7

我有带有 Ingress/Traefik 控制器的 Kubernetes 集群

此外,我使用此处的标准配置安装了仪表板:https ://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

我正在尝试通过 Ingress 访问仪表板,但出现 404 错误

404 page not found

我的 ingress.yml 文件看起来像这样

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "traefik"
  name: app-ingress-system
  namespace: kube-system
spec:
  tls:
  - hosts:
    - dashboard.domain.com
    secretName: kubernetes-dashboard-certs
  rules:
  - host: dashboard.domain.com
    http:
      paths:
      - path: /
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

我尝试了不同的路径:(如/dashboard,/proxy)相同的结果

4

3 回答 3

4

发生这种情况是因为kubernetes-dashboard-certs没有该文件tls.crt并且tls.keytraefik 期望该文件。你应该在 traefik 日志中得到这个。

下一个问题将是 traefik 证书和仪表板证书之间的问题。我仍然不明白如何正确解决此问题并使用以下选项配置 traefik:

 ssl.insecureSkipVerify: "true"

我的最后一个是 http 端点不接受登录,最后我声明了将 http 重定向到 https 的入口,如下所示:

kubectl apply -f - << EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/ssl-redirect: "true"
spec:
  rules:
    - host: dashboard.domain.com
      http:
        paths:
          - path: /
            backend:
              serviceName: kubernetes-dashboard
              servicePort: 443
EOF
于 2019-08-07T14:44:18.307 回答
0

通过为 ingressroute 创建自定义服务器传输,您可以在不禁用整个 traefik 服务器的 ssl 验证的情况下访问 kubernetes 仪表板

---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  name: kubernetes-dashboard-transport
  namespace: kubernetes-dashboard

spec:
  serverName: kubernetes-dashboard
  insecureSkipVerify: true

---              
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: kubernetes-dashboard-ingress
  namespace: kubernetes-dashboard
spec:
  entryPoints:                      # [1]
    - websecure
  routes:                           # [2]
  - kind: Rule
    match:   Host(`k3sdashboard.example.xyz`) # [3]
    priority: 10                    # [4]
    services:                       # [8]
    - kind: Service 
      name: kubernetes-dashboard
      namespace: kubernetes-dashboard
      port: 443                      # [9]
      serversTransport: kubernetes-dashboard-transport
  tls:                              # [11]
    certResolver: dns-cloudflare
于 2021-11-17T05:15:19.397 回答
0

此代码适用于 microk8s。在某些系统中必须将服务 kubernetes-dasboard 类型更改为 NodePort

kubectl -n kube-system edit svc kubernetes-dashboard

为 yourdomain.com 创建一个 tls secret 必须在 kubernates-dashboard 所在的同一个命名空间中,必须有 crt 和 key 文件。

kubectl -n kube-system create secret tls yourdomain.com-tls --key="yourdomain.com.key" --cert="yourdomain.com.crt"

使用此代码创建入口

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: ingress-dashboard
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: public
    #this redirect to https if try to enter over http
    nginx.ingress.kubernetes.io/ssl-redirect: "true"
    #this is required, because dashboard only run over HTTPS
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
    #this requiered if want to protect site
    #nginx.ingress.kubernetes.io/whitelist-source-range: <here your public ip>,<here server ip if want access from server>
spec:
  tls:
    - hosts:
      - dashboard.yourdomain.com
      secretName: yourdomain.com-tls
  rules:
  - host: dashboard.yourdomain.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubernetes-dashboard
            port: 
              number: 8443
于 2021-10-16T20:30:33.153 回答