Kubernetes dashboard認證訪問


一、Dashboard部署

部署的過程

[root@k8s-master ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
[root@csserver12 ~]# kubectl get po -n kube-system|grep kubernetes-dashboard
NAME                                   READY   STATUS    RESTARTS   AGE kubernetes
-dashboard-d894c6994-l68db 1/1 Running 0 21d

  [root@csserver12 ~]# kubectl get svc -n kube-system|grep kubernetes-dashboard

  NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
  kubernetes-dashboard   NodePort    10.101.0.99      <none>       443/TCP         21d

[root@k8s-master ~]# kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system  #以打補丁方式修改dasboard的訪問方式或者設置ingress訪問
service/kubernetes-dashboard patched
[root@k8s-master ~]# kubectl get svc -n kube-system
NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort    10.105.204.4   <none>        443:30015/TCP   31m

瀏覽器訪問:https://172.18.128.119:30015,如圖:這里需要注意的是谷歌瀏覽器會禁止不安全證書訪問,建議使用火狐瀏覽器,並且需要在高級選項中添加信

 

 

 

在k8s中 dashboard可以有兩種訪問方式:kubeconfig(HTTPS)和token(http)

1、token認證

 (1)創建dashboard專用證書

[root@csserver12 ~]# cd /etc/kubernetes/pki/
[root@csserver12 pki]# (umask 077;openssl genrsa -out dashboard.key 2048) Generating RSA private key, 2048 bit long modulus .....................................................................................................+++ ..........................+++ e is 65537 (0x10001)

(2)證書簽署請求

[root@csserver12 pki]# openssl req -new -key dashboard.key -out dashboard.csr -subj "/O=wicrenet/CN=dashboard"
[root@csserver12 pki]# openssl x509 -req -in dashboard.csr -CA ca.crt -CAkey ca.key -CAcreateserial -out dashboard.crt -days 36500
Signature ok
subject=/O=wicrenet/CN=dashboard
Getting CA Private Key

(3)定義令牌方式僅能訪問default名稱空間

復制代碼
[root@csserver12 pki]# kubectl create secret generic dashboard-cert -n kube-system --from-file=./dashboard.crt --from-file=dashboard.key=./dashboard.key   #secret創建
secret/dashboard-cert created

[root@csserver12 pki]# kubectl get secret -n kube-system |grep dashboard
dashboard-cert                                   Opaque                                2         1m
kubernetes-dashboard-certs                       Opaque                                0         3h
kubernetes-dashboard-key-holder                  Opaque                                2         3h
kubernetes-dashboard-token-jpbgw                 kubernetes.io/service-account-token   3         3h

[root@csserver12 pki]# kubectl create serviceaccount def-ns-admin -n default  #創建serviceaccount
serviceaccount/def-ns-admin created

[root@csserver12 pki]# kubectl create rolebinding def-ns-admin --clusterrole=admin --serviceaccount=default:def-ns-admin  #service account賬戶綁定到集群角色admin
rolebinding.rbac.authorization.k8s.io/def-ns-admin created

[root@csserver12 pki]# kubectl describe secret def-ns-admin-token-k9fz9  #查看def-ns-admin這個serviceaccount的token
Name:         def-ns-admin-token-k9fz9
Namespace:    default
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=def-ns-admin
              kubernetes.io/service-account.uid=56ed901c-d042-11e8-801a-000c2972dc1f

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  7 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6ImRlZi1ucy1hZG1pbi10b2tlbi1rOWZ6OSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJkZWYtbnMtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI1NmVkOTAxYy1kMDQyLTExZTgtODAxYS0wMDBjMjk3MmRjMWYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDpkZWYtbnMtYWRtaW4ifQ.QfB5RR19nBv4-kFYyzW5-2n5Ksg-kON8lU18-COLBNfObQTDHs926m4k9f_5bto4YGncYi7sV_3oEec8ouW1FRjJWfY677L1IqIlwcuqc-g0DUo21zkjY_s3Lv3JSb_AfXUbZ7VTeWOhvwonqfK8uriGO1-XET-RBk1CE4Go1sL7X5qDgPjNO1g85D9IbIZG64VygplT6yZNc-b7tLNn_O49STthy6J0jdNk8lYxjy6UJohoTicy2XkZMHp8bNPBj9RqGqMSnnJxny5WO3vHxYAodKx7h6w-PtuON84lICnhiJ06RzsWjZfdeaQYg4gCZmd2J6Hdq0_K32n3l3kFLg
復制代碼

將該token復制后,填入驗證,要知道的是,該token認證僅可以查看default名稱空間的內容,如下圖:

 

 

 

 

 

 

 

2、kubeconfig認證 

(1)配置k8s-dashboard-admin的集群信息

[root@k8s-master pki]# kubectl config set-cluster kubernetes --certificate-authority=./ca.crt --server="https://172.18.128.119:6443" --embed-certs=true --kubeconfig=/root/k8s-dashboard-admin.conf
Cluster "kubernetes" set.

(2)使用token寫入集群驗證

[root@k8s-master ~]# kubectl config set-credentials -h  #認證的方式可以通過crt和key文件,也可以使用token進行配置,這里使用tonken

Usage:
  kubectl config set-credentials NAME [--client-certificate=path/to/certfile] [--client-key=path/to/keyfile]
[--token=bearer_token] [--username=basic_user] [--password=basic_password] [--auth-provider=provider_name]
[--auth-provider-arg=key=value] [options]
[root@csserver12 pki]# kubectl describe secret dashboard-admin-token-bgjrh -n kube-system
Name: dashboard-admin-token-bgjrh
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-admin
kubernetes.io/service-account.uid: a4eed7a5-c729-11e9-90fc-000c291e9d7e

Type: kubernetes.io/service-account-token

Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYmdqcmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTRlZWQ3YTUtYzcyOS0xMWU5LTkwZmMtMDAwYzI5MWU5ZDdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.oH3kBBCrwh70HYKFZ-KA25fBrysyBnqNbxAuZsVJayjXaWyrEM9Ce_Ypsa8EnV38H8S2yxXNM10ratGKgLAt_G0NRAkTOnxakPy-CqrF_Z01ZcDmNG6wdifMS3q_5-ORqI9-0v3NZBBHckdm0x3MBx7BHPuoAZzyf4Gu--BtX4g3sgc-o7LW9uMEZlPO3WIt01w__85oPnkP10-com0MiJgy0qluKDsQKn2-EsylPLO9ymre6-eNeAJMc9x9FEGz8rVtUf_jK3A_eV2vkhwhqKPjRumubnNXp8sGXWz8BS6DNTX3FCeTlXbukU5Pd0nmv7SGc87K51bWjxXbaVbJZQ

這里的token是base64編碼,此處需要進行解碼操作
[root@csserver12 pki]# kubectl get secret dashboard-admin-token-bgjrh -o jsonpath={.data.token} -n kube-system|base64 -d
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYmdqcmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTRlZWQ3YTUtYzcyOS0xMWU5LTkwZmMtMDAwYzI5MWU5ZDdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.oH3kBBCrwh70HYKFZ-KA25fBrysyBnqNbxAuZsVJayjXaWyrEM9Ce_Ypsa8EnV38H8S2yxXNM10ratGKgLAt_G0NRAkTOnxakPy-CqrF_Z01ZcDmNG6wdifMS3q_5-ORqI9-0v3NZBBHckdm0x3MBx7BHPuoAZzyf4Gu--BtX4g3sgc-o7LW9uMEZlPO3WIt01w__85oPnkP10-com0MiJgy0qluKDsQKn2-EsylPLO9ymre6-eNeAJMc9x9FEGz8rVtUf_jK3A_eV2vkhwhqKPjRumubnNXp8sGXWz8BS6DNTX3FCeTlXbukU5Pd0nmv7SGc87K51bWjxXbaVbJZQ

配置token信息
[root@csserver12 pki]# kubectl config set-credentials k8s-dashboard-admin --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYmdqcmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTRlZWQ3YTUtYzcyOS0xMWU5LTkwZmMtMDAwYzI5MWU5ZDdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.oH3kBBCrwh70HYKFZ-KA25fBrysyBnqNbxAuZsVJayjXaWyrEM9Ce_Ypsa8EnV38H8S2yxXNM10ratGKgLAt_G0NRAkTOnxakPy-CqrF_Z01ZcDmNG6wdifMS3q_5-ORqI9-0v3NZBBHckdm0x3MBx7BHPuoAZzyf4Gu--BtX4g3sgc-o7LW9uMEZlPO3WIt01w__85oPnkP10-com0MiJgy0qluKDsQKn2-EsylPLO9ymre6-eNeAJMc9x9FEGz8rVtUf_jK3A_eV2vkhwhqKPjRumubnNXp8sGXWz8BS6DNTX3FCeTlXbukU5Pd0nmv7SGc87K51bWjxXbaVbJZQ --kubeconfig=/root/k8s-dashboard-admin.conf 
User "k8s-dashboard-admin" set.

 

(3)配置上下文和當前上下文

[root@csserver12 pki]# kubectl config set-context k8s-dashboard-admin@kubernetes --cluster=kubernetes --user=k8s-dashboard-admin --kubeconfig=/root/k8s-dashboard-admin.conf 
Context "k8s-dashboard-admin@kubernetes" created.
[root@csserver12 pki]# kubectl config use-context k8s-dashboard-admin@kubernetes --kubeconfig=/root/k8s-dashboard-admin.conf             
Switched to context "k8s-dashboard-admin@kubernetes".
[root@csserver12 pki]# kubectl config view --kubeconfig=/root/k8s-dashboard-admin.conf 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://172.18.128.119:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: k8s-dashboard-admin
  name: k8s-dashboard-admin@kubernetes
current-context: k8s-dashboard-admin@kubernetes
kind: Config
preferences: {}
users:
- name: k8s-dashboard-admin
  user:
    token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoYm9hcmQtYWRtaW4tdG9rZW4tYmdqcmgiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiZGFzaGJvYXJkLWFkbWluIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTRlZWQ3YTUtYzcyOS0xMWU5LTkwZmMtMDAwYzI5MWU5ZDdlIiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.oH3kBBCrwh70HYKFZ-KA25fBrysyBnqNbxAuZsVJayjXaWyrEM9Ce_Ypsa8EnV38H8S2yxXNM10ratGKgLAt_G0NRAkTOnxakPy-CqrF_Z01ZcDmNG6wdifMS3q_5-ORqI9-0v3NZBBHckdm0x3MBx7BHPuoAZzyf4Gu--BtX4g3sgc-o7LW9uMEZlPO3WIt01w__85oPnkP10-com0MiJgy0qluKDsQKn2-EsylPLO9ymre6-eNeAJMc9x9FEGz8rVtUf_jK3A_eV2vkhwhqKPjRumubnNXp8sGXWz8BS6DNTX3FCeTlXbukU5Pd0nmv7SGc87K51bWjxXbaVbJZQ

 

將/root/k8s-dashboard-admin.conf文件發送到宿主機,瀏覽器訪問時選擇Kubeconfig認證,載入該配置文件,點擊登陸,即可實現訪問,如圖: 

 

 3、設置ingress訪問

[root@csserver12 plugin]# cat kubernetes-dashboard-ingress.yaml 
kind: Ingress
apiVersion: extensions/v1beta1
metadata: 
  name: dashboard
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  tls:
  - hosts:
    - dashboard-dev.wicrenet.com
    secretName: kube-system-ingress-secret
  rules:
  - host: dashboard-dev.wicrenet.com
    http:
      paths:
      - backend:
          serviceName: kubernetes-dashboard
          servicePort: 443
        path: /
[root@csserver12 plugin]# kubectl apply -f kubernetes-dashboard-ingress.yaml

 

二、總結

1、部署dashboard:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

2、將Service改為Node Port方式或者Ingress方式進行訪問:

kubectl patch svc kubernetes-dashboard -p '{"spec":{"type":"NodePort"}}' -n kube-system

3、訪問認證:

認證時的賬號必須為ServiceAccount:其作用是被dashboard pod拿來由kubenetes進行認證;認證方式有2種:
token:

  • (1)創建ServiceAccount,根據其管理目標,使用rolebinding或clusterbinding綁定至合理的role或clusterrole;
  • (2)獲取此ServiceAccount的secret,查看secret的詳細信息,其中就有token;
  • (3)復制token到認證頁面即可登錄。

kubeconfig:把ServiceAccount的token封裝為kubeconfig文件

  • (1)創建ServiceAccount,根據其管理目標,使用rolebinding或clusterbinding綁定至合理的role或clusterrole;
  • (2)kubectl get secret |awk '/^ServiceAccount/{print $1}'
  • KUBE_TOKEN=$(kubectl get secret SERVICEACCOUNT_SECRET_NAME -o jsonpath={.data.token} | base64 -d)
  • (3)生成kubeconfig文件
kubectl config set-cluster
kubectl config set-credentials NAME --token=$KUBE_TOKEN
kubectl config set-context
kubectl config use-context

 

三、附kubenetes-dashboard.yaml文件

[root@csserver12 plugin]# cat kubernetes-dashboard.yaml 
# Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# Configuration to deploy release version of the Dashboard UI compatible with
# Kubernetes 1.8.
#
# Example usage: kubectl create -f <this_file>

---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    # Allows editing resource and makes sure it is created first.
    addonmanager.kubernetes.io/mode: EnsureExists
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: Opaque
---
apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    # Allows editing resource and makes sure it is created first.
    addonmanager.kubernetes.io/mode: EnsureExists
  name: kubernetes-dashboard-key-holder
  namespace: kube-system
type: Opaque
---
# ------------------- Dashboard Service Account ------------------- #

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-admin
  namespace: kube-system

---
# ------------------- Dashboard Role & Role Binding ------------------- #
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard-admin
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard-admin
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
    name: cluster-watcher
rules:
- apiGroups:
  - '*'
  resources:
  - '*'
  verbs:
  - 'get'
  - 'list'
- nonResourceURLs:
  - '*'
  verbs:
  - 'get'
  - 'list'
- apiGroups: [""]
  resources: ["secrets"]
  resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs"]
  verbs: ["get", "update", "delete"]
  # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
- apiGroups: [""]
  resources: ["configmaps"]
  resourceNames: ["kubernetes-dashboard-settings"]
  verbs: ["get", "update"]
  # Allow Dashboard to get metrics from heapster.
- apiGroups: [""]
  resources: ["services"]
  resourceNames: ["heapster"]
  verbs: ["proxy"]
---
# ------------------- Dashboard Deployment ------------------- #
apiVersion: apps/v1
kind: Deployment
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
spec:
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
        seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
    spec:
      priorityClassName: system-cluster-critical
      containers:
      - name: kubernetes-dashboard
        image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.1
        resources:
          limits:
            cpu: 100m
            memory: 300Mi
          requests:
            cpu: 50m
            memory: 100Mi
        ports:
        - containerPort: 8443
          protocol: TCP
        args:
          - --auto-generate-certificates
        volumeMounts:
        - name: kubernetes-dashboard-certs
          mountPath: /certs
        - name: tmp-volume
          mountPath: /tmp
        livenessProbe:
          httpGet:
            scheme: HTTPS
            path: /
            port: 8443
          initialDelaySeconds: 30
          timeoutSeconds: 30
      volumes:
      - name: kubernetes-dashboard-certs
        secret:
          secretName: kubernetes-dashboard-certs
      - name: tmp-volume
        emptyDir: {}
      serviceAccountName: kubernetes-dashboard-admin
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule

---
# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  ports:
  - port: 443
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
---
kind: Ingress
apiVersion: extensions/v1beta1
metadata: 
  name: dashboard
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  tls:
  - hosts:
    - dashboard-dev.wicrenet.com
    secretName: kube-system-ingress-secret
  rules:
  - host: dashboard-dev.wicrenet.com
    http:
      paths:
      - backend:
          serviceName: kubernetes-dashboard
          servicePort: 443
        path: /

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM