如何配置Kubernetes仪表板dashboard支持http方式并使用ingress-nginx代理访问实践

公众号关注「WeiyiGeek」

本章目录：配置 Kubernetes-dashboard 以支持 http 方式访问

1.配置 Kubernetes-dashboard 以支持 http 方式访问

描述: 当前默认安装配置的 Kubernetes-dashboard 都是启用了https, 然而在当我们环境中存在ingress时，可能会有需要将其通过虚拟主机进行暴露时，此时将会在ingress端进行设置证书而不是在 Kubernetes-dashboard Pod中设置证书。

步骤 01.打开下载的​​Kubernetes-dashboard​​​资源清单文件或者使用​​kubelet edit​​​命令编辑已部署的资源清单,首先配置 ​​kubernetesui/dashboard:v2.5.1​​​ 镜像的启动参数，主要是​​--enable-insecure-login​​​与​​--insecure-port=8080​​参数。

$ kubectl edit deployments.apps -n kubernetes-dashboard kubernetes-dashboard
args:
# - --auto-generate-certificates
  - --namespace=kubernetes-dashboard
  - --enable-insecure-login
  - --insecure-port=8080

# Pod 端口暴露
ports:
  - name: https
    containerPort: 8443
    protocol: TCP
  - name: http
    containerPort: 8080
    protocol: TCP

# Pod 健康检查
livenessProbe:
# httpGet:
#   scheme: HTTPS
#   path: /
#   port: 8443
  httpGet:
    scheme: HTTP
    path: /
    port: 8080

步骤 02.配置 kubernetes-dashboard 的 Service 资源管理器

$ kubectl edit svc -n kubernetes-dashboard kubernetes-dashboard
  ports:
  - name: https
    port: 443
    protocol: TCP
    targetPort: 8443
  - name: http
    port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: ClusterIP

$ kubectl get svc -n kubernetes-dashboard kubernetes-dashboard
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)            AGE
kubernetes-dashboard   ClusterIP   11.19.103.247   <none>        443/TCP,8080/TCP   3h39m

步骤 03.服务验证以及部署ingress转发规则URL设置，最后浏览器访问如下URL(​​devops.weiyigeek.top/dashboard/​​)即可。

$ curl 11.19.103.247:8080

$ tee kubernetes-dashboard-ingress.yaml <<'EOF'
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    ingressclass.kubernetes.io/is-default-class: "true"
    nginx.ingress.kubernetes.io/proxy-connect-timeout: "75"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "300"
    nginx.ingress.kubernetes.io/proxy-send-timeout: "300"
    nginx.ingress.kubernetes.io/rewrite-target: /$2
  labels:
    app: devops-weiyigeek
  name: devops-weiyigeek
  namespace: kubernetes-dashboard
spec:
  ingressClassName: nginx
  rules:
  - host: devops.weiyigeek.top
    http:
      paths:
      - backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 8080
        path: /dashboard(/|$)(.*)
        pathType: ImplementationSpecific
  tls:
  - hosts:
    - devops.weiyigeek.top
    secretName: devops-weiyigeek-top
EOF

# 部署 ingress 规则
$ kubectl apply -f kubernetes-dashboard-ingress.yaml 
$ kubectl get ingress -n kubernetes-dashboard devops-weiyigeek
NAME          CLASS   HOSTS                ADDRESS        PORTS     AGE
devops-weiyigeek   nginx   devops.weiyigeek.top   11.19.12.210   80, 443   3h52m

本文至此完毕，更多技术文章，尽情期待下一章节！

个人主页: 【 ​​https://weiyigeek.top​​】

博客地址: 【 ​​https://blog.weiyigeek.top ​​】

​