K8S-Dashboard的Ingress配置
Kubernetes Dashboard的后端必须通过https访问,是自签名的ssl证书。使用Ingress连接时,会出现证书验证的问题,因此要配置Ingress忽略ssl验证。
Ingress Nginx
Ingress Nginx是k8s官方社区开发的Ingress控制器,是基于Nginx的。熟悉Nginx的话,配置起来会比较简单。
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
nginx.ingress.kubernetes.io/server-snippet: |
proxy_ssl_verify off;
spec:
tls:
- hosts:
- dashboard.domain.com
secretName: tls-domain-com
rules:
- host: dashboard.domain.com
http:
paths:
- backend:
serviceName: kubernetes-dashboard
servicePort: 443
Traefik
切换到k3s后,默认的Ingress控制器是Traefik。Traefik看起来比Nginx更轻量,更强大。Traefik比较智能,会根据端口、服务名称等信息自动判断后端是不是https协议,而不必额外指定后端的协议类型。但是对于自签名ssl证书的验证只能在traefik全局进行配置。
apiVersion: helm.cattle.io/v1
kind: HelmChart
metadata:
name: traefik
namespace: kube-system
spec:
chart: https://%{KUBERNETES_API}%/static/charts/traefik-1.81.0.tgz
set:
rbac.enabled: "true"
ssl.enabled: "true"
ssl.insecureSkipVerify: "true"
metrics.prometheus.enabled: "false"
kubernetes.ingressEndpoint.useDefaultPublishedService: "true"
---
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
annotations:
traefik.ingress.kubernetes.io/redirect-entry-point: https
spec:
tls:
- hosts:
- dashboard.fat4.cn
secretName: tls-fat4-cn
rules:
- host: dashboard.fat4.cn
http:
paths:
- backend:
serviceName: kubernetes-dashboard
servicePort: 443
Please note that by enabling TLS communication between traefik and your pods, you will have to have trusted certificates that have the proper trust chain and IP subject name. If this is not an option, you may need to skip TLS certificate verification. See the insecureSkipVerify setting for more details.
可以说一切答案藏在官方文档中,只是初次接触时很少会完整的将文档看下来。
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 微软正式发布.NET 10 Preview 1:开启下一代开发框架新篇章
· 没有源码,如何修改代码逻辑?
· PowerShell开发游戏 · 打蜜蜂
· 在鹅厂做java开发是什么体验
· WPF到Web的无缝过渡:英雄联盟客户端的OpenSilver迁移实战