3.k8s dashboard设置域名登录案例(ingress版本为1.3.1)

这篇具有很好参考价值的文章主要介绍了3.k8s dashboard设置域名登录案例(ingress版本为1.3.1)。希望对大家有所帮助。如果存在错误或未考虑完全的地方,请大家不吝赐教,您也可以点击"举报违法"按钮提交疑问。


前言

前面搭建了集群,配置了账号密码登录,现在配置k8s dashboard的域名登录,这样重启k8s的时候就不用再去看什么端口,根据端口访问,直接通过域名访问即可。


一、安装ingress

这里说明下数据流动方向
client—> ingresscontroller服务(loadbalance部署方式默认的部署方式)–>dashboard服务(nodeport部署方式)

1.1 下载ingress部署文件

3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生
从版本匹配选择适配自己k8s版本的ingresscontrol,我的k8s版本是1.21.10,看上图匹配的是1.3.1版本,下载该版本。

wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.3.1/deploy/static/provider/cloud/deploy.yaml
mv deploy.yaml ingress-nginx-controller.yaml
kubectl apply -f ingress-nginx-controller.yaml

这里这个ingress-nginx-contraller.yaml 需要把镜像替换下,github访问不了。

registry.k8s.io/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974

替换成

k8s.dockerproxy.com/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974
registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47

替换成

k8s.dockerproxy.com/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47

一共三处地方需要替换,control1处,certgen2处地方。
ingress-controller 的deployment处修改副本为1,这里的改动原因主要是我想控制ingress-controller就生成一个pod容器,而且在master节点上,这样可以控制流量入口,也可以选择每个节点都部署,我这里就不展示那种方式了。
给master节点打上标签,以便于识别master节点

kubectl label nodes hadoop1 nginx=nginx
kubectl get nodes --show-labels

3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生

replicas: 1

3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生
这里还要修改node节点选择为master节点
3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生
整个文件修改如下

apiVersion: v1
kind: Namespace
metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  name: ingress-nginx
---
apiVersion: v1
automountServiceAccountToken: true
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx
  namespace: ingress-nginx
---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx-admission
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx
  namespace: ingress-nginx
rules:
- apiGroups:
  - ""
  resources:
  - namespaces
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - configmaps
  - pods
  - secrets
  - endpoints
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses/status
  verbs:
  - update
- apiGroups:
  - networking.k8s.io
  resources:
  - ingressclasses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resourceNames:
  - ingress-controller-leader
  resources:
  - configmaps
  verbs:
  - get
  - update
- apiGroups:
  - ""
  resources:
  - configmaps
  verbs:
  - create
- apiGroups:
  - coordination.k8s.io
  resourceNames:
  - ingress-controller-leader
  resources:
  - leases
  verbs:
  - get
  - update
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - create
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx-admission
  namespace: ingress-nginx
rules:
- apiGroups:
  - ""
  resources:
  - secrets
  verbs:
  - get
  - create
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx
rules:
- apiGroups:
  - ""
  resources:
  - configmaps
  - endpoints
  - nodes
  - pods
  - secrets
  - namespaces
  verbs:
  - list
  - watch
- apiGroups:
  - coordination.k8s.io
  resources:
  - leases
  verbs:
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - nodes
  verbs:
  - get
- apiGroups:
  - ""
  resources:
  - services
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - ""
  resources:
  - events
  verbs:
  - create
  - patch
- apiGroups:
  - networking.k8s.io
  resources:
  - ingresses/status
  verbs:
  - update
- apiGroups:
  - networking.k8s.io
  resources:
  - ingressclasses
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx-admission
rules:
- apiGroups:
  - admissionregistration.k8s.io
  resources:
  - validatingwebhookconfigurations
  verbs:
  - get
  - update
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx
subjects:
- kind: ServiceAccount
  name: ingress-nginx
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx-admission
  namespace: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
  name: ingress-nginx-admission
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx
subjects:
- kind: ServiceAccount
  name: ingress-nginx
  namespace: ingress-nginx
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx-admission
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: ingress-nginx-admission
subjects:
- kind: ServiceAccount
  name: ingress-nginx-admission
  namespace: ingress-nginx
---
apiVersion: v1
data:
  allow-snippet-annotations: "true"
kind: ConfigMap
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx-controller
  namespace: ingress-nginx
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  externalTrafficPolicy: Local
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - appProtocol: http
    name: http
    port: 80
    protocol: TCP
    targetPort: http
  - appProtocol: https
    name: https
    port: 443
    protocol: TCP
    targetPort: https
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx-controller-admission
  namespace: ingress-nginx
spec:
  ports:
  - appProtocol: https
    name: https-webhook
    port: 443
    targetPort: webhook
  selector:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
  type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx-controller
  namespace: ingress-nginx
spec:
  replicas: 1
  minReadySeconds: 0
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app.kubernetes.io/component: controller
      app.kubernetes.io/instance: ingress-nginx
      app.kubernetes.io/name: ingress-nginx
  template:
    metadata:
      labels:
        app.kubernetes.io/component: controller
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
    spec:
      hostNetwork: true
      containers:
      - args:
        - /nginx-ingress-controller
        - --publish-service=$(POD_NAMESPACE)/ingress-nginx-controller
        - --election-id=ingress-controller-leader
        - --controller-class=k8s.io/ingress-nginx
        - --ingress-class=nginx
        - --configmap=$(POD_NAMESPACE)/ingress-nginx-controller
        - --validating-webhook=:8443
        - --validating-webhook-certificate=/usr/local/certificates/cert
        - --validating-webhook-key=/usr/local/certificates/key
        env:
        - name: POD_NAME
          valueFrom:
            fieldRef:
              fieldPath: metadata.name
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        - name: LD_PRELOAD
          value: /usr/local/lib/libmimalloc.so
        image: k8s.dockerproxy.com/ingress-nginx/controller:v1.3.1@sha256:54f7fe2c6c5a9db9a0ebf1131797109bb7a4d91f56b9b362bde2abd237dd1974
        imagePullPolicy: IfNotPresent
        lifecycle:
          preStop:
            exec:
              command:
              - /wait-shutdown
        livenessProbe:
          failureThreshold: 5
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        name: controller
        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        - containerPort: 443
          name: https
          protocol: TCP
        - containerPort: 8443
          name: webhook
          protocol: TCP
        readinessProbe:
          failureThreshold: 3
          httpGet:
            path: /healthz
            port: 10254
            scheme: HTTP
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 1
        resources:
          requests:
            cpu: 100m
            memory: 90Mi
        securityContext:
          allowPrivilegeEscalation: true
          capabilities:
            add:
            - NET_BIND_SERVICE
            drop:
            - ALL
          runAsUser: 101
        volumeMounts:
        - mountPath: /usr/local/certificates/
          name: webhook-cert
          readOnly: true
      dnsPolicy: ClusterFirst
      nodeSelector:
        kubernetes.io/os: linux
        nginx: nginx
      tolerations:
       - operator: "Exists"
         effect: "NoSchedule" 
      serviceAccountName: ingress-nginx
      terminationGracePeriodSeconds: 300
      volumes:
      - name: webhook-cert
        secret:
          secretName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx-admission-create
  namespace: ingress-nginx
spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission-create
    spec:
      containers:
      - args:
        - create
        - --host=ingress-nginx-controller-admission,ingress-nginx-controller-admission.$(POD_NAMESPACE).svc
        - --namespace=$(POD_NAMESPACE)
        - --secret-name=ingress-nginx-admission
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: k8s.dockerproxy.com/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47
        imagePullPolicy: IfNotPresent
        name: create
        securityContext:
          allowPrivilegeEscalation: false
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
      serviceAccountName: ingress-nginx-admission
---
apiVersion: batch/v1
kind: Job
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx-admission-patch
  namespace: ingress-nginx
spec:
  template:
    metadata:
      labels:
        app.kubernetes.io/component: admission-webhook
        app.kubernetes.io/instance: ingress-nginx
        app.kubernetes.io/name: ingress-nginx
        app.kubernetes.io/part-of: ingress-nginx
        app.kubernetes.io/version: 1.3.1
      name: ingress-nginx-admission-patch
    spec:
      containers:
      - args:
        - patch
        - --webhook-name=ingress-nginx-admission
        - --namespace=$(POD_NAMESPACE)
        - --patch-mutating=false
        - --secret-name=ingress-nginx-admission
        - --patch-failure-policy=Fail
        env:
        - name: POD_NAMESPACE
          valueFrom:
            fieldRef:
              fieldPath: metadata.namespace
        image: k8s.dockerproxy.com/ingress-nginx/kube-webhook-certgen:v1.3.0@sha256:549e71a6ca248c5abd51cdb73dbc3083df62cf92ed5e6147c780e30f7e007a47
        imagePullPolicy: IfNotPresent
        name: patch
        securityContext:
          allowPrivilegeEscalation: false
      nodeSelector:
        kubernetes.io/os: linux
      restartPolicy: OnFailure
      securityContext:
        fsGroup: 2000
        runAsNonRoot: true
        runAsUser: 2000
      serviceAccountName: ingress-nginx-admission
---
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  labels:
    app.kubernetes.io/component: controller
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: nginx
spec:
  controller: k8s.io/ingress-nginx
---
apiVersion: admissionregistration.k8s.io/v1
kind: ValidatingWebhookConfiguration
metadata:
  labels:
    app.kubernetes.io/component: admission-webhook
    app.kubernetes.io/instance: ingress-nginx
    app.kubernetes.io/name: ingress-nginx
    app.kubernetes.io/part-of: ingress-nginx
    app.kubernetes.io/version: 1.3.1
  name: ingress-nginx-admission
webhooks:
- admissionReviewVersions:
  - v1
  clientConfig:
    service:
      name: ingress-nginx-controller-admission
      namespace: ingress-nginx
      path: /networking/v1/ingresses
  failurePolicy: Fail
  matchPolicy: Equivalent
  name: validate.nginx.ingress.kubernetes.io
  rules:
  - apiGroups:
    - networking.k8s.io
    apiVersions:
    - v1
    operations:
    - CREATE
    - UPDATE
    resources:
    - ingresses
  sideEffects: None

3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生
安装ingress-nginx

kubectl apply -f ingress-nginx-contraller.yaml

1.2 查看是否安装成功

kubectl get pod -n ingress-nginx -owide

3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生
3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生

kubectl get pod,svc,ing,deploy -n ingress-nginx

3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生
发现namespace为ingress-nginx的三个pod已经成功完成,status为completed的两个pod为job类型资源,completed表示job已经成功执行无需管它
查看端口占用

sudo netstat -tlnp | grep 80

3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生
可以看到,443 80都被占用了,这里就是这个controller占用了,暴露了对外服务。

二、配置dashboard域名映射

2.1.在windows和linux添加上域名映射

192.168.184.129为master节点物理机ip,也就是部署ingress-controller的机器。
c:\windows\system32\drivers\etc 的hosts文件添加上

192.168.184.129 k8s.dashboard.com

刷新host文件

ipconfig /flushdns

linux也加上在 /etc/路径下的hosts文件加上

192.168.184.129 k8s.dashboard.com

2.2 生成tls证书

openssl genpkey -algorithm RSA -out private.key
openssl req -new -key private.key -out csr.csr

生产csr文件会要求输入地区国家什么的,按要求输入即可。
san.cnf文件内容如下

ions = v3_req
distinguished_name = req_distinguished_name

[req_distinguished_name]

[v3_req]
subjectAltName = @alt_names

[alt_names]
DNS.1 = k8s.dashboard.com
DNS.2 = www.k8s.dashboard.com
openssl x509 -req -in csr.csr -signkey private.key -out certificate.crt -extfile san.cnf -extensions v3_req -days 9999

执行后生成以下文件
3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生
把证书导入k8s

kubectl create secret tls dashboard-secret --key private.key --cert certificate.crt -n kubernetes-dashboard

-n 指的是命名空间,也就是dashboard的命名空间,这个不对会导致找不到密钥要注意

2.3 新增ingress配置

这里的ingress配置可以理解成nginx配置,就是通过这个配置,ingress-controller会动态生成nginx配置,并且使之生效。

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubernetes-dashboard-ingress
  annotations:
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
  namespace: kubernetes-dashboard
spec:
  ingressClassName: nginx
  tls:
  - hosts:
    - k8s.dashboard.com
    secretName: dashboard-secret
  rules:
  - host: "k8s.dashboard.com"
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443

namespace: kubernetes-dashboard 配置和kubernetes-dashboard服务的命名空间保持一致。
这里nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"这个配置要加上,否则,ingress-controller会报错如下

2023/09/11 02:07:11 [error] 576#576: *19298 recv() failed (104: Connection reset by peer) while sending to client, client: 192.168.184.1, server: k8s.dashboard.com, request: "GET / HTTP/2.0", upstream: "http://10.244.241.154:8443/", host: "k8s.dashboard.com"

我的dashbord的部署方式是nodeport方式,如果配置了ingress方式后,是可以两种方式登录的1 ip:nodeport 2.域名。可以用第一种方式检查你的nodeport是否正常运行,适合排查问题。

kubectl get svc --all-namespaces

3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生
执行ingress配置

kubectl apply -f ingress-dashboard.yaml

查看ingress

kubectl  get ingress -A

3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生

2.3 验证

在浏览器上输入

https://k8s.dashboard.com/

可以看到已经进入k8s的管理界面了
3.k8s dashboard设置域名登录案例(ingress版本为1.3.1),k8s,kubernetes,容器,云原生

总结

至此已经完成了ks8管理界面的域名登录,要注意的点总结一下有以下几点:
1.k8s版本和ingress版本要匹配,我也因为这个好几天没搞对,浪费时间。
2.ingress-controller的部署方式是lb,dashboard的是nodeport这个其实影响不大,之前一直以为会相关影响,这个属于多虑了。
3.tls证书的生成和网上普遍的不一样,可能是因为ingress-controller的版本高了,需要用带san的方式生成。否则也会找不到密钥的错误。文章来源地址https://www.toymoban.com/news/detail-707314.html

到了这里,关于3.k8s dashboard设置域名登录案例(ingress版本为1.3.1)的文章就介绍完了。如果您还想了解更多内容,请在右上角搜索TOY模板网以前的文章或继续浏览下面的相关文章,希望大家以后多多支持TOY模板网!

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处: 如若内容造成侵权/违法违规/事实不符,请点击违法举报进行投诉反馈,一经查实,立即删除!

领支付宝红包 赞助服务器费用

相关文章

  • k8s(Kubernetes)设置 pod,Deployment 域名自定义映射ip,hosts 解析 HostAliases

    直接 编辑修改 Deployment 最后内容如下,如需保存 按 esc 键,最后输入 :wq 保存退出,容器会自动重新生成新的

    2024年02月12日
    浏览(47)
  • K8s进阶之网络:pod内不同容器、同节点不同pod通信、CNI插件、不同节点pod通信、Flannel容器网络、Serivce连接外部网络、服务发现、Nginx反向代理与域名、Ingress代理

    Pod是Kubernetes中最小的可部署单元,它是一个或多个紧密关联的容器的组合,这些容器共享同一个网络命名空间和存储卷,因此Pod中的 所有容器都共享相同的网络命名空间和IP地址——PodIP ,所以在同一个Pod内的容器间通信可以 通过localhost直接通信 。 k8s创建Pod时永远都是首先

    2024年02月05日
    浏览(56)
  • k8s dashboard安装

    注意,版本要和k8s版本匹配,具体参考:https://github.com/kubernetes/dashboard/releases 拉镜像: 把刚下载的 recommended.yaml 中443和8443位置所在的Service加一句,如下图: 重新启动生效: 找到所在Node节点: 找到Service的端口: 这里显示是node01,那么在浏览器中的地址就是: https://node0

    2024年02月01日
    浏览(48)
  • k8s部署Dashboard

    1.1 安装或关闭以下服务 关闭防火墙等 linux时间校对 docker安装 二进制安装K8S集群-上 二进制安装K8S集群-下 K8S命令补全 1.2 本次安装环境 配置信息 说明 master IP地址 192.168.1.10 linux系统版本 CentOS7.4 内核 ml-3.10.0 K8S版本 1.23.4 2.1 下载 2.2 修改配置文件 2.3 安装 3.1 访问 https://192.16

    2024年02月03日
    浏览(40)
  • k8s ingress

    一、浅谈ingress (ingress 是与service配合使用的)  Ingress能把Service(Kubernetes的服务)配置成外网能够访问的URL,流量负载均衡,及SSL,并提供域名访问的虚拟主机等,客户通过访问URL(API资源服务的形式,例如:caas.one/kibana)进入和请求Service,一个Ingress控制器负责处理所有

    2024年02月12日
    浏览(40)
  • Kubernetes Dashboard部署安装 K8S 安装 Dashboard

    目录 Dashboard 官方文档:部署和访问 Kubernetes 仪表板(Dashboard) | Kubernetes 参考文档:(120条消息) K8S 安装 Dashboard_k8s 安装dashboard_tom.ma的博客-CSDN博客 扩展: K8S 安装 Dashboard 1、在 master 节点执行  1.1、下载recommended.yaml(可能需要翻墙才能下载) 1.2、创建 pod 2、查看dashboard是否

    2024年02月11日
    浏览(51)
  • 【3】k8s搭建DashBoard

    目录 1、创建recommended.yaml并写入下列 2、设置访问端口 3、查看要访问的端口 4、创建访问账号 5、获取访问令牌 前言 kubernetes中管理集群中资源的方式通常有四种:命令行、YAML、API和图形界面。其中dashboard是K8s官方的图形界面工具。使用简单,操作方便,能监控node和pod等。

    2024年02月02日
    浏览(38)
  • [Kubernetes]9. K8s ingress讲解借助ingress配置http,https访问k8s集群应用

    前面讲解了使用Helm部署mysql集群,这里来看看使用Ingress搭建负载均衡功能 功能类似 Nginx ,可以根据域名、路径把请求转发到不同的 Service , Ingress 为外部访问集群提供了一个 统一 入口, 避免 了 对外暴露集群端口 ,可以配置 https,http访问集群应用,接下来看看如何通过腾讯云来

    2024年01月22日
    浏览(59)
  • K8s排错之浏览器打不开K8s Dashboard

    10.0.0.10 通常会使用加密技术来保护您的信息。Chrome 此次尝试连接到 10.0.0.10 时,该网站发回了异常的错误凭据。这可能是因为有攻击者在试图冒充 10.0.0.10,或者 Wi-Fi 登录屏幕中断了此次连接。请放心,您的信息仍然是安全的,因为 Chrome 尚未进行任何数据交换便停止了连接

    2024年02月14日
    浏览(42)
  • 【K8S 云原生】K8S的对外服务—ingress

    目录 一、K8S的Service 1、Service的作用 2、Service类型: 二、ingress 1、ingress的组成: 2、ingress资源的定义项: 三、nginx-ingress-controller暴露服务端的方式 1、Deployment+LoadBalancer模式: 1、工作流程图: 2、Daemonset+hostnetwork+nodeSelector模式: 1、工作流程图 2、实验: 3、deployment+NodePort

    2024年01月18日
    浏览(47)

觉得文章有用就打赏一下文章作者

支付宝扫一扫打赏

博客赞助

微信扫一扫打赏

请作者喝杯咖啡吧~博客赞助

支付宝扫一扫领取红包,优惠每天领

二维码1

领取红包

二维码2

领红包