I-Kubernetes Dashboard sisixhobo ekulula ukusisebenzisa sokufumana ulwazi lwangoku malunga neqela lakho eliqhubayo kunye nokulilawula ngomzamo omncinci. Uqala ukuyixabisa ngakumbi xa ukufikelela kwezi zakhono kungafunwa kuphela ngabalawuli/iinjineli ze-DevOps, kodwa nangabo bangayiqhelanga kangako i-console kunye / okanye abazimisele ukujongana nazo zonke izinto ezintsonkothileyo zokunxibelelana ne-kubectl kunye. ezinye izinto eziluncedo. Oku kwenzeke ngathi: abaphuhlisi bafuna ukufikelela ngokukhawuleza kwi-interface yewebhu ye-Kubernetes, kwaye ekubeni sisebenzisa i-GitLab, isisombululo safika ngokwemvelo.
Kutheni kunje?
Abaphuhlisi abathe ngqo banokuba nomdla kwisixhobo esinje nge-K8s Dashboard kwimisebenzi yokulungisa ingxaki. Ngamanye amaxesha ufuna ukujonga iilog kunye nezixhobo, kwaye ngamanye amaxesha ubulale iipods, ubungakanani beDeployments/StatefulSets, kwaye ude uye kwiconsole yecontainer (kukho nezicelo apho, nangona kunjalo, kukho enye indlela - umzekelo, ngokusebenzisa
Ukongezelela, kukho umzuzu wengqondo kubaphathi xa befuna ukujonga iqela - ukubona ukuba "yonke into eluhlaza", kwaye ngoko baziqinisekisa ukuba "yonke into isebenza" (oko, ngokuqinisekileyo, ihlobene kakhulu ... kodwa oku kungaphaya kwemida yenqaku).
Njengenkqubo eqhelekileyo yeCI esinayo
Ndiya kuphinda ndiqaphele ukuba sisebenzisa i-NGINX Ingress. Ukuba usebenza nabanye
Izama ukudibanisa
Ufakelo lwedeshibhodi
Ukuqwalasela: Ukuba uza kuphinda la manyathelo angezantsi, ngoko - ukuphepha imisebenzi engeyomfuneko - qala ufunde kwisihlokwana esilandelayo.
Kuba sisebenzisa olu hlanganiso kufakelo oluninzi, sizenzele ukufakela kwayo. Imithombo efunekayo koku ipapashwa kwi
Iskripthi sifaka iDashboard kwiqela kwaye liyilungiselele ukudityaniswa neGitLab:
$ ./ctl.sh
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
-i, --install install into 'kube-system' namespace
-u, --upgrade upgrade existing installation, will reuse password and host names
-d, --delete remove everything, including the namespace
--gitlab-url set gitlab url with schema (https://gitlab.example.com)
--oauth2-id set OAUTH2_PROXY_CLIENT_ID from gitlab
--oauth2-secret set OAUTH2_PROXY_CLIENT_SECRET from gitlab
--dashboard-url set dashboard url without schema (dashboard.example.com)
Optional arguments:
-h, --help output this message
Nangona kunjalo, ngaphambi kokuyisebenzisa, kufuneka uye kwi-GitLab: Indawo yoLawulo β Ii-Aplikheshini - kwaye wongeze isicelo esitsha sephaneli yexesha elizayo. Masiyibize "kubernetes dashboard":
Njengesiphumo sokuyongeza, iGitLab iya kubonelela ngeehashes:
Zizo ezisetyenziswa njengeengxoxo kwiskripthi. Ngenxa yoko, ukufakela kujongeka ngolu hlobo:
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e⦠--oauth2-secret 6b79168f⦠--dashboard-url dashboard.example.com
Emva koko, makhe sijonge ukuba yonke into iqalile:
$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp 1/1 Running 0 14s
oauth2-proxy-5586ccf95c-czp2v 1/1 Running 0 14s
Kungekudala okanye kamva yonke into iya kuqala, nangona kunjalo ugunyaziso aluyi kusebenza ngoko nangoko! Inyaniso kukuba kumfanekiso osetyenzisiweyo (imeko yeminye imifanekiso iyafana) inkqubo yokubamba i-redirect kwi-callback iphunyezwa ngokungalunganga. Le meko ikhokelela kwinto yokuba isifungo sicima icookie esizinikwa yona sisifungo...
Ingxaki isonjululwa ngokwakha owakho umfanekiso wesifungo ngesiqwengana.
Faka isifungo kwaye ubuyisele
Ukwenza oku, siya kusebenzisa le Dockerfile ilandelayo:
FROM golang:1.9-alpine3.7
WORKDIR /go/src/github.com/bitly/oauth2_proxy
RUN apk --update add make git build-base curl bash ca-certificates wget
&& update-ca-certificates
&& curl -sSO https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm
&& chmod +x gpm
&& mv gpm /usr/local/bin
RUN git clone https://github.com/bitly/oauth2_proxy.git .
&& git checkout bfda078caa55958cc37dcba39e57fc37f6a3c842
ADD rd.patch .
RUN patch -p1 < rd.patch
&& ./dist.sh
FROM alpine:3.7
RUN apk --update add curl bash ca-certificates && update-ca-certificates
COPY --from=0 /go/src/github.com/bitly/oauth2_proxy/dist/ /bin/
EXPOSE 8080 4180
ENTRYPOINT [ "/bin/oauth2_proxy" ]
CMD [ "--upstream=http://0.0.0.0:8080/", "--http-address=0.0.0.0:4180" ]
Kwaye nantsi indlela i-rd.patch patch ngokwayo ibonakala ngayo
diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
echo "... running tests"
-./test.sh
+#./test.sh
-for os in windows linux darwin; do
- echo "... building v$version for $os/$arch"
- EXT=
- if [ $os = windows ]; then
- EXT=".exe"
- fi
- BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
- TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
- FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
- GOOS=$os GOARCH=$arch CGO_ENABLED=0
- go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
- pushd $BUILD/$TARGET
- sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
- cd .. && tar czvf $TARGET.tar.gz $TARGET
- mv $TARGET.tar.gz $DIR/dist
- popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0
+ go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
if redirect_url == p.SignInPath {
redirect_url = "/"
}
-
+ if req.FormValue("rd") != "" {
+ redirect_url = req.FormValue("rd")
+ }
t := struct {
ProviderName string
SignInMessage string
Ngoku ungakha umfanekiso kwaye uwutyhale kwiGitLab yethu. Okulandelayo manifests/kube-dashboard-oauth2-proxy.yaml
bonisa ukusetyenziswa komfanekiso ofunekayo (ubuyisele owakho endaweni yawo):
image: docker.io/colemickens/oauth2_proxy:latest
Ukuba unobhaliso oluvaliweyo ngogunyaziso, ungalibali ukongeza ukusetyenziswa kwemfihlo kwimifanekiso yokutsala:
imagePullSecrets:
- name: gitlab-registry
... kwaye yongeza imfihlo ngokwayo yobhaliso:
---
apiVersion: v1
data:
.dockercfg: eyJyZWdpc3RyeS5jb21wYW55LmNvbSI6IHsKICJ1c2VybmFtZSI6ICJvYXV0aDIiLAogInBhc3N3b3JkIjogIlBBU1NXT1JEIiwKICJhdXRoIjogIkFVVEhfVE9LRU4iLAogImVtYWlsIjogIm1haWxAY29tcGFueS5jb20iCn0KfQoK
=
kind: Secret
metadata:
annotations:
name: gitlab-registry
namespace: kube-system
type: kubernetes.io/dockercfg
Umfundi omameleyo uya kubona ukuba umtya omde ongentla usisiseko64 ukusuka kuqwalaselo:
{"registry.company.com": {
"username": "oauth2",
"password": "PASSWORD",
"auth": "AUTH_TOKEN",
"email": "[email protected]"
}
}
Le yidatha yomsebenzisi kwi-GitLab, ikhowudi ye-Kubernetes iya kutsala umfanekiso kwirejista.
Emva kokuba yonke into yenziwe, ungasusa okwangoku (ayisebenzi ngokuchanekileyo) Ufakelo lweDashboard ngomyalelo:
$ ./ctl.sh -d
... kwaye ufake yonke into kwakhona:
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e⦠--oauth2-secret 6b79168f⦠--dashboard-url dashboard.example.com
Lixesha lokuba uye kwiDashboard kwaye ufumane iqhosha lokungena lakudala:
Emva kokucofa kuyo, iGitLab iya kusibulisa, inikezela ngokungena kwiphepha layo lesiqhelo (ewe kunjalo, ukuba asizange singene ngaphambili):
Singena ngeziqinisekiso zeGitLab- kwaye yonke into yenziwe:
Malunga neempawu zeDashboard
Ukuba ungumphuhlisi ongazange asebenze noKubernetes ngaphambili, okanye ngenxa yesizathu esithile ungazange udibane neDashboard ngaphambili, ndiza kubonisa ezinye zezakhono zayo.
Okokuqala, unokubona ukuba "yonke into iluhlaza":
Iinkcukacha ezithe kratya zikwakhona kwiipod, ezinje ngokuguquguquka kwemekobume, umfanekiso okhutshelweyo, iimpikiswano zokuqalisa, kunye nobume bazo:
Ukusasazwa kunesimo esibonakalayo:
...kunye nezinye iinkcukacha:
... kwaye kukho nokubanakho ukukala ukusasazwa:
Isiphumo salo msebenzi:
Phakathi kwezinye izinto eziluncedo esele zikhankanyiwe ekuqaleni kwenqaku kujongwa iinkuni:
... kunye nomsebenzi wokuloga kwiconsole yesikhongozeli sepod ekhethiweyo:
Umzekelo, unokujonga kwakhona imida/izicelo kwiinodi:
Ewe, ezi ayizizo zonke izakhono zephaneli, kodwa ndiyathemba ukuba uya kufumana umbono jikelele.
Ukungalungi kokudibanisa kunye neDashboard
Kudibaniso oluchaziweyo akukho ulawulo lofikelelo. Ngayo, bonke abasebenzisi abanalo naluphi na ufikelelo kwi-GitLab bafumana ukufikelela kwiDashboard. Banokufikelela okufanayo kwiDashboard ngokwayo, ehambelana namalungelo eDashboard ngokwayo, leyo
Phakathi kwezinto ezingalunganga ezibonakalayo kwiDashboard ngokwayo, ndiqaphela oku kulandelayo:
- akunakwenzeka ukuba ungene kwi-console ye-container ye-init;
- akunakwenzeka ukuhlela iDeployments kunye neStatefulSets, nangona oku kunokulungiswa kwi-ClusterRole;
- Ukuhambelana kweDashboard kunye neenguqulelo zamva nje zeKubernetes kunye nekamva leprojekthi kuphakamisa imibuzo.
Ingxaki yokugqibela ifanelwe ingqalelo ekhethekileyo.
Ubume bedeshibhodi kunye nezinye iindlela
Itheyibhile yokuhambelana yeDashboard kunye nokukhutshwa kwe-Kubernetes, enikezelwe kuguqulelo lwamva nje lweprojekthi (
Ngaphandle koku, kukho (sele yamkelwe ngoJanuwari)
Ekugqibeleni, kukho ezinye iindlela kwiDashboard. Phakathi kwabo:
-
K8Dash - i-interface encinci (eyokuqala ibophelelayo ibuyele ngoMatshi walo nyaka), esele inikezela ngeempawu ezintle, ezifana nokubonakaliswa okubonakalayo kwimeko yangoku yeqela kunye nokulawulwa kwezinto zayo. Ibekwe njenge "interface yexesha langempela", kuba ihlaziya ngokuzenzekelayo idatha ebonisiweyo ngaphandle kokufuna ukuba uhlaziye iphepha kwisikhangeli. -
I-OpenShift Console -Ujongano lwewebhu oluvela kwi-Red Hat OpenShift, leyo, nangona kunjalo, iya kuzisa olunye uphuhliso lweprojekthi kwiqela lakho, elingafanelanga wonke umntu. -
Kubernator yiprojekthi enomdla, eyenziwe ngokomgangatho osezantsi (kuneDashboard) ujongano olunamandla okujonga zonke izinto zeqela. Nangona kunjalo, kubonakala ngathi uphuhliso lwayo luyekile. -
Polaris - ngolunye usuku njeibhengezwe iprojekthi edibanisa imisebenzi yephaneli (ibonisa imeko yangoku yeqela, kodwa ayilawuli izinto zayo) kunye "nokuqinisekiswa kweendlela ezilungileyo" ngokuzenzekelayo (ihlola iqoqo lokuchaneka kobumbeko lwe-Deployments esebenza kuyo).
Endaweni yezigqibo
Ideshibhodi sisixhobo esisemgangathweni seqela leKubernetes esilisebenzelayo. Ukudityaniswa kwayo neGitLab kuye kwaba yinxalenye yofakelo lwethu olungagqibekanga, njengoko uninzi lwabaphuhlisi luchulumancile ngamandla abanawo ngeli qela lolawulo.
I-Kubernetes Dashboard ngamaxesha athile inezinye iindlela ezisuka kuluntu lwe-Open Source (kwaye siyavuya ukuziqwalasela), kodwa okwangoku sihlala nesi sisombululo.
PS
Funda nakwibhlog yethu:
- Β«
kubebox kunye namanye amaqokobhe eKubernetes "; - Β«
Eyona CI/CD eyona ndlela ilungileyo yokwenza neKubernetes kunye neGitLab (uphononongo kunye nengxelo yevidiyo) "; - Β«
Yakha kwaye usebenzise usetyenziso kwi-Kubernetes usebenzisa i-dapp kunye ne-GitLab CI "; - Β«
I-GitLab CI yokudibanisa ngokuqhubekayo kunye nokuhanjiswa kwimveliso. Icandelo 1: umbhobho wethu Β».
umthombo: www.habr.com