I-Kubernetes Dashboard iyithuluzi elisebenziseka kalula lokuthola ulwazi lwakamuva mayelana neqoqo elisebenzayo nokuphathwa kwalo okuncane. Uqala ukukwazisa nakakhulu lapho ukufinyelela kulawa makhono kungadingeki ngabaphathi/onjiniyela be-DevOps kuphela, kodwa nalabo abangayijwayele kangako ikhonsoli kanye/noma abangahlosile ukubhekana nazo zonke izingqinamba zokusebenzelana ne-kubectl kanye ezinye izinsiza. Lokhu kwenzeke ngathi: abathuthukisi bafuna ukufinyelela okusheshayo ku-interface yewebhu ye-Kubernetes, futhi njengoba sisebenzisa i-GitLab, isixazululo sazizela.
Kungani lokhu?
Onjiniyela abaqondile bangase babe nentshisekelo ethuluzini elifana ne-K8s Dashboard lemisebenzi yokulungisa iphutha. Kwesinye isikhathi ufuna ukubuka izingodo nezinsiza, futhi kwesinye isikhathi ubulale ama-pods, ukala i-Deployments/StatefulSets, futhi uye ngisho naku-container console (kukhona nezicelo, noma kunjalo, kukhona enye indlela - ngokwesibonelo, ngokusebenzisa ).
Ngaphezu kwalokho, kukhona umzuzu ongokwengqondo wabaphathi lapho befuna ukubheka iqoqo - ukubona ukuthi "konke kuluhlaza", futhi ngaleyo ndlela baziqinisekise ukuthi "konke kuyasebenza" (okuyiqiniso, okuhlobene kakhulu ... kodwa lokhu kungaphezu kobubanzi besihloko).
Njengohlelo olujwayelekile lwe-CI esinalo I-GitLab: bonke abathuthukisi bayayisebenzisa futhi. Ngakho-ke, ukuze ubanikeze ukufinyelela, kwakunengqondo ukuhlanganisa i-Dashboard nama-akhawunti e-GitLab.
Ngizophinde ngiqaphele ukuthi sisebenzisa i-NGINX Ingress. Uma usebenza nabanye , uzodinga ngokuzimela ukuthola ama-analogue wezichasiselo ukuze ugunyazwe.
Izama ukuhlanganisa
Ukufakwa kwedeshibhodi
Ukunakwa: Uma uzophinda izinyathelo ezingezansi, bese - ukugwema ukusebenza okungadingekile - qala ufunde esihlokwaneni esilandelayo.
Njengoba sisebenzisa lokhu kuhlanganiswa ekufakweni okuningi, sizenzele ngokuzenzakalelayo ukufakwa kwakho. Imithombo edingekayo yalokhu ishicilelwa ku . Asekelwe ekucushweni okushintshwe kancane kwe-YAML kusuka , kanye neskripthi se-Bash sokuthunyelwa ngokushesha.
Umbhalo ufaka Ideshibhodi eqoqweni futhi ililungisele ukuhlanganiswa ne-GitLab:
$ ./ctl.sh
Usage: ctl.sh [OPTION]... --gitlab-url GITLAB_URL --oauth2-id ID --oauth2-secret SECRET --dashboard-url DASHBOARD_URL
Install kubernetes-dashboard to Kubernetes cluster.
Mandatory arguments:
-i, --install install into 'kube-system' namespace
-u, --upgrade upgrade existing installation, will reuse password and host names
-d, --delete remove everything, including the namespace
--gitlab-url set gitlab url with schema (https://gitlab.example.com)
--oauth2-id set OAUTH2_PROXY_CLIENT_ID from gitlab
--oauth2-secret set OAUTH2_PROXY_CLIENT_SECRET from gitlab
--dashboard-url set dashboard url without schema (dashboard.example.com)
Optional arguments:
-h, --help output this messageNokho, ngaphambi kokuyisebenzisa, udinga ukuya ku-GitLab: Indawo yokuphatha → Izicelo - bese wengeza uhlelo olusha lwephaneli yesikhathi esizayo. Masiyibize “ideshibhodi ye-kubernetes”:
Njengomphumela wokuyengeza, i-GitLab izohlinzeka ngama-hashes:
Yizona ezisetshenziswa njengezingxabano kuskripthi. Ngenxa yalokho, ukufakwa kubukeka kanjena:
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.comNgemuva kwalokho, ake sihlole ukuthi konke kuqalile:
$ kubectl -n kube-system get pod | egrep '(dash|oauth)'
kubernetes-dashboard-76b55bc9f8-xpncp 1/1 Running 0 14s
oauth2-proxy-5586ccf95c-czp2v 1/1 Running 0 14sNgokushesha noma kamuva konke kuzoqala, noma kunjalo ukugunyazwa ngeke kusebenze ngokushesha! Iqiniso liwukuthi esithombeni esisetshenzisiwe (isimo kwezinye izithombe siyefana) inqubo yokubamba ukuqondisa kabusha ku-callback isetshenziswa ngokungalungile. Lesi simo siholela eqinisweni lokuthi isifungo sisula ikhukhi isifungo esisinikeza sona...
Inkinga ixazululwa ngokwakha esakho isithombe sesifungo ngesichibi.
Patch oauth futhi ufake kabusha
Ukwenza lokhu, sizosebenzisa i-Dockerfile elandelayo:
FROM golang:1.9-alpine3.7
WORKDIR /go/src/github.com/bitly/oauth2_proxy
RUN apk --update add make git build-base curl bash ca-certificates wget
&& update-ca-certificates
&& curl -sSO https://raw.githubusercontent.com/pote/gpm/v1.4.0/bin/gpm
&& chmod +x gpm
&& mv gpm /usr/local/bin
RUN git clone https://github.com/bitly/oauth2_proxy.git .
&& git checkout bfda078caa55958cc37dcba39e57fc37f6a3c842
ADD rd.patch .
RUN patch -p1 < rd.patch
&& ./dist.sh
FROM alpine:3.7
RUN apk --update add curl bash ca-certificates && update-ca-certificates
COPY --from=0 /go/src/github.com/bitly/oauth2_proxy/dist/ /bin/
EXPOSE 8080 4180
ENTRYPOINT [ "/bin/oauth2_proxy" ]
CMD [ "--upstream=http://0.0.0.0:8080/", "--http-address=0.0.0.0:4180" ]Futhi nakhu ukuthi isichibi se-rd.patch sibukeka kanjani
diff --git a/dist.sh b/dist.sh
index a00318b..92990d4 100755
--- a/dist.sh
+++ b/dist.sh
@@ -14,25 +14,13 @@ goversion=$(go version | awk '{print $3}')
sha256sum=()
echo "... running tests"
-./test.sh
+#./test.sh
-for os in windows linux darwin; do
- echo "... building v$version for $os/$arch"
- EXT=
- if [ $os = windows ]; then
- EXT=".exe"
- fi
- BUILD=$(mktemp -d ${TMPDIR:-/tmp}/oauth2_proxy.XXXXXX)
- TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
- FILENAME="oauth2_proxy-$version.$os-$arch$EXT"
- GOOS=$os GOARCH=$arch CGO_ENABLED=0
- go build -ldflags="-s -w" -o $BUILD/$TARGET/$FILENAME || exit 1
- pushd $BUILD/$TARGET
- sha256sum+=("$(shasum -a 256 $FILENAME || exit 1)")
- cd .. && tar czvf $TARGET.tar.gz $TARGET
- mv $TARGET.tar.gz $DIR/dist
- popd
-done
+os='linux'
+echo "... building v$version for $os/$arch"
+TARGET="oauth2_proxy-$version.$os-$arch.$goversion"
+GOOS=$os GOARCH=$arch CGO_ENABLED=0
+ go build -ldflags="-s -w" -o ./dist/oauth2_proxy || exit 1
checksum_file="sha256sum.txt"
cd $DIR/dists
diff --git a/oauthproxy.go b/oauthproxy.go
index 21e5dfc..df9101a 100644
--- a/oauthproxy.go
+++ b/oauthproxy.go
@@ -381,7 +381,9 @@ func (p *OAuthProxy) SignInPage(rw http.ResponseWriter, req *http.Request, code
if redirect_url == p.SignInPath {
redirect_url = "/"
}
-
+ if req.FormValue("rd") != "" {
+ redirect_url = req.FormValue("rd")
+ }
t := struct {
ProviderName string
SignInMessage string
Manje ungakha isithombe bese usishutheka ku-GitLab yethu. Okulandelayo ku manifests/kube-dashboard-oauth2-proxy.yaml khombisa ukusetshenziswa kwesithombe osifunayo (sishintshe ufake esakho):
image: docker.io/colemickens/oauth2_proxy:latestUma unokubhalisa okuvalwe ngokugunyazwa, ungakhohlwa ukwengeza ukusetshenziswa kwemfihlo yezithombe zokudonsa:
imagePullSecrets:
- name: gitlab-registry... bese wengeza imfihlo ngokwayo yokubhalisa:
---
apiVersion: v1
data:
.dockercfg: eyJyZWdpc3RyeS5jb21wYW55LmNvbSI6IHsKICJ1c2VybmFtZSI6ICJvYXV0aDIiLAogInBhc3N3b3JkIjogIlBBU1NXT1JEIiwKICJhdXRoIjogIkFVVEhfVE9LRU4iLAogImVtYWlsIjogIm1haWxAY29tcGFueS5jb20iCn0KfQoK
=
kind: Secret
metadata:
annotations:
name: gitlab-registry
namespace: kube-system
type: kubernetes.io/dockercfgUmfundi olalelayo uzobona ukuthi iyunithi yezinhlamvu ende engenhla i-base64 kusukela ekulungiseleleni:
{"registry.company.com": {
"username": "oauth2",
"password": "PASSWORD",
"auth": "AUTH_TOKEN",
"email": "[email protected]"
}
}Lena idatha yomsebenzisi ku-GitLab, ikhodi ye-Kubernetes izokhipha isithombe kurejista.
Ngemuva kokuthi konke kwenziwe, ungasusa okwamanje (akusebenzi kahle) ukufakwa kwedeshibhodi ngomyalo:
$ ./ctl.sh -d... bese ufake yonke into futhi:
$ ./ctl.sh -i --gitlab-url https://gitlab.example.com --oauth2-id 6a52769e… --oauth2-secret 6b79168f… --dashboard-url dashboard.example.comSekuyisikhathi sokuya Kudeshibhodi futhi uthole inkinobho yokungena edala kakhulu:
Ngemva kokuchofoza kuyo, i-GitLab izosibingelela, ithembise ukungena ekhasini layo elivamile (Yebo, uma singakangeni lapho ngaphambilini):
Singena ngemininingwane ye-GitLab - futhi konke kwenziwa:
Mayelana nezici zedeshibhodi
Uma ungumthuthukisi ongakaze asebenze ne-Kubernetes ngaphambilini, noma ngenxa yesizathu esithile ungakaze uhlangane ne-Dashboard ngaphambilini, ngizobonisa amanye amakhono ayo.
Okokuqala, ungabona ukuthi "konke kuluhlaza":
Idatha enemininingwane eyengeziwe iyatholakala kuma-pods, njengokuhlukahluka kwendawo, isithombe esilandiwe, izimpikiswano zokuqalisa, kanye nesimo sazo:
Ukuthunyelwa kunezimo ezibonakalayo:
...neminye imininingwane:
... futhi kukhona nekhono lokukala ukuthunyelwa:
Umphumela walo msebenzi:
Phakathi kwezinye izici eziwusizo esezishiwo ekuqaleni kwesihloko ukubuka izingodo:
... kanye nomsebenzi wokungena kukhonsoli yesiqukathi se-pod ekhethiwe:
Isibonelo, ungabheka futhi imikhawulo/izicelo kumanodi:
Yiqiniso, lawa akuwona wonke amakhono wephaneli, kodwa ngithemba ukuthi uthola umbono ojwayelekile.
Ukubi kokuhlanganisa kanye nedeshibhodi
Ekuhlanganisweni okuchaziwe akukho ukulawula ukufinyelela. Ngayo, bonke abasebenzisi abananoma yikuphi ukufinyelela ku-GitLab bathola ukufinyelela Kudeshibhodi. Banokufinyelela okufanayo kuDeshibhodi ngokwayo, okuhambisana namalungelo eDeshibhodi ngokwayo, okuyinto . Ngokusobala, lokhu akufanelekile kuwo wonke umuntu, kodwa esimweni sethu kuvele kwanele.
Phakathi kokubi okubonakalayo Kudeshibhodi ngokwayo, ngiphawula okulandelayo:
- akunakwenzeka ukungena ku-console yesitsha se-init;
- akunakwenzeka ukuhlela i-Deployments kanye ne-StatefulSets, nakuba lokhu kungalungiswa ku-ClusterRole;
- Ukuhambisana kwedeshibhodi nezinguqulo zakamuva ze-Kubernetes kanye nekusasa lephrojekthi kuphakamisa imibuzo.
Inkinga yokugcina idinga ukunakwa okukhethekile.
Isimo sedeshibhodi nezinye izindlela
Ithebula lokuhambisana kwedeshibhodi nokukhishwa kwe-Kubernetes, okwethulwa enguqulweni yakamuva yephrojekthi (), angijabule kakhulu:
Naphezu kwalokhu, kukhona (esivele yamukelwe ngoJanuwari) , ememezela ukusekelwa kwe-K8s 1.13. Ngaphezu kwalokho, phakathi kwezinkinga zephrojekthi ungathola izinkomba kubasebenzisi abasebenza nephaneli ku-K8s 1.14. Ekugcineni, kwisisekelo sekhodi yephrojekthi ungayeki. Ngakho (okungenani!) Isimo sangempela sephrojekthi asisibi njengoba singase sibonakale kuqala kuthebula elisemthethweni lokusebenzisana.
Okokugcina, kukhona ezinye izindlela zedeshibhodi. Phakathi kwazo:
- - isixhumi esibonakalayo esincane (isibopho sokuqala sibuyele emuva ngo-March walo nyaka), esesivele sinikeza izici ezinhle, njengokumelela okubonakalayo kwesimo samanje seqoqo kanye nokuphathwa kwezinto zalo. Ibekwe "njengesixhumi esibonakalayo sesikhathi sangempela", ngoba ibuyekeza ngokuzenzakalelayo idatha ebonisiwe ngaphandle kokudinga ukuthi uvuselele ikhasi esipheqululini.
- - isixhumi esibonakalayo sewebhu esivela ku-Red Hat OpenShift, okuthi, noma kunjalo, ilethe okunye ukuthuthukiswa kwephrojekthi kuqoqo lakho, elingafanele wonke umuntu.
- iphrojekthi ethokozisayo, edalwe njengesixhumi esibonakalayo sezinga eliphansi (kunedeshibhodi) enekhono lokubuka zonke izinto zeqoqo. Nokho, kubukeka sengathi ukuthuthukiswa kwayo kumile.
- - ngolunye usuku nje iphrojekthi ehlanganisa imisebenzi yephaneli (ibonisa isimo samanje seqoqo, kodwa ingalawuli izinto zayo) kanye “nokuqinisekiswa kwezinqubo ezihamba phambili” okuzenzakalelayo (ihlola iqoqo ukuze libone ukulunga kokucushwa Kokuphakelwa okugijima kuyo).
Esikhundleni seziphetho
Ideshibhodi iyithuluzi elijwayelekile lamaqoqo e-Kubernetes esiwahlinzekayo. Ukuhlanganiswa kwayo ne-GitLab sekuphinde kwaba yingxenye yokufaka kwethu okuzenzakalelayo, njengoba onjiniyela abaningi bejabule ngamakhono abanawo ngale phaneli.
I-Kubernetes Ideshibhodi ngezikhathi ezithile inezinye izindlela ezivela emphakathini we-Open Source (futhi siyajabula ukuzicabangela), kodwa okwamanje sihlala nalesi sixazululo.
PS
Funda futhi kubhulogi yethu:
- «";
- «";
- «";
- «".
Source: www.habr.com