Kubatanidzwa kweKubernetes Dashboard uye GitLab Vashandisi

Kubernetes Dashboard chishandiso chiri nyore-kushandisa chekuwana ruzivo rwemazuva ano nezve cluster inomhanya uye kushomeka kwekutonga kwayo. Iwe unotanga kuzvikoshesa zvakanyanya kana kuwana kweaya hunyanzvi kuchidikanwa kwete chete nevatungamiriri / DevOps mainjiniya, asiwo nevaya vasina kujaira kunyaradza uye / kana vasingadi kubata nekunetsekana kwese kwekudyidzana ne kubectl uye. zvimwe zvinoshandiswa. Izvi zvakaitika nesu: vagadziri vaida kukurumidza kuwana iyo Kubernetes web interface, uye sezvo isu tichishandisa GitLab, mhinduro yakauya yega.

Sei izvi?

Vagadziri vakananga vanogona kufarira chishandiso chakaita seK8s Dashboard chekugadzirisa mabasa. Dzimwe nguva iwe unoda kuona matanda uye zviwanikwa, uye dzimwe nguva kuuraya mapods, chiyero Deployments/StatefulSets, uye kunyange kuenda kucontainer console (kunewo zvikumbiro izvo, zvisinei, kune imwe nzira - semuenzaniso, kuburikidza kubectl-debug).

Mukuwedzera, pane nguva yepfungwa yevatungamiri pavanenge vachida kutarisa boka racho - kuona kuti "zvose zvakasvibirira", uye nokudaro vanozvisimbisa kuti "zvose zviri kushanda" (izvo, zvechokwadi, zvine hukama ... asi izvi zviri kunze kwechikamu chechinyorwa).

Seyakajairika CI system yatinayo kuiswa GitLab: vese vanogadzira vanoishandisa zvakare. Naizvozvo, kuvapa mukana, zvaive zvine musoro kubatanidza Dashboard neGitLab account.

Ini ndichacherechedzawo kuti tinoshandisa NGINX Ingress. Kana ukashanda nevamwe ingress mhinduro, iwe unozofanirwa kutsvaga wakazvimirira analogues ezvinyorwa zvemvumo.

Kuedza kusanganisa

Dashboard kuiswa

Cherechedza: Kana uchizodzokorora nhanho dziri pazasi, zvino - kudzivirira mashandiro asina kufanira - tanga waverenga kune kamusoro kanotevera.

Sezvo isu tichishandisa iyi yekubatanidza mune akawanda ekuisa, isu takaita otomatiki kuiswa kwayo. Mabviro anodiwa kune izvi anoburitswa mukati yakakosha GitHub repository. Iwo akavakirwa pane yakagadziridzwa zvishoma YAML zvigadziriso kubva official Dashboard repository, pamwe chete neBash script yekukurumidza kutumirwa.

Iyo script inoisa Dashboard musumbu uye inoigadzira kuti ibatanidzwe neGitLab:

$ ./ctl.sh  
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
 -i, --install                install into 'kube-system' namespace
 -u, --upgrade                upgrade existing installation, will reuse password and host names
 -d, --delete                 remove everything, including the namespace
     --gitlab-url             set gitlab url with schema (https://gitlab.example.com)
     --oauth2-id              set OAUTH2_PROXY_CLIENT_ID from gitlab
     --oauth2-secret          set OAUTH2_PROXY_CLIENT_SECRET from gitlab
     --dashboard-url          set dashboard url without schema (dashboard.example.com)
Optional arguments:
 -h, --help                   output this message

Nekudaro, usati waishandisa, unofanirwa kuenda kuGitLab: Admin nharaunda → Zvishandiso - uye wedzera chishandiso chitsva chepanera remangwana. Ngatizvidaidze "kubernetes dashboard":

Nekuda kwekuwedzera, GitLab ichapa iwo hashes:

Ndidzo dzinoshandiswa senharo kune script. Nekuda kweizvozvo, kuiswa kunoratidzika seizvi:

$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.com

Mushure meizvozvo, ngatitarisei kuti zvese zvakatanga:

$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp   1/1       Running   0          14s
oauth2-proxy-5586ccf95c-czp2v           1/1       Running   0          14s

Nokukurumidza kana kuti gare gare zvinhu zvose zvichatanga, zvisinei mvumo haishande nekukasika! Icho chokwadi ndechekuti mumufananidzo wakashandiswa (mamiriro mune mamwe mifananidzo akafanana) maitiro ekubata redirect mucallback anoitwa zvisizvo. Aya mamiriro anotungamira kune chokwadi chekuti mhiko inodzima cookie iyo mhiko pachayo inopa kwatiri ...

Dambudziko rinogadziriswa nekuvaka yako wega mufananidzo wemhiko nechigamba.

Patch oauth uye dzorera zvakare

Kuti tiite izvi, isu tichashandisa inotevera Dockerfile:

FROM golang:1.9-alpine3.7
WORKDIR /go/src/github.com/bitly/oauth2_proxy

RUN apk --update add make git build-base curl bash ca-certificates wget 
&& update-ca-certificates 
&& curl -sSO https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm 
&& chmod +x gpm 
&& mv gpm /usr/local/bin
RUN git clone https://github.com/bitly/oauth2_proxy.git . 
&& git checkout bfda078caa55958cc37dcba39e57fc37f6a3c842  
ADD rd.patch .
RUN patch -p1 < rd.patch 
&& ./dist.sh

FROM alpine:3.7
RUN apk --update add curl bash  ca-certificates && update-ca-certificates
COPY --from=0 /go/src/github.com/bitly/oauth2_proxy/dist/ /bin/

EXPOSE 8080 4180
ENTRYPOINT [ "/bin/oauth2_proxy" ]
CMD [ "--upstream=http://0.0.0.0:8080/", "--http-address=0.0.0.0:4180" ]

Uye hezvino zvinoita rd.patch patch pachayo

diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
 
echo "... running tests"
-./test.sh
+#./test.sh
 
-for os in windows linux darwin; do
-    echo "... building v$version for $os/$arch"
-    EXT=
-    if [ $os = windows ]; then
-        EXT=".exe"
-    fi
-    BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
-    TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
-    FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
-    GOOS=$os GOARCH=$arch CGO_ENABLED=0 
-        go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
-    pushd $BUILD/$TARGET
-    sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
-    cd .. && tar czvf $TARGET.tar.gz $TARGET
-    mv $TARGET.tar.gz $DIR/dist
-    popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0 
+    go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
  
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
       if redirect_url == p.SignInPath {
               redirect_url = "/"
       }
-
+       if req.FormValue("rd") != "" {
+               redirect_url = req.FormValue("rd")
+       }
       t := struct {
               ProviderName  string
               SignInMessage string

Iye zvino unogona kuvaka mufananidzo uye wousundira muGitLab yedu. Next in manifests/kube-dashboard-oauth2-proxy.yaml ratidza kushandiswa kwechifananidzo chaunoda (chitsive nechako):

 image: docker.io/colemickens/oauth2_proxy:latest

Kana iwe uine registry yakavharwa nemvumo, usakanganwa kuwedzera kushandiswa kwechakavanzika chekudhonza mifananidzo:

      imagePullSecrets:
     - name: gitlab-registry

... uye wedzera chakavanzika pachacho chekunyoresa:

---
apiVersion: v1
data:
 .dockercfg: eyJyZWdpc3RyeS5jb21wYW55LmNvbSI6IHsKICJ1c2VybmFtZSI6ICJvYXV0aDIiLAogInBhc3N3b3JkIjogIlBBU1NXT1JEIiwKICJhdXRoIjogIkFVVEhfVE9LRU4iLAogImVtYWlsIjogIm1haWxAY29tcGFueS5jb20iCn0KfQoK
=
kind: Secret
metadata:
 annotations:
 name: gitlab-registry
 namespace: kube-system
type: kubernetes.io/dockercfg

Muverengi anoteerera achaona kuti tambo refu iri pamusoro iri base64 kubva kune config:

{"registry.company.com": {
 "username": "oauth2",
 "password": "PASSWORD",
 "auth": "AUTH_TOKEN",
 "email": "[email protected]"
}
}

Iri ndiro data remushandisi muGitLab, iyo Kubernetes kodhi inodhonza mufananidzo kubva kune registry.

Mushure mekunge zvese zvaitwa, unogona kubvisa ikozvino (isiri kushanda nemazvo) Dashboard kuisirwa nemurairo:

$ ./ctl.sh -d

... uye isa zvese zvakare:

$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.com

Yave nguva yekuenda kuDashboard wotsvaga bhatani rekupinda rekare:

Mushure mekudzvanya pairi, GitLab ichatikwazisa, ichipa kupinda kune yayo yakajairika peji (hongu, kana isu tisina kumbopindamo):

Isu tinopinda neGitLab zvitupa - uye zvese zvinoitwa:

About Dashboard features

Kana iwe uri mugadziri asina kumboshanda naKubernetes kare, kana nekuda kwechimwe chikonzero usati wambosangana neDashboard, ini ndicharatidza humwe hugonero hwayo.

Kutanga, iwe unogona kuona kuti "zvese zvakasvibira":

Yakawanda yakadzama data inowanikwawo kune pods, senge nharaunda siyana, yakatorwa mufananidzo, kutanga nharo, uye mamiriro avo:

Deployments ine mastatus anooneka:

... uye mamwe mashoko:

... uye kune zvakare kugona kuyera kutumirwa:

Mhedzisiro yekuvhiya uku:

Pakati pezvimwe zvinobatsira zvakatotaurwa pakutanga kwechinyorwa kuona matanda:

... uye basa rekupinda mumudziyo wekoni yepodhi yakasarudzwa:

Semuenzaniso, iwe unogona zvakare kutarisa pamiganho / zvikumbiro pane node:

Ehe, aya haasi ese masimba epaneru, asi ndinovimba kuti iwe unowana iyo pfungwa yakajairika.

Kuipa kwekubatanidzwa uye Dashboard

Mukubatanidza kwakatsanangurwa hakuna access control. Nayo, vese vashandisi vane chero mukana weGitLab vanowana mukana weDashboard. Vane mukana wakafanana muDashboard pachayo, inoenderana nekodzero dzeDashboard pachayo, iyo zvinotsanangurwa muRBAC. Zviripachena, izvi hazvina kukodzera kumunhu wese, asi kune yedu nyaya yakave yakakwana.

Pakati pezvakashata zvinoonekwa muDashboard pachayo, ini ndinocherekedza zvinotevera:

• hazvibviri kupinda mu console yeinit container;
• hazvibviri kugadzirisa Deployments uye StatefulSets, kunyangwe izvi zvichigona kugadziriswa muClusterRole;
• Kuenderana kweDashboard neshanduro dzichangoburwa dzeKubernetes uye ramangwana repurojekiti inomutsa mibvunzo.

Dambudziko rekupedzisira rinofanirwa kutariswa zvakanyanya.

Dashboard mamiriro uye dzimwe nzira

Dashboard inoenderana tafura neKubernetes kuburitswa, inoratidzwa mune yazvino vhezheni yeprojekiti (v1.10.1), kwete kufara zvakanyanya:

Pasinei neizvi, pane (yakatogamuchirwa muna Ndira) PR #3476, iyo inozivisa rutsigiro rweK8s 1.13. Mukuwedzera, pakati pezvirongwa zveprojekiti iwe unogona kuwana mareferensi kune vashandisi vanoshanda nepaneru muK8s 1.14. Pakupedzisira, anoita muchikamu chekodhi yeprojekiti usamire. Saka (zvishoma!) Mamiriro chaiwo eprojekiti haana kushata sezvaangangoita sekutanga kubva patafura yepamutemo inoenderana.

Pakupedzisira, kune dzimwe nzira dzeDashboard. Pakati pavo:

1. K8Dash - yechidiki interface (yekutanga inozvipira yakadzokera munaKurume wegore rino), iyo inotopa zvinhu zvakanaka, senge chiratidziro chechimiro chechimiro chazvino chesumbu uye manejimendi ezvinhu zvaro. Yakaiswa se "chaiyo-nguva interface", nekuti inogadziridza otomatiki data rakaratidzwa pasina kukuda kuti uvandudze peji mubrowser.
2. OpenShift Console - web interface kubva kuRed Hat OpenShift, iyo, zvisinei, ichaunza zvimwe zviitiko zvepurojekiti kuboka rako, risina kukodzera munhu wose.
3. Kubernator ipurojekiti inonakidza, yakagadzirwa seyepasi-pamwero (kupfuura Dashboard) interface ine kugona kuona zvese sumbu zvinhu. Zvisinei, zvinoita sekunge kusimukira kwayo kwamira.
4. Polaris - rimwe zuva chete yakaziviswa purojekiti inosanganisa mabasa epaneru (inoratidza mamiriro azvino eboka, asi isingatarisi zvinhu zvayo) uye otomatiki "kusimbiswa kwemaitiro akanakisa" (inotarisa cluster yekurongeka kwezvirongwa zveDeployments inomhanya mairi).

Panzvimbo yemhedziso

Dashboard chishandiso chakajairwa cheKubernetes masumbu atinoshandira. Kubatanidzwa kwayo neGitLab kwavewo chikamu chekugadzika kwedu kuisirwa, sezvo vazhinji vanogadzira vari kufara nehunyanzvi hwavanahwo nepaneri iyi.

Kubernetes Dashboard nguva nenguva ine dzimwe nzira kubva kune Open Source nharaunda (uye isu tinofara kuzvifunga), asi panguva ino isu tinoramba tine iyi mhinduro.

PS

Verenga zvakare pablog yedu:

• «kubebox uye mamwe mabhomba eKubernetes";
• «Yakanakisa CI/CD maitiro neKubernetes uye GitLab (wongororo uye vhidhiyo mushumo)";
• «Vaka uye tumira zvikumbiro muKubernetes uchishandisa dapp uye GitLab CI";
• «GitLab CI yekuenderera mberi nekubatanidzwa uye kuendesa mukugadzira. Chikamu 1: pombi yedu".

Source: www.habr.com