kubernetes dashboard:v2.0.0-rc6 启用https访问-小绿锁

发表于： 2020-05-12 2020-05-12
分类： SRE
标签： http, https, I/O, ingress, k8s, kubernetes, tls, yaml

先停掉正常的Deployment/kubernetes-dashboard

Deployment kubernetes-dashboard--http

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-http
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
        - name: kubernetes-dashboard
          image: registry.cn-shanghai.aliyuncs.com/leozhanggg/kubernetesui/dashboard:v2.0.0-rc6
          ports:
            - containerPort: 9090
              protocol: TCP
          command:
            - /dashboard
            - --insecure-bind-address=0.0.0.0
          args:
            - --enable-insecure-login
            - --namespace=kubernetes-dashboard
          volumeMounts:
            - mountPath: /tmp
              name: tmp-volume
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 9090
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
        - name: tmp-volume
          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "beta.kubernetes.io/os": linux
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule

svc kubernetes-dashboard-http

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-http
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 9090
      targetPort: 9090
  selector:
    k8s-app: kubernetes-dashboard

---

create secret tls-k8s-yq

kubectl -n kubernetes-dashboard  create secret tls tls-k8s-yq --cert=k8s.your.domain.pem --key=k8s.your.domain.key
kubectl -n kubernetes-dashboard get secret
kubectl -n kubernetes-dashboard describe secret tls-k8s-yq

Ingress http

apiVersion: networking.k8s.io/v1beta1
#apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: dashboard-ingress-http 
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
  - hosts:
    - k8s.your.domain
    secretName: tls-k8s-yq
  rules:
  - host: k8s.your.domain
    http:
      paths:
      - backend:
          serviceName: kubernetes-dashboard-http
          servicePort: 9090

tomcat

发表回复取消回复