Kubernetes dashboard认证访问

一、Dashboard部署

部署的过程

[root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
[root@csserver12 ~]# kubectl get po -n kube-system|grep kubernetes-dashboard
NAME                                   READY   STATUS    RESTARTS   AGE kubernetes
-dashboard-d894c6994-l68db 1/1 Running 0 21d

  [root@csserver12 ~]# kubectl get svc -n kube-system|grep kubernetes-dashboard

  NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
  kubernetes-dashboard   NodePort    10.101.0.99      <none>       443/TCP         21d

[root@k8s-master ~]# kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system  #以打补丁方式修改dasboard的访问方式或者设置ingress访问
service/kubernetes-dashboard patched
[root@k8s-master ~]# kubectl get svc -n kube-system
NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort    10.105.204.4   <none>        443:30015/TCP   31m

浏览器访问:https://172.18.128.119:30015,如图:这里需要注意的是谷歌浏览器会禁止不安全证书访问,建议使用火狐浏览器,并且需要在高级选项中添加信

 

 

 

在k8s中 dashboard可以有两种访问方式:kubeconfig(HTTPS)和token(http)

1、token认证

 (1)创建dashboard专用证书

[root@csserver12 ~]# cd /etc/kubernetes/pki/
[root@csserver12 pki]# (umask 077;openssl genrsa -out dashboard.key 2048) Generating RSA private key, 2048 bit long modulus .....................................................................................................+++ ..........................+++ e is 65537 (0x10001)

(2)证书签署请求

[root@csserver12 pki]# openssl req -new -key dashboard.key -out dashboard.csr -subj "/O=wicrenet/CN=dashboard"
[root@csserver12 pki]# openssl x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out dashboard.crt -days 36500
Signature ok
subject=/O=wicrenet/CN=dashboard
Getting CA Private Key

(3)定义令牌方式仅能访问default名称空间

复制代码
[root@csserver12 pki]# kubectl create secret generic dashboard-cert -n kube-system --from-file=./dashboard.crt --from-file=dashboard.key=./dashboard.key   #secret创建
secret/dashboard-cert created

[root@csserver12 pki]# kubectl get secret -n kube-system |grep dashboard
dashboard-cert                                   Opaque                                2         1m
kubernetes-dashboard-certs                       Opaque                                0         3h
kubernetes-dashboard-key-holder                  Opaque                                2         3h
kubernetes-dashboard-token-jpbgw                 kubernetes.io/service-account-token   3         3h

[root@csserver12 pki]# kubectl create serviceaccount def-ns-admin -n default  #创建serviceaccount
serviceaccount/def-ns-admin created

[root@csserver12 pki]# kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin  #service account账户绑定到集群角色admin
rolebinding.rbac.authorization.k8s.io/def-ns-admin created

[root@csserver12 pki]# kubectl describe secret def-ns-admin-token-k9fz9  #查看def-ns-admin这个serviceaccount的token
Name:         def-ns-admin-token-k9fz9
Namespace:    default
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=def-ns-admin
              kubernetes.io/service-account.uid=56ed901c-d042-11e8-801a-000c2972dc1f

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  7 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi1rOWZ6OSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1NmVkOTAxYy1kMDQyLTExZTgtODAxYS0wMDBjMjk3MmRjMWYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.QfB5RR19nBv4-kFYyzW5-2n5Ksg-kON8lU18-COLBNfObQTDHs926m4k9f_5bto4YGncYi7sV_3oEec8ouW1FRjJWfY677L1IqIlwcuqc-g0DUo21zkjY_s3Lv3JSb_AfXUbZ7VTeWOhvwonqfK8uriGO1-XET-RBk1CE4Go1sL7X5qDgPjNO1g85D9IbIZG64VygplT6yZNc-b7tLNn_O49STthy6J0jdNk8lYxjy6UJohoTicy2XkZMHp8bNPBj9RqGqMSnnJxny5WO3vHxYAodKx7h6w-PtuON84lICnhiJ06RzsWjZfdeaQYg4gCZmd2J6Hdq0_K32n3l3kFLg
复制代码

将该token复制后,填入验证,要知道的是,该token认证仅可以查看default名称空间的内容,如下图:

 

 

 

 

 

 

 

2、kubeconfig认证 

(1)配置k8s-dashboard-admin的集群信息

[root@k8s-master pki]# kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://172.18.128.119:6443" --embed-certs=true --kubeconfig=/root/k8s-dashboard-admin.conf
Cluster "kubernetes" set.

(2)使用token写入集群验证

[root@k8s-master ~]# kubectl config set-credentials -h  #认证的方式可以通过crt和key文件,也可以使用token进行配置,这里使用tonken

Usage:
  kubectl config set-credentials NAME [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile]
[--token=bearer_token] [--username=basic_user] [--password=basic_password] [--auth-provider=provider_name]
[--auth-provider-arg=key=value] [options]
[root@csserver12 pki]# kubectl describe secret dashboard-admin-token-bgjrh -n kube-system
Name: dashboard-admin-token-bgjrh
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: a4eed7a5-c729-11e9-90fc-000c291e9d7e

Type: kubernetes.io/service-account-token

Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYmdqcmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTRlZWQ3YTUtYzcyOS0xMWU5LTkwZmMtMDAwYzI5MWU5ZDdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.oH3kBBCrwh70HYKFZ-KA25fBrysyBnqNbxAuZsVJayjXaWyrEM9Ce_Ypsa8EnV38H8S2yxXNM10ratGKgLAt_G0NRAkTOnxakPy-CqrF_Z01ZcDmNG6wdifMS3q_5-ORqI9-0v3NZBBHckdm0x3MBx7BHPuoAZzyf4Gu--BtX4g3sgc-o7LW9uMEZlPO3WIt01w__85oPnkP10-com0MiJgy0qluKDsQKn2-EsylPLO9ymre6-eNeAJMc9x9FEGz8rVtUf_jK3A_eV2vkhwhqKPjRumubnNXp8sGXWz8BS6DNTX3FCeTlXbukU5Pd0nmv7SGc87K51bWjxXbaVbJZQ

这里的token是base64编码,此处需要进行解码操作
[root@csserver12 pki]# kubectl get secret dashboard-admin-token-bgjrh -o jsonpath={.data.token} -n kube-system|base64 -d
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYmdqcmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTRlZWQ3YTUtYzcyOS0xMWU5LTkwZmMtMDAwYzI5MWU5ZDdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.oH3kBBCrwh70HYKFZ-KA25fBrysyBnqNbxAuZsVJayjXaWyrEM9Ce_Ypsa8EnV38H8S2yxXNM10ratGKgLAt_G0NRAkTOnxakPy-CqrF_Z01ZcDmNG6wdifMS3q_5-ORqI9-0v3NZBBHckdm0x3MBx7BHPuoAZzyf4Gu--BtX4g3sgc-o7LW9uMEZlPO3WIt01w__85oPnkP10-com0MiJgy0qluKDsQKn2-EsylPLO9ymre6-eNeAJMc9x9FEGz8rVtUf_jK3A_eV2vkhwhqKPjRumubnNXp8sGXWz8BS6DNTX3FCeTlXbukU5Pd0nmv7SGc87K51bWjxXbaVbJZQ

配置token信息
[root@csserver12 pki]# kubectl config set-credentials k8s-dashboard-admin --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYmdqcmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTRlZWQ3YTUtYzcyOS0xMWU5LTkwZmMtMDAwYzI5MWU5ZDdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.oH3kBBCrwh70HYKFZ-KA25fBrysyBnqNbxAuZsVJayjXaWyrEM9Ce_Ypsa8EnV38H8S2yxXNM10ratGKgLAt_G0NRAkTOnxakPy-CqrF_Z01ZcDmNG6wdifMS3q_5-ORqI9-0v3NZBBHckdm0x3MBx7BHPuoAZzyf4Gu--BtX4g3sgc-o7LW9uMEZlPO3WIt01w__85oPnkP10-com0MiJgy0qluKDsQKn2-EsylPLO9ymre6-eNeAJMc9x9FEGz8rVtUf_jK3A_eV2vkhwhqKPjRumubnNXp8sGXWz8BS6DNTX3FCeTlXbukU5Pd0nmv7SGc87K51bWjxXbaVbJZQ --kubeconfig=/root/k8s-dashboard-admin.conf 
User "k8s-dashboard-admin" set.

 

(3)配置上下文和当前上下文

[root@csserver12 pki]# kubectl config set-context k8s-dashboard-admin@kubernetes --cluster=kubernetes --user=k8s-dashboard-admin --kubeconfig=/root/k8s-dashboard-admin.conf 
Context "k8s-dashboard-admin@kubernetes" created.
[root@csserver12 pki]# kubectl config use-context k8s-dashboard-admin@kubernetes --kubeconfig=/root/k8s-dashboard-admin.conf             
Switched to context "k8s-dashboard-admin@kubernetes".
[root@csserver12 pki]# kubectl config view --kubeconfig=/root/k8s-dashboard-admin.conf 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://172.18.128.119:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: k8s-dashboard-admin
  name: k8s-dashboard-admin@kubernetes
current-context: k8s-dashboard-admin@kubernetes
kind: Config
preferences: {}
users:
- name: k8s-dashboard-admin
  user:
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYmdqcmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTRlZWQ3YTUtYzcyOS0xMWU5LTkwZmMtMDAwYzI5MWU5ZDdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.oH3kBBCrwh70HYKFZ-KA25fBrysyBnqNbxAuZsVJayjXaWyrEM9Ce_Ypsa8EnV38H8S2yxXNM10ratGKgLAt_G0NRAkTOnxakPy-CqrF_Z01ZcDmNG6wdifMS3q_5-ORqI9-0v3NZBBHckdm0x3MBx7BHPuoAZzyf4Gu--BtX4g3sgc-o7LW9uMEZlPO3WIt01w__85oPnkP10-com0MiJgy0qluKDsQKn2-EsylPLO9ymre6-eNeAJMc9x9FEGz8rVtUf_jK3A_eV2vkhwhqKPjRumubnNXp8sGXWz8BS6DNTX3FCeTlXbukU5Pd0nmv7SGc87K51bWjxXbaVbJZQ

 

将/root/k8s-dashboard-admin.conf文件发送到宿主机,浏览器访问时选择Kubeconfig认证,载入该配置文件,点击登陆,即可实现访问,如图: 

 

 3、设置ingress访问

[root@csserver12 plugin]# cat kubernetes-dashboard-ingress.yaml 
kind: Ingress
apiVersion: extensions/v1beta1
metadata: 
  name: dashboard
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  tls:
  - hosts:
    - dashboard-dev.wicrenet.com
    secretName: kube-system-ingress-secret
  rules:
  - host: dashboard-dev.wicrenet.com
    http:
      paths:
      - backend:
          serviceName: kubernetes-dashboard
          servicePort: 443
        path: /
[root@csserver12 plugin]# kubectl apply -f kubernetes-dashboard-ingress.yaml

 

二、总结

1、部署dashboard:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

2、将Service改为Node Port方式或者Ingress方式进行访问:

kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system

3、访问认证:

认证时的账号必须为ServiceAccount:其作用是被dashboard pod拿来由kubenetes进行认证;认证方式有2种:
token:

  • (1)创建ServiceAccount,根据其管理目标,使用rolebinding或clusterbinding绑定至合理的role或clusterrole;
  • (2)获取此ServiceAccount的secret,查看secret的详细信息,其中就有token;
  • (3)复制token到认证页面即可登录。

kubeconfig:把ServiceAccount的token封装为kubeconfig文件

  • (1)创建ServiceAccount,根据其管理目标,使用rolebinding或clusterbinding绑定至合理的role或clusterrole;
  • (2)kubectl get secret |awk '/^ServiceAccount/{print $1}'
  • KUBE_TOKEN=$(kubectl get secret SERVICEACCOUNT_SECRET_NAME -o jsonpath={.data.token} | base64 -d)
  • (3)生成kubeconfig文件
kubectl config set-cluster
kubectl config set-credentials NAME --token=$KUBE_TOKEN
kubectl config set-context
kubectl config use-context

 

三、附kubenetes-dashboard.yaml文件

[root@csserver12 plugin]# cat kubernetes-dashboard.yaml 
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Configuration to deploy release version of the Dashboard UI compatible with
# Kubernetes 1.8.
#
# Example usage: kubectl create -f <this_file>

---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    # Allows editing resource and makes sure it is created first.
    addonmanager.kubernetes.io/mode: EnsureExists
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    # Allows editing resource and makes sure it is created first.
    addonmanager.kubernetes.io/mode: EnsureExists
  name: kubernetes-dashboard-key-holder
  namespace: kube-system
type: Opaque
---
# ------------------- Dashboard Service Account ------------------- #

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-admin
  namespace: kube-system

---
# ------------------- Dashboard Role & Role Binding ------------------- #
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard-admin
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard-admin
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
    name: cluster-watcher
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - 'get'
  - 'list'
- nonResourceURLs:
  - '*'
  verbs:
  - 'get'
  - 'list'
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
  verbs: ["get", "update", "delete"]
  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["kubernetes-dashboard-settings"]
  verbs: ["get", "update"]
  # Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
  resources: ["services"]
  resourceNames: ["heapster"]
  verbs: ["proxy"]
---
# ------------------- Dashboard Deployment ------------------- #
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
    spec:
      priorityClassName: system-cluster-critical
      containers:
      - name: kubernetes-dashboard
        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
        resources:
          limits:
            cpu: 100m
            memory: 300Mi
          requests:
            cpu: 50m
            memory: 100Mi
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          - --auto-generate-certificates
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
        - name: tmp-volume
          mountPath: /tmp
        livenessProbe:
          httpGet:
            scheme: HTTPS
            path: /
            port: 8443
          initialDelaySeconds: 30
          timeoutSeconds: 30
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
      - name: tmp-volume
        emptyDir: {}
      serviceAccountName: kubernetes-dashboard-admin
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule

---
# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  ports:
  - port: 443
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata: 
  name: dashboard
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  tls:
  - hosts:
    - dashboard-dev.wicrenet.com
    secretName: kube-system-ingress-secret
  rules:
  - host: dashboard-dev.wicrenet.com
    http:
      paths:
      - backend:
          serviceName: kubernetes-dashboard
          servicePort: 443
        path: /

 

posted @ 2019-09-16 16:04  康康路马  阅读(1694)  评论(0编辑  收藏  举报