Kubernetes Dashboard ke sesebelisoa se bonolo ho se sebelisa bakeng sa ho fumana lintlha tsa morao-rao mabapi le sehlopha se sebetsang le taolo e fokolang ea sona. U qala ho e ananela le ho feta ha phihlello ea bokhoni bona e sa hlokehe feela ke batsamaisi / baenjiniere ba DevOps, empa hape le ke ba sa tloaelang ho khoasolla le / kapa ba sa ikemisetsa ho sebetsana le mathata ohle a ho sebelisana le kubectl le lisebelisoa tse ling. Sena se etsahetse le rona: bahlahisi ba ne ba batla phihlello e potlakileng ho sehokelo sa webo sa Kubernetes, mme kaha re sebelisa GitLab, tharollo e tlile ka tlhaho.
Hobaneng ho le joalo?
Baetsi ba ka kotloloho ba kanna ba khahloa ke sesebelisoa se kang K8s Dashboard bakeng sa mesebetsi ea ho lokisa liphoso. Ka linako tse ling u batla ho sheba li-log le lisebelisoa, 'me ka linako tse ling u bolaea li-pods, scale Deployments/StatefulSets, esita le ho ea ho console ea setshelo (ho boetse ho na le likopo tseo, leha ho le joalo, ho na le tsela e' ngoe - mohlala, ka ).
Ho phaella moo, ho na le nako ea kelello bakeng sa batsamaisi ha ba batla ho sheba sehlopha - ho bona hore "ntho e 'ngoe le e' ngoe e tala", 'me kahoo ba itšepe hore "ntho e' ngoe le e 'ngoe e sebetsa" (eo, ha e le hantle, e amanang haholo ... empa sena se ka nqane ho sebaka sa sengoloa).
Joalo ka sistimi e tloaelehileng ea CI eo re nang le eona GitLab: Bahlahisi bohle ba e sebelisa le bona. Ka hona, ho ba fa monyetla oa ho fihlella, ho ne ho utloahala ho kopanya Dashboard le li-account tsa GitLab.
Ke tla boela ke hlokomele hore re sebelisa NGINX Ingress. Haeba u sebetsa le ba bang , o tla hloka ho ikemela ho fumana li-analogue tsa litlatsetso bakeng sa tumello.
E leka ho kopanya
Ho kenya dashboard
Hlokomela: Haeba u tla pheta mehato e ka tlase, joale - ho qoba ts'ebetso e sa hlokahaleng - bala pele ho sehloohoana se latelang.
Kaha re sebelisa kopanyo ena lits'ebetsong tse ngata, re iketselitse eona. Mehloli e hlokahalang bakeng sa sena e hatisitsoe ho . Li ipapisitse le litlhophiso tsa YAML tse fetotsoeng hanyane ho tloha , hammoho le lengolo la Bash bakeng sa ho romelloa ka potlako.
Sengoloa se kenya Dashboard ka har'a sehlopha ebe se se hlophisa hore se kopanngoe le GitLab:
$ ./ctl.sh
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
-i, --install install into 'kube-system' namespace
-u, --upgrade upgrade existing installation, will reuse password and host names
-d, --delete remove everything, including the namespace
--gitlab-url set gitlab url with schema (https://gitlab.example.com)
--oauth2-id set OAUTH2_PROXY_CLIENT_ID from gitlab
--oauth2-secret set OAUTH2_PROXY_CLIENT_SECRET from gitlab
--dashboard-url set dashboard url without schema (dashboard.example.com)
Optional arguments:
-h, --help output this messageLeha ho le joalo, pele u e sebelisa, u lokela ho ea ho GitLab: Sebaka sa Tsamaiso → Likopo - 'me u kenye kopo e ncha bakeng sa phanele e tlang. Ha re e bitse "kubernetes dashboard":
Ka lebaka la ho e eketsa, GitLab e tla fana ka li-hashes:
Ke tsona tse sebelisoang e le likhang tsa mongolo. Ka lebaka leo, tlhomamiso e shebahala tjena:
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.comKa mor'a moo, a re hlahlobeng hore na tsohle li qalile joang:
$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp 1/1 Running 0 14s
oauth2-proxy-5586ccf95c-czp2v 1/1 Running 0 14sLeha ho le joalo, haufinyane ntho e 'ngoe le e' ngoe e tla qala tumello e ke ke ea sebetsa hang-hang! 'Nete ke hore setšoantšong se sebelisitsoeng (maemo a litšoantšong tse ling a tšoana) ts'ebetso ea ho ts'oara redirect ho callback e sebelisoa ka phoso. Maemo ana a lebisa tabeng ea hore kano e hlakola kuku eo kano ka boeona e re fang eona ...
Bothata bo rarolloa ka ho iketsetsa setšoantšo sa boitlamo ba hau ka patch.
Lokisetsa boitlamo 'me u kenye hape
Ho etsa sena, re tla sebelisa Dockerfile e latelang:
FROM golang:1.9-alpine3.7
WORKDIR /go/src/github.com/bitly/oauth2_proxy
RUN apk --update add make git build-base curl bash ca-certificates wget
&& update-ca-certificates
&& curl -sSO https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm
&& chmod +x gpm
&& mv gpm /usr/local/bin
RUN git clone https://github.com/bitly/oauth2_proxy.git .
&& git checkout bfda078caa55958cc37dcba39e57fc37f6a3c842
ADD rd.patch .
RUN patch -p1 < rd.patch
&& ./dist.sh
FROM alpine:3.7
RUN apk --update add curl bash ca-certificates && update-ca-certificates
COPY --from=0 /go/src/github.com/bitly/oauth2_proxy/dist/ /bin/
EXPOSE 8080 4180
ENTRYPOINT [ "/bin/oauth2_proxy" ]
CMD [ "--upstream=http://0.0.0.0:8080/", "--http-address=0.0.0.0:4180" ]'Me mona ke hore na patch ea rd.patch ka boeona e shebahala joang
diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
echo "... running tests"
-./test.sh
+#./test.sh
-for os in windows linux darwin; do
- echo "... building v$version for $os/$arch"
- EXT=
- if [ $os = windows ]; then
- EXT=".exe"
- fi
- BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
- TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
- FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
- GOOS=$os GOARCH=$arch CGO_ENABLED=0
- go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
- pushd $BUILD/$TARGET
- sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
- cd .. && tar czvf $TARGET.tar.gz $TARGET
- mv $TARGET.tar.gz $DIR/dist
- popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0
+ go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
if redirect_url == p.SignInPath {
redirect_url = "/"
}
-
+ if req.FormValue("rd") != "" {
+ redirect_url = req.FormValue("rd")
+ }
t := struct {
ProviderName string
SignInMessage string
Joale o ka haha sets'oants'o 'me oa se sutumelletsa ho GitLab ea rona. E latelang ho manifests/kube-dashboard-oauth2-proxy.yaml bontša tšebeliso ea setšoantšo se lakatsehang (enya sebaka ka sa hau):
image: docker.io/colemickens/oauth2_proxy:latestHaeba u na le ngoliso e koetsoeng ka tumello, u se ke oa lebala ho kenyelletsa ts'ebeliso ea lekunutu bakeng sa litšoantšo tse hulang:
imagePullSecrets:
- name: gitlab-registry... 'me u kenye sephiri ka boeona bakeng sa ngoliso:
---
apiVersion: v1
data:
.dockercfg: eyJyZWdpc3RyeS5jb21wYW55LmNvbSI6IHsKICJ1c2VybmFtZSI6ICJvYXV0aDIiLAogInBhc3N3b3JkIjogIlBBU1NXT1JEIiwKICJhdXRoIjogIkFVVEhfVE9LRU4iLAogImVtYWlsIjogIm1haWxAY29tcGFueS5jb20iCn0KfQoK
=
kind: Secret
metadata:
annotations:
name: gitlab-registry
namespace: kube-system
type: kubernetes.io/dockercfg'Mali ea hlokolosi o tla bona hore khoele e telele e ka holimo ke base64 ho tloha ho config:
{"registry.company.com": {
"username": "oauth2",
"password": "PASSWORD",
"auth": "AUTH_TOKEN",
"email": "[email protected]"
}
}Ena ke data ea mosebelisi ho GitLab, khoutu ea Kubernetes e tla hula setšoantšo ho tsoa ho registry.
Ka mor'a hore ntho e 'ngoe le e' ngoe e etsoe, u ka tlosa ea hona joale (e sa sebetse hantle) ho kenya Dashboard ka taelo:
$ ./ctl.sh -d... ebe o kenya tsohle hape:
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.comKe nako ea ho ea Dashboard 'me u fumane konopo ea khale ea ho kena:
Ka mor'a ho e tobetsa, GitLab e tla re lumelisa, e ithaopele ho kena leqepheng la eona le tloaelehileng (ehlile, haeba re e-s'o kene moo pele):
Re kena ka mangolo a GitLab - mme tsohle li entsoe:
Mabapi le likarolo tsa Dashboard
Haeba u moqapi ea e-s'o sebetse le Kubernetes pele, kapa feela ka lebaka le itseng ha u e-so kopane le Dashboard pele, ke tla bontša tse ling tsa bokhoni ba eona.
Taba ea pele, u ka bona hore "ntho e 'ngoe le e' ngoe e tala":
Lintlha tse qaqileng haholoanyane li fumaneha bakeng sa li-pods, joalo ka mefuta e fapaneng ea tikoloho, setšoantšo se jarollotsoeng, likhang tsa ho qala, le boemo ba tsona:
Ho romelloa ho na le maemo a bonahalang:
... le lintlha tse ling:
... mme ho boetse ho na le bokhoni ba ho eketsa phallo:
Sephetho sa ts'ebetso ena:
Har'a likarolo tse ling tsa bohlokoa tse seng li boletsoe qalong ea sengoloa ke ho shebella likutu:
... le mosebetsi oa ho kena ka har'a console ea setshelo sa pod e khethiloeng:
Mohlala, o ka sheba le meeli / likopo ho li-node:
Ehlile, tsena ha se bokhoni bohle ba phanele, empa ke ts'epa hore o tla fumana mohopolo o akaretsang.
Mathata a ho kopanya le Dashboard
Kopanong e hlalositsoeng ha ho na taolo ya phihlello. Ka eona, basebelisi bohle ba nang le phihlello ea GitLab ba fumana monyetla oa ho kena Dashboard. Ba na le phihlello e tšoanang ho Dashboard ka boeona, e tsamaellanang le litokelo tsa Dashboard ka boeona, e leng . Ho hlakile hore sena ha sea tšoanela motho e mong le e mong, empa molemong oa rona ho ile ha lekane.
Har'a bofokoli bo hlokomelehang ho Dashboard ka boeona, ke hlokomela tse latelang:
- ha ho khonehe ho kena ka har'a console ea sejana sa init;
- ha ho khonehe ho hlophisa Deployments le StatefulSets, leha sena se ka lokisoa ho ClusterRole;
- Ho lumellana ha Dashboard le liphetolelo tsa morao-rao tsa Kubernetes le bokamoso ba morero ho hlahisa lipotso.
Bothata ba ho qetela bo hloka tlhokomelo e khethehileng.
Boemo ba dashboard le mekhoa e meng
Tafole e tsamaellanang ea Dashboard le litokollo tsa Kubernetes, tse hlahisitsoeng mofuteng oa morao-rao oa morero (), ha kea thaba haholo:
Leha ho le joalo, ho na le (e se e amohetsoe ka Pherekhong) , e phatlalatsang tšehetso bakeng sa K8s 1.13. Ntle le moo, har'a litaba tsa projeke u ka fumana litšupiso ho basebelisi ba sebetsang le phanele ho K8s 1.14. Qetellong, ka har'a khoutu ea morero u se ke ua emisa. Kahoo (bonyane!) boemo ba 'nete ba morero ha bo bobe joalo ka ha bo ka bonahala pele ho tsoa tafoleng ea tumellano ea molao.
Qetellong, ho na le mekhoa e meng ho Dashboard. Har'a bona:
- - sehokelo sa bacha (boitlamo ba pele bo qalile ka Hlakubele selemong sena), se seng se ntse se fana ka likarolo tse ntle, joalo ka pontšo ea pono ea boemo ba hona joale ba sehlopha le taolo ea lintho tsa eona. E behiloe e le "sebopeho sa nako ea sebele", hobane e nchafatsa data e bonts'itsoeng ka bo eona ntle le ho hloka hore u khatholle leqephe ho sebatli.
- - segokanyimmediamentsi sa sebolokigolo ho tloha Red Hat OpenShift, eo, leha ho le joalo, e tla tlisa lintlafatso tse ling tsa morero sehlopheng sa hau, se sa lokelang motho e mong le e mong.
- ke projeke e khahlisang, e entsoeng e le segokanyimmediamentsi sa maemo a tlase (ho feta Dashboard) se nang le bokhoni ba ho bona lintho tsohle tsa sehlopha. Leha ho le joalo, ho bonahala eka tsoelo-pele ea eona e emisitse.
- - ka tsatsi le leng feela morero o kopanyang mesebetsi ea sehlopha (e bonts'a boemo ba hona joale ba sehlopha, empa ha e laole lintho tsa eona) le "netefatso ea mekhoa e metle" e ikemetseng (e hlahloba sehlopha bakeng sa ho nepahala ha litlhophiso tsa Deployments tse sebetsang ho eona).
Sebakeng sa liqeto
Dashboard ke sesebelisoa se tloaelehileng bakeng sa lihlopha tsa Kubernetes tseo re li sebeletsang. Ho kopanngoa ha eona le GitLab hape e se e le karolo ea ts'ebetso ea rona ea kamehla, kaha bahlahisi ba bangata ba thabetse bokhoni boo ba nang le bona ka phanele ena.
Kubernetes Dashboard nako le nako e na le mekhoa e meng e tsoang sechabeng sa Open Source ('me re thabela ho e nahana), empa mothating ona re lula le tharollo ena.
PES
Bala hape ho blog ea rona:
- «";
- «";
- «";
- «".
Source: www.habr.com