HTTPS访问kuboard
HTTPS访问kuboard
目标:HTTPS访问kuboard (1) 创建deployment声明文件
kuboard-https.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: kuboard
namespace: kube-system
annotations:
k8s.eip.work/displayName: kuboard
k8s.eip.work/ingress: "true"
k8s.eip.work/service: NodePort
k8s.eip.work/workload: kuboard
labels:
k8s.eip.work/layer: monitor
k8s.eip.work/name: kuboard
spec:
replicas: 1
selector:
matchLabels:
k8s.eip.work/layer: monitor
k8s.eip.work/name: kuboard
template:
metadata:
labels:
k8s.eip.work/layer: monitor
k8s.eip.work/name: kuboard
spec:
containers:
- name: kuboard
image: eipwork/kuboard:latest
imagePullPolicy: Always
---
apiVersion: v1
kind: Service
metadata:
name: kuboard
namespace: kube-system
spec:
type: LoadBalancer
ports:
- name: http
port: 80
targetPort: 80
selector:
k8s.eip.work/layer: monitor
k8s.eip.work/name: kuboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kuboard-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kuboard-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kuboard-user
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: kuboard-viewer
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kuboard-viewer
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: view
subjects:
- kind: ServiceAccount
name: kuboard-viewer
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kuboard-viewer-node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:node
subjects:
- kind: ServiceAccount
name: kuboard-viewer
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kuboard-viewer-pvp
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:persistent-volume-provisioner
subjects:
- kind: ServiceAccount
name: kuboard-viewer
namespace: kube-system
---
apiVersion: certmanager.k8s.io/v1alpha1
kind: ClusterIssuer
metadata:
name: kuboard-ssl-cert
spec:
acme:
server: https://acme-v02.api.letsencrypt.org/directory
email: panyingyun@gmail.com
privateKeySecretRef:
name: kuboard-ssl-cert
http01: {}
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kuboard
namespace: kube-system
annotations:
certmanager.k8s.io/cluster-issuer: kuboard-ssl-cert
nginx.org/websocket-services: "kuboard"
nginx.com/sticky-cookie-services: "serviceName=kuboard srv_id expires=1h path=/"
spec:
tls:
- hosts:
- kuboard.michaelapp.com
secretName: kuboard-ssl-cert
rules:
- host: kuboard.michaelapp.com
http:
paths:
- path: /
backend:
serviceName: kuboard
servicePort: http
(2) 使用kubctl apply 或者 kubctl create创建deployment
//创建deployment
[root@t1 ipquery]# kubectl apply -f kuboard-https.yaml
deployment.apps/kuboard unchanged
service/kuboard configured
serviceaccount/kuboard-user unchanged
clusterrolebinding.rbac.authorization.k8s.io/kuboard-user unchanged
serviceaccount/kuboard-viewer unchanged
clusterrolebinding.rbac.authorization.k8s.io/kuboard-viewer unchanged
clusterrolebinding.rbac.authorization.k8s.io/kuboard-viewer-node unchanged
clusterrolebinding.rbac.authorization.k8s.io/kuboard-viewer-pvp unchanged
clusterissuer.certmanager.k8s.io/kuboard-ssl-cert created
ingress.extensions/kuboard configured
(3) 浏览器访问
https://kuboard.michaelapp.com
输入token值即可
token通过下面的命令获取
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}')