Ukudityaniswa kweKubernetes Dashboard kunye nabasebenzisi beGitLab

I-Kubernetes Dashboard sisixhobo ekulula ukusisebenzisa sokufumana ulwazi lwangoku malunga neqela lakho eliqhubayo kunye nokulilawula ngomzamo omncinci. Uqala ukuyixabisa ngakumbi xa ukufikelela kwezi zakhono kungafunwa kuphela ngabalawuli/iinjineli ze-DevOps, kodwa nangabo bangayiqhelanga kangako i-console kunye / okanye abazimisele ukujongana nazo zonke izinto ezintsonkothileyo zokunxibelelana ne-kubectl kunye. ezinye izinto eziluncedo. Oku kwenzeke ngathi: abaphuhlisi bafuna ukufikelela ngokukhawuleza kwi-interface yewebhu ye-Kubernetes, kwaye ekubeni sisebenzisa i-GitLab, isisombululo safika ngokwemvelo.

Kutheni kunje?

Abaphuhlisi abathe ngqo banokuba nomdla kwisixhobo esinje nge-K8s Dashboard kwimisebenzi yokulungisa ingxaki. Ngamanye amaxesha ufuna ukujonga iilog kunye nezixhobo, kwaye ngamanye amaxesha ubulale iipods, ubungakanani beDeployments/StatefulSets, kwaye ude uye kwiconsole yecontainer (kukho nezicelo apho, nangona kunjalo, kukho enye indlela - umzekelo, ngokusebenzisa kubectl-debug).

Ukongezelela, kukho umzuzu wengqondo kubaphathi xa befuna ukujonga iqela - ukubona ukuba "yonke into eluhlaza", kwaye ngoko baziqinisekisa ukuba "yonke into isebenza" (oko, ngokuqinisekileyo, ihlobene kakhulu ... kodwa oku kungaphaya kwemida yenqaku).

Njengenkqubo eqhelekileyo yeCI esinayo iyasebenza I-GitLab: bonke abaphuhlisi bayayisebenzisa nabo. Ke ngoko, ukubabonelela ngofikelelo, bekusengqiqweni ukudibanisa iDashboard neeakhawunti zeGitLab.

Ndiya kuphinda ndiqaphele ukuba sisebenzisa i-NGINX Ingress. Ukuba usebenza nabanye izisombululo zokungena, kuya kufuneka ukuba ufumane ngokuzimeleyo i-analogues ye-annotations yogunyaziso.

Izama ukudibanisa

Ufakelo lwedeshibhodi

Ukuqwalasela: Ukuba uza kuphinda la manyathelo angezantsi, ngoko - ukuphepha imisebenzi engeyomfuneko - qala ufunde kwisihlokwana esilandelayo.

Kuba sisebenzisa olu hlanganiso kufakelo oluninzi, sizenzele ukufakela kwayo. Imithombo efunekayo koku ipapashwa kwi Indawo yokugcina yeGitHub. Zisekwe kuqwalaselo kancinane lwe-YAML ukusuka Indawo yokugcina esemthethweni yeDashboard, kunye neskripthi se-Bash sokuthunyelwa ngokukhawuleza.

Iskripthi sifaka iDashboard kwiqela kwaye liyilungiselele ukudityaniswa neGitLab:

$ ./ctl.sh  
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
 -i, --install                install into 'kube-system' namespace
 -u, --upgrade                upgrade existing installation, will reuse password and host names
 -d, --delete                 remove everything, including the namespace
     --gitlab-url             set gitlab url with schema (https://gitlab.example.com)
     --oauth2-id              set OAUTH2_PROXY_CLIENT_ID from gitlab
     --oauth2-secret          set OAUTH2_PROXY_CLIENT_SECRET from gitlab
     --dashboard-url          set dashboard url without schema (dashboard.example.com)
Optional arguments:
 -h, --help                   output this message

Nangona kunjalo, ngaphambi kokuyisebenzisa, kufuneka uye kwi-GitLab: Indawo yoLawulo → Ii-Aplikheshini - kwaye wongeze isicelo esitsha sephaneli yexesha elizayo. Masiyibize "kubernetes dashboard":

Njengesiphumo sokuyongeza, iGitLab iya kubonelela ngeehashes:

Zizo ezisetyenziswa njengeengxoxo kwiskripthi. Ngenxa yoko, ukufakela kujongeka ngolu hlobo:

$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.com

Emva koko, makhe sijonge ukuba yonke into iqalile:

$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp   1/1       Running   0          14s
oauth2-proxy-5586ccf95c-czp2v           1/1       Running   0          14s

Kungekudala okanye kamva yonke into iya kuqala, nangona kunjalo ugunyaziso aluyi kusebenza ngoko nangoko! Inyaniso kukuba kumfanekiso osetyenzisiweyo (imeko yeminye imifanekiso iyafana) inkqubo yokubamba i-redirect kwi-callback iphunyezwa ngokungalunganga. Le meko ikhokelela kwinto yokuba isifungo sicima icookie esizinikwa yona sisifungo...

Ingxaki isonjululwa ngokwakha owakho umfanekiso wesifungo ngesiqwengana.

Faka isifungo kwaye ubuyisele

Ukwenza oku, siya kusebenzisa le Dockerfile ilandelayo:

FROM golang:1.9-alpine3.7
WORKDIR /go/src/github.com/bitly/oauth2_proxy

RUN apk --update add make git build-base curl bash ca-certificates wget 
&& update-ca-certificates 
&& curl -sSO https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm 
&& chmod +x gpm 
&& mv gpm /usr/local/bin
RUN git clone https://github.com/bitly/oauth2_proxy.git . 
&& git checkout bfda078caa55958cc37dcba39e57fc37f6a3c842  
ADD rd.patch .
RUN patch -p1 < rd.patch 
&& ./dist.sh

FROM alpine:3.7
RUN apk --update add curl bash  ca-certificates && update-ca-certificates
COPY --from=0 /go/src/github.com/bitly/oauth2_proxy/dist/ /bin/

EXPOSE 8080 4180
ENTRYPOINT [ "/bin/oauth2_proxy" ]
CMD [ "--upstream=http://0.0.0.0:8080/", "--http-address=0.0.0.0:4180" ]

Kwaye nantsi indlela i-rd.patch patch ngokwayo ibonakala ngayo

diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
 
echo "... running tests"
-./test.sh
+#./test.sh
 
-for os in windows linux darwin; do
-    echo "... building v$version for $os/$arch"
-    EXT=
-    if [ $os = windows ]; then
-        EXT=".exe"
-    fi
-    BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
-    TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
-    FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
-    GOOS=$os GOARCH=$arch CGO_ENABLED=0 
-        go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
-    pushd $BUILD/$TARGET
-    sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
-    cd .. && tar czvf $TARGET.tar.gz $TARGET
-    mv $TARGET.tar.gz $DIR/dist
-    popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0 
+    go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
  
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
       if redirect_url == p.SignInPath {
               redirect_url = "/"
       }
-
+       if req.FormValue("rd") != "" {
+               redirect_url = req.FormValue("rd")
+       }
       t := struct {
               ProviderName  string
               SignInMessage string

Ngoku ungakha umfanekiso kwaye uwutyhale kwiGitLab yethu. Okulandelayo manifests/kube-dashboard-oauth2-proxy.yaml bonisa ukusetyenziswa komfanekiso ofunekayo (ubuyisele owakho endaweni yawo):

 image: docker.io/colemickens/oauth2_proxy:latest

Ukuba unobhaliso oluvaliweyo ngogunyaziso, ungalibali ukongeza ukusetyenziswa kwemfihlo kwimifanekiso yokutsala:

      imagePullSecrets:
     - name: gitlab-registry

... kwaye yongeza imfihlo ngokwayo yobhaliso:

---
apiVersion: v1
data:
 .dockercfg: eyJyZWdpc3RyeS5jb21wYW55LmNvbSI6IHsKICJ1c2VybmFtZSI6ICJvYXV0aDIiLAogInBhc3N3b3JkIjogIlBBU1NXT1JEIiwKICJhdXRoIjogIkFVVEhfVE9LRU4iLAogImVtYWlsIjogIm1haWxAY29tcGFueS5jb20iCn0KfQoK
=
kind: Secret
metadata:
 annotations:
 name: gitlab-registry
 namespace: kube-system
type: kubernetes.io/dockercfg

Umfundi omameleyo uya kubona ukuba umtya omde ongentla usisiseko64 ukusuka kuqwalaselo:

{"registry.company.com": {
 "username": "oauth2",
 "password": "PASSWORD",
 "auth": "AUTH_TOKEN",
 "email": "[email protected]"
}
}

Le yidatha yomsebenzisi kwi-GitLab, ikhowudi ye-Kubernetes iya kutsala umfanekiso kwirejista.

Emva kokuba yonke into yenziwe, ungasusa okwangoku (ayisebenzi ngokuchanekileyo) Ufakelo lweDashboard ngomyalelo:

$ ./ctl.sh -d

... kwaye ufake yonke into kwakhona:

$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.com

Lixesha lokuba uye kwiDashboard kwaye ufumane iqhosha lokungena lakudala:

Emva kokucofa kuyo, iGitLab iya kusibulisa, inikezela ngokungena kwiphepha layo lesiqhelo (ewe kunjalo, ukuba asizange singene ngaphambili):

Singena ngeziqinisekiso zeGitLab- kwaye yonke into yenziwe:

Malunga neempawu zeDashboard

Ukuba ungumphuhlisi ongazange asebenze noKubernetes ngaphambili, okanye ngenxa yesizathu esithile ungazange udibane neDashboard ngaphambili, ndiza kubonisa ezinye zezakhono zayo.

Okokuqala, unokubona ukuba "yonke into iluhlaza":

Iinkcukacha ezithe kratya zikwakhona kwiipod, ezinje ngokuguquguquka kwemekobume, umfanekiso okhutshelweyo, iimpikiswano zokuqalisa, kunye nobume bazo:

Ukusasazwa kunesimo esibonakalayo:

...kunye nezinye iinkcukacha:

... kwaye kukho nokubanakho ukukala ukusasazwa:

Isiphumo salo msebenzi:

Phakathi kwezinye izinto eziluncedo esele zikhankanyiwe ekuqaleni kwenqaku kujongwa iinkuni:

... kunye nomsebenzi wokuloga kwiconsole yesikhongozeli sepod ekhethiweyo:

Umzekelo, unokujonga kwakhona imida/izicelo kwiinodi:

Ewe, ezi ayizizo zonke izakhono zephaneli, kodwa ndiyathemba ukuba uya kufumana umbono jikelele.

Ukungalungi kokudibanisa kunye neDashboard

Kudibaniso oluchaziweyo akukho ulawulo lofikelelo. Ngayo, bonke abasebenzisi abanalo naluphi na ufikelelo kwi-GitLab bafumana ukufikelela kwiDashboard. Banokufikelela okufanayo kwiDashboard ngokwayo, ehambelana namalungelo eDashboard ngokwayo, leyo zichazwe kwi-RBAC. Ngokucacileyo, oku akufanelanga wonke umntu, kodwa kwimeko yethu kuye kwanela.

Phakathi kwezinto ezingalunganga ezibonakalayo kwiDashboard ngokwayo, ndiqaphela oku kulandelayo:

• akunakwenzeka ukuba ungene kwi-console ye-container ye-init;
• akunakwenzeka ukuhlela iDeployments kunye neStatefulSets, nangona oku kunokulungiswa kwi-ClusterRole;
• Ukuhambelana kweDashboard kunye neenguqulelo zamva nje zeKubernetes kunye nekamva leprojekthi kuphakamisa imibuzo.

Ingxaki yokugqibela ifanelwe ingqalelo ekhethekileyo.

Ubume bedeshibhodi kunye nezinye iindlela

Itheyibhile yokuhambelana yeDashboard kunye nokukhutshwa kwe-Kubernetes, enikezelwe kuguqulelo lwamva nje lweprojekthi (v1.10.1), andonwabanga kakhulu:

Ngaphandle koku, kukho (sele yamkelwe ngoJanuwari) PR #3476, ebhengeza inkxaso ye-K8s 1.13. Ukongeza, phakathi kwemiba yeprojekthi unokufumana iireferensi kubasebenzisi abasebenza kunye nephaneli kwi-K8s 1.14. Ekugqibeleni, uyazibophelela kwisiseko sekhowudi yeprojekthi musa ukuyeka. Ngoko ke (ubuncinci!) ubume beprojekthi abubi kangako njengoko bunokubonakala kuqala kwitheyibhile esemthethweni yokuhambelana.

Ekugqibeleni, kukho ezinye iindlela kwiDashboard. Phakathi kwabo:

1. K8Dash - i-interface encinci (eyokuqala ibophelelayo ibuyele ngoMatshi walo nyaka), esele inikezela ngeempawu ezintle, ezifana nokubonakaliswa okubonakalayo kwimeko yangoku yeqela kunye nokulawulwa kwezinto zayo. Ibekwe njenge "interface yexesha langempela", kuba ihlaziya ngokuzenzekelayo idatha ebonisiweyo ngaphandle kokufuna ukuba uhlaziye iphepha kwisikhangeli.
2. I-OpenShift Console -Ujongano lwewebhu oluvela kwi-Red Hat OpenShift, leyo, nangona kunjalo, iya kuzisa olunye uphuhliso lweprojekthi kwiqela lakho, elingafanelanga wonke umntu.
3. Kubernator yiprojekthi enomdla, eyenziwe ngokomgangatho osezantsi (kuneDashboard) ujongano olunamandla okujonga zonke izinto zeqela. Nangona kunjalo, kubonakala ngathi uphuhliso lwayo luyekile.
4. Polaris - ngolunye usuku nje ibhengezwe iprojekthi edibanisa imisebenzi yephaneli (ibonisa imeko yangoku yeqela, kodwa ayilawuli izinto zayo) kunye "nokuqinisekiswa kweendlela ezilungileyo" ngokuzenzekelayo (ihlola iqoqo lokuchaneka kobumbeko lwe-Deployments esebenza kuyo).

Endaweni yezigqibo

Ideshibhodi sisixhobo esisemgangathweni seqela leKubernetes esilisebenzelayo. Ukudityaniswa kwayo neGitLab kuye kwaba yinxalenye yofakelo lwethu olungagqibekanga, njengoko uninzi lwabaphuhlisi luchulumancile ngamandla abanawo ngeli qela lolawulo.

I-Kubernetes Dashboard ngamaxesha athile inezinye iindlela ezisuka kuluntu lwe-Open Source (kwaye siyavuya ukuziqwalasela), kodwa okwangoku sihlala nesi sisombululo.

PS

Funda nakwibhlog yethu:

• «kubebox kunye namanye amaqokobhe eKubernetes";
• «Eyona CI/CD eyona ndlela ilungileyo yokwenza neKubernetes kunye neGitLab (uphononongo kunye nengxelo yevidiyo)";
• «Yakha kwaye usebenzise usetyenziso kwi-Kubernetes usebenzisa i-dapp kunye ne-GitLab CI";
• «I-GitLab CI yokudibanisa ngokuqhubekayo kunye nokuhanjiswa kwimveliso. Icandelo 1: umbhobho wethu».

umthombo: www.habr.com