Kubernetes utils
June 22, 2023
Kubernetes Dashboard
Дефолтный дашборд для работы с Kubernetes.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
kubectl proxy # Адрес странички в интернете. http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
Используем Ingress
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx && \ helm repo update && \ helm install ingress-nginx ingress-nginx/ingress-nginx
cat <<EOF | kubectl apply -f - apiVersion: cert-manager.io/v1 kind: ClusterIssuer metadata: name: letsencrypt namespace: cert-manager spec: acme: server: https://acme-v02.api.letsencrypt.org/directory email: [email protected] privateKeySecretRef: name: kubernetes-dashboard solvers: - http01: ingress: class: nginx EOF
cat <<EOF | kubectl apply -f - apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: kubernetes-dashboard namespace: kubernetes-dashboard annotations: kubernetes.io/ingress.class: "nginx" cert-manager.io/cluster-issuer: "letsencrypt" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" nginx.ingress.kubernetes.io/auth-tls-verify-client: "false" spec: tls: - hosts: - dashboard.prod.cameda1.tk secretName: kubernetes-dashboard rules: - host: dashboard.prod.cameda1.tk http: paths: - path: / pathType: Prefix backend: service: name: kubernetes-dashboard port: number: 443 EOF
Для захода на страницу управления в браузере вбиваем:
dashboard.prod.cameda1.tk
cat <<EOF | kubectl apply -f - apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard EOF
# Генерируем токен kubectl create token admin-user -n kubernetes-dashboard
Используем полученный токен для входа в дашборд по токену.
Полезные ссылки.
GitHub: https://github.com/kubernetes/dashboard/tree/master
Управление доступом к дашборду с т.з. SA:
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
Организация доступа к дашборду с т.з. Service/Ingress/Port forward:
https://github.com/kubernetes/dashboard/tree/master/docs/user/accessing-dashboard
Ссылка на чарт: https://github.com/kubernetes/dashboard/blob/master/charts/recommended.yaml