Is dhexgalka Kubernetes Dashboardka iyo Isticmaalayaasha GitLab

Kubernetes Dashboard waa qalab si fudud loo isticmaali karo si aad u hesho macluumaad cusub oo ku saabsan kooxdaada socodsiinta iyo maaraynta dadaalka ugu yar. Waxaad bilaabaysaa inaad si ka sii badan uga mahadceliso marka marin u helka astaamahan loo baahan yahay oo keliya ma aha maamulayaasha / injineerada DevOps, laakiin sidoo kale kuwa aan la qabsan konsole-ka iyo/ama aan doonaynin inay wax ka qabtaan dhammaan qallafsanaanta la falgalka kubectl iyo adeegyada kale. Tani waxay nagu dhacday: horumariyayaashu waxay rabeen inay si degdeg ah u galaan shabakadda Kubernetes, iyo tan iyo markii aan isticmaalno GitLab, xalku si dabiici ah ayuu u yimid.

Waa maxay sababta tani?

Horumarinta tooska ah ayaa laga yaabaa inay xiisaynayso aalad sida K8s Dashboard-ka ee hawlaha ciribtirka. Mararka qaarkood waxaad dooneysaa inaad aragto diiwaannada iyo agabka, oo mararka qaarkood aad disho boodhadhka, cabbirka Deployments/StatefulSets oo aad xitaa aado konteenarka (waxaa sidoo kale jira codsiyo, si kastaba ha ahaatee, waxaa jira hab kale - tusaale ahaan, iyada oo loo marayo). kubectl-debug).

Intaa waxaa dheer, waxaa jira daqiiqad maskaxeed oo loogu talagalay maamulayaasha marka ay rabaan inay eegaan kooxda - si ay u arkaan "wax walba waa cagaar", oo sidaas darteed naftooda u xaqiijiya in "wax walbaa ay shaqeynayaan" (taas oo, dabcan, aad u qaraabo ... laakiin tani waa ka baxsan baaxadda maqaalka).

Sida nidaamka caadiga ah CI waxaan leenahay codsatay GitLab: dhammaan horumariyayaashu sidoo kale way isticmaalaan. Sidaa darteed, si loo siiyo marin u helka, waxay ahayd macquul in lagu daro Dashboardka akoonnada GitLab.

Waxaan sidoo kale ogaan doonaa inaan isticmaalno NGINX Ingress. Haddii aad la shaqeyso kuwa kale xal u galitaanka, waxaad u baahan doontaa inaad si madax-bannaan u heshid analoogyada tafsiirrada oggolaanshaha.

Isku day is dhexgalka

Ku rakibida dashboard-ka

Digniin: Haddii aad ku celinayso tillaabooyinka hoose, ka dib - si aad uga fogaato hawlgallada aan loo baahnayn - u akhri ciwaan hoose ee xiga marka hore.

Tan iyo markii aan u isticmaalno isku dhafkan qalabyo badan, waxaan si otomaatig ah u dhignay rakibadeedii. Ilaha loo baahan yahay tan waxaa lagu daabacay kaydka gaarka ah ee GitHub. Waxay ku salaysan yihiin qaabaynta YAML waxyar laga beddelay Kaydka Dashboard-ka rasmiga ah, iyo sidoo kale qoraalka Bash ee meelaynta degdega ah.

Qoraalku wuxuu ku rakibaa Dashboardka kooxda wuxuuna u habeeyaa la dhexgalka GitLab:

$ ./ctl.sh  
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
 -i, --install                install into 'kube-system' namespace
 -u, --upgrade                upgrade existing installation, will reuse password and host names
 -d, --delete                 remove everything, including the namespace
     --gitlab-url             set gitlab url with schema (https://gitlab.example.com)
     --oauth2-id              set OAUTH2_PROXY_CLIENT_ID from gitlab
     --oauth2-secret          set OAUTH2_PROXY_CLIENT_SECRET from gitlab
     --dashboard-url          set dashboard url without schema (dashboard.example.com)
Optional arguments:
 -h, --help                   output this message

Si kastaba ha noqotee, ka hor intaadan isticmaalin, waxaad u baahan tahay inaad aado GitLab: Aagga Maamulka → Codsiyada - oo ku dar codsi cusub guddiga mustaqbalka. Aan ugu yeerno "kubernetes dashboard":

Natiijada ku darista, GitLab ayaa bixin doonta xashiishyada:

Waa kuwa loo adeegsado doodaha qoraalka. Natiijo ahaan, rakibiddu waxay u egtahay sidan:

$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.com

Intaa ka dib, aynu eegno in wax walba ay bilaabeen:

$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp   1/1       Running   0          14s
oauth2-proxy-5586ccf95c-czp2v           1/1       Running   0          14s

Si kastaba ha ahaatee, hadhow ama hadhow wax walba way bilaaban doonaan oggolaanshaha isla markiiba ma shaqayn doono! Xaqiiqdu waxay tahay in sawirka la isticmaalo (xaaladda sawirada kale waxay la mid tahay) habka qabashada dib-u-dejinta dib-u-celinta ayaa si khaldan loo hirgeliyaa. Xaaladan ayaa keenaysa in dhaartu ay tirtirto buskudka uu dhaarta laftiisu ina siinayo...

Dhibaatada waxaa lagu xalliyaa in la dhiso sawirkaaga dhaarta oo leh balastar.

Patch dhaarta oo dib u rakib

Si tan loo sameeyo, waxaan isticmaali doonaa Dockerfile soo socda:

FROM golang:1.9-alpine3.7
WORKDIR /go/src/github.com/bitly/oauth2_proxy

RUN apk --update add make git build-base curl bash ca-certificates wget 
&& update-ca-certificates 
&& curl -sSO https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm 
&& chmod +x gpm 
&& mv gpm /usr/local/bin
RUN git clone https://github.com/bitly/oauth2_proxy.git . 
&& git checkout bfda078caa55958cc37dcba39e57fc37f6a3c842  
ADD rd.patch .
RUN patch -p1 < rd.patch 
&& ./dist.sh

FROM alpine:3.7
RUN apk --update add curl bash  ca-certificates && update-ca-certificates
COPY --from=0 /go/src/github.com/bitly/oauth2_proxy/dist/ /bin/

EXPOSE 8080 4180
ENTRYPOINT [ "/bin/oauth2_proxy" ]
CMD [ "--upstream=http://0.0.0.0:8080/", "--http-address=0.0.0.0:4180" ]

Oo halkan waa waxa rd.patch patch laftiisa u eg yahay

diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
 
echo "... running tests"
-./test.sh
+#./test.sh
 
-for os in windows linux darwin; do
-    echo "... building v$version for $os/$arch"
-    EXT=
-    if [ $os = windows ]; then
-        EXT=".exe"
-    fi
-    BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
-    TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
-    FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
-    GOOS=$os GOARCH=$arch CGO_ENABLED=0 
-        go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
-    pushd $BUILD/$TARGET
-    sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
-    cd .. && tar czvf $TARGET.tar.gz $TARGET
-    mv $TARGET.tar.gz $DIR/dist
-    popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0 
+    go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
  
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
       if redirect_url == p.SignInPath {
               redirect_url = "/"
       }
-
+       if req.FormValue("rd") != "" {
+               redirect_url = req.FormValue("rd")
+       }
       t := struct {
               ProviderName  string
               SignInMessage string

Hadda waxaad dhisi kartaa sawirka oo aad ku riixi kartaa GitLab-keena. Marka xigta manifests/kube-dashboard-oauth2-proxy.yaml Tilmaan isticmaalka sawirka la rabo (ku beddel adiga):

 image: docker.io/colemickens/oauth2_proxy:latest

Haddii aad haysato diiwaan ku xidhan oggolaansho, ha iloobin inaad ku darto isticmaalka sirta sawirada jiidid:

      imagePullSecrets:
     - name: gitlab-registry

... oo ku dar sirta lafteeda ee diiwaanka:

---
apiVersion: v1
data:
 .dockercfg: eyJyZWdpc3RyeS5jb21wYW55LmNvbSI6IHsKICJ1c2VybmFtZSI6ICJvYXV0aDIiLAogInBhc3N3b3JkIjogIlBBU1NXT1JEIiwKICJhdXRoIjogIkFVVEhfVE9LRU4iLAogImVtYWlsIjogIm1haWxAY29tcGFueS5jb20iCn0KfQoK
=
kind: Secret
metadata:
 annotations:
 name: gitlab-registry
 namespace: kube-system
type: kubernetes.io/dockercfg

Akhristaha fiiro gaar ah leh wuxuu arki doonaa in xadhigga dheer ee kor ku xusan uu yahay base64 oo ka yimid qaabka:

{"registry.company.com": {
 "username": "oauth2",
 "password": "PASSWORD",
 "auth": "AUTH_TOKEN",
 "email": "[email protected]"
}
}

Tani waa xogta isticmaalaha ee GitLab, code Kubernetes ayaa sawirka ka soo jiidan doona diiwaanka.

Ka dib markii wax walba la sameeyo, waxaad ka saari kartaa hadda (oo aan si sax ah u shaqeyn) Ku rakibida Dashboardka amarka:

$ ./ctl.sh -d

... oo mar kale ku rakib wax walba:

$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.com

Waa waqtigii aad tagi lahayd Dashboard-ka oo aad hesho badhanka soo gelida qadiimiga ah:

Kadib markaad gujiso, GitLab ayaa na salaami doonta, iyadoo bixinaysa inaan galno boggeeda caadiga ah (dabcan, haddii aynaan hore halkaas u gelin):

Waxaan ku galnay aqoonsiga GitLab - wax walbana waa la sameeyay:

Ku saabsan astaamaha Dashboard-ka

Haddii aad tahay horumariye aan horay ula soo shaqayn Kubernetes, ama sabab uun aadan ula kulmin Dashboard-ka hadda ka hor, waxaan tusi doonaa qaar ka mid ah awoodaheeda.

Marka hore, waxaad arki kartaa "wax walba waa cagaar":

Xog faahfaahsan oo dheeraad ah ayaa sidoo kale loo heli karaa pods, sida doorsoomayaasha deegaanka, sawirka la soo dejiyay, doodaha bilawga ah, iyo xaaladdooda:

Hawlgalinta waxay leedahay heerar muuqda:

...iyo faahfaahin kale:

... iyo sidoo kale waxaa jirta awoodda lagu cabbirayo geynta:

Natiijada qalliinkan:

Tilmaamo kale oo faa'iido leh oo hore loogu sheegay bilowga maqaalka waxaa ka mid ah daawashada diiwaannada:

iyo shaqada si aad u gasho konteenarka sanduuqa la doortay:

Tusaale ahaan, waxaad sidoo kale ka eegi kartaa xadka/codsiyada qanjidhada:

Dabcan, kuwani maaha dhammaan awoodaha guddiga, laakiin waxaan rajeynayaa inaad hesho fikradda guud.

Khasaaraha is dhexgalka iyo Dashboard-ka

Isdhexgalka lagu tilmaamay ma jiro xakamaynta gelitaanka. Iyada oo ay la socoto, dhammaan isticmaalayaasha wax kasta oo galaangal u leh GitLab waxay heli karaan Dashboard-ka. Waxay leeyihiin marin isku mid ah ee Dashboard-ka laftiisa, oo u dhiganta xuquuqaha Dashboard-ka laftiisa, kaas oo waxaa lagu qeexay RBAC. Sida iska cad, tani kuma habboona qof walba, laakiin kiiskeena waxay u soo baxday inay ku filan tahay.

Waxyeellooyinka muuqda ee ku jira Dashboard-ka laftiisa, waxaan u arkaa kuwan soo socda:

• waa wax aan suurtagal ahayn in la galo konsole ee weelka gudaha;
• Suurtagal maaha in la tafatiro Gelida iyo StatefulSets, in kasta oo tan lagu hagaajin karo ClusterRole;
• Waafaqsanaanta Dashboard-ka noocyadii ugu dambeeyay ee Kubernetes iyo mustaqbalka mashruuca ayaa dhalinaya su'aalo.

Dhibaatada ugu dambeysa waxay mudan tahay fiiro gaar ah.

Xaaladda dashboard-ka iyo beddelka

Jadwalka ku habboon ee dashboardka ee la sii daayo Kubernetes, oo lagu soo bandhigay noocii ugu dambeeyay ee mashruuca (v1.10.1), aan aad u faraxsanayn:

Iyadoo taasi jirto, waxaa jira (horey loo qaatay Janaayo) PR #3476, kaas oo ku dhawaaqaya taageerada K8s 1.13. Intaa waxaa dheer, arrimaha mashruuca ka mid ah waxaad ka heli kartaa tixraacyo isticmaalayaasha la shaqeeya guddiga ee K8s 1.14. Ugu dambeyntii, sameeyo galaan saldhigga code ee mashruuca ha joogsan. Markaa (ugu yaraan!) Xaaladda dhabta ah ee mashruucu maaha mid xun sida marka hore laga yaabo inay ka muuqato miiska iswaafajinta rasmiga ah.

Ugu dambayntii, waxa jira habab kale oo loo beddelo Dashboardka. Iyaga ka mid ah:

1. K8Dhaashka - interface da'da yar (marka ugu horeysa waxay ku dhaqaaqdaa taariikhda ilaa March ee sanadkan), kaas oo horey u soo bandhigay sifooyin wanaagsan, sida muuqaal muuqaal ah oo ku saabsan xaaladda hadda jirta ee kooxda iyo maareynta walxaha ay. Loo dhigay sidii "interface-waqtiga dhabta ah", sababtoo ah waxay si toos ah u cusbooneysiisaa xogta la soo bandhigay adiga oo aan u baahnayn inaad dib u cusbooneysiiso bogga browserka.
2. FurShift Console - Interface shabakad ka socota Red Hat OpenShift, kaas oo, si kastaba ha ahaatee, u keeni doona horumarinta kale ee mashruuca kooxdaada, taas oo aan ku haboonayn qof kasta.
3. Kubernator waa mashruuc xiiso leh, oo loo sameeyay isdhexgal heer hoose ah (marka loo eego Dashboardka) oo awood u leh inuu arko dhammaan walxaha kutlada. Si kastaba ha ahaatee, waxay u egtahay in horumarkeedu istaagay.
4. Polaris - maalin kale uun lagu dhawaaqay mashruuc isku-dhafan hawlaha guddida (waxay tusinaysaa xaaladda hadda kooxdu ku sugan tahay, laakiin aan maareyn walxaheeda) iyo si toos ah "xaqiijinta hababka ugu wanaagsan" (waxay hubinaysaa kutlada si ay u saxan yihiin qaabeynta Hawlgelinta ee ku dhex socota).

Halkii gunaanadka

Dashboard-ka waa aaladda caadiga ah ee kutlooyinka Kubernetes ee aan u adeegno. Ku biirinteeda GitLab waxay sidoo kale noqotay qayb ka mid ah rakibaaddayada caadiga ah, maadaama horumariyayaal badan ay ku faraxsan yihiin awoodaha ay ku leeyihiin guddigan.

Kubernetes Dashboard-ka xilliyada qaar waxa uu leeyahay beddelaadyo ka socda bulshada Isha Furan (waana ku faraxsanahay inaan tixgelinno iyaga), laakiin marxaladdan waxaan ku sii jirnaa xalkan.

PS

Sidoo kale ka akhri boggayaga:

• «kubebox iyo qolof kale oo loogu talagalay Kubernetes";
• «Dhaqamada CI/CD ee ugu Fiican ee Kubernetes iyo GitLab (dib u eegis iyo warbixin muuqaal ah)";
• «Dhis oo geyso codsiyada Kubernetes adiga oo isticmaalaya dapp iyo GitLab CI";
• «GitLab CI is dhexgalka joogtada ah iyo gaarsiinta wax soo saarka. Qaybta 1: dhuunteenna".

Source: www.habr.com