配置 k8s dashboard 域名访问
① kubectl 代理(只支持localhost 或 http):
kubectl proxy --address='0.0.0.0' --accept-hosts='^*$'
② 若 k8s 在虚拟机中部署,局域网中临时访问,可使用端口转发:
kubectl port-forward -n kubernetes-dashboard service/kubernetes-dashboard 10443:443 --address 0.0.0.0
③ traefik 配置域名访问
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: k8s-dashboard-transport
namespace: kubernetes-dashboard
spec:
serverName: "k8s-dashboard.domain.com"
insecureSkipVerify: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: k8s-dashboard-web
namespace: kubernetes-dashboard
spec:
entryPoints:
- websecure
routes:
- match: "Host(`k8s-dashboard.domain.com`)"
kind: Rule
services:
- name: kubernetes-dashboard
namespace: kubernetes-dashboard
port: 443
serversTransport: k8s-dashboard-transport
tls:
secretName: my-tls
配置 traefik dashboard 域名访问
① 端口转发
# 访问地址 http://192.168.0.201:9000/dashboard/#/
kubectl -n kube-system port-forward $(kubectl -n kube-system get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000 --address 0.0.0.0
② 域名访问
# 访问地址 https://traefik.domain.com/dashboard/#/
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard-web
namespace: kube-system
spec:
entryPoints:
- web
routes:
- kind: Rule
match: Host(`traefik.domain.com`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
services:
- kind: TraefikService
name: api@internal
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard-web-tls
namespace: kube-system
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`traefik.domain.com`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
services:
- kind: TraefikService
name: api@internal
tls:
secretName: my-tls
注:secret 的生成
kubectl create secret tls my-tls \
--key /etc/letsencrypt/live/domain.com/privkey.pem \
--cert /etc/letsencrypt/live/domain.com/fullchain.pem