvi zvichigona kugadziriswa muClusterRole;
- Kuenderana kweDashboard neshanduro dzichangoburwa dzeKubernetes uye ramangwana repurojekiti inomutsa mibvunzo.
Dambudziko rekupedzisira rinofanirwa kutariswa zvakanyanya.
Dashboard mamiriro uye dzimwe nzira
Dashboard inoenderana tafura neKubernetes kuburitswa, inoratidzwa mune yazvino vhezheni yeprojekiti (
Pasinei neizvi, pane (yakatogamuchirwa muna Ndira)
Pakupedzisira, kune dzimwe nzira dzeDashboard. Pakati pavo:
-
K8Dash - yechidiki interface (yekutanga inozvipira yakadzokera munaKurume wegore rino), iyo inotopa zvinhu zvakanaka, senge chiratidziro chechimiro chechimiro chazvino chesumbu uye manejimendi ezvinhu zvaro. Yakaiswa se "chaiyo-nguva interface", nekuti inogadziridza otomatiki data rakaratidzwa pasina kukuda kuti uvandudze peji mubrowser. -
OpenShift Console - web interface kubva kuRed Hat OpenShift, iyo, zvisinei, ichaunza zvimwe zviitiko zvepurojekiti kuboka rako, risina kukodzera munhu wose. -
Kubernator ipurojekiti inonakidza, yakagadzirwa seyepasi-pamwero (kupfuura Dashboard) interface ine kugona kuona zvese sumbu zvinhu. Zvisinei, zvinoita sekunge kusimukira kwayo kwamira. -
Polaris - rimwe zuva cheteyakaziviswa purojekiti inosanganisa mabasa epaneru (inoratidza mamiriro azvino eboka, asi isingatarisi zvinhu zvayo) uye otomatiki "kusimbiswa kwemaitiro akanakisa" (inotarisa cluster yekurongeka kwezvirongwa zveDeployments inomhanya mairi).
Panzvimbo yemhedziso
Dashboard chishandiso chakajairwa cheKubernetes masumbu atinoshandira. Kubatanidzwa kwayo neGitLab kwavewo chikamu chekugadzika kwedu kuisirwa, sezvo vazhinji vanogadzira vari kufara nehunyanzvi hwavanahwo nepaneri iyi.
Kubernetes Dashboard nguva nenguva ine dzimwe nzira kubva kune Open Source nharaunda (uye isu tinofara kuzvifunga), asi panguva ino isu tinoramba tine iyi mhinduro.
PS
Verenga zvakare pablog yedu:
- Β«
kubebox uye mamwe mabhomba eKubernetes "; - Β«
Yakanakisa CI/CD maitiro neKubernetes uye GitLab (wongororo uye vhidhiyo mushumo) "; - Β«
Vaka uye tumira zvikumbiro muKubernetes uchishandisa dapp uye GitLab CI "; - Β«
GitLab CI yekuenderera mberi nekubatanidzwa uye kuendesa mukugadzira. Chikamu 1: pombi yedu ".
Source: www.habr.com