如何从外部访问规范的kubernetes仪表板? [英] How to access canonical kubernetes dashboard externally?

问题描述

如何从外部网络/IP访问规范的kubernetes仪表板? 有没有一种方法可以从外部公开仪表板服务，而不是从规范的k8s群集节点所在的localhost浏览器访问?

解决方案

文档中有关于操作方法的指南.

使用kubectl代理

kubectl proxy在您的机器和Kubernetes API服务器之间创建代理服务器.默认情况下，只能在本地(从启动它的计算机上)访问它. 启动本地代理服务器:

$ kubectl proxy

Starting to serve on 127.0.0.1:8001

代理服务器启动后，您应该可以从浏览器访问仪表板.

要访问仪表板的HTTPS端点，请访问:http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

注意:仪表板不应使用kubectl proxy命令公开公开，因为它仅允许HTTP连接.对于非localhost和127.0.0.1的域，将无法登录.单击登录页面上的登录"按钮后，什么也不会发生.

使用NodePort

仅在单节点设置中的开发环境中才建议使用这种访​​问Dashboard的方式. 编辑kubernetes-dashboard服务.

$ kubectl -n kube-system edit service kubernetes-dashboard

您应该看到该服务的yaml表示形式.将类型:ClusterIP更改为类型:NodePort并保存文件.如果已经更改，请转到下一步.

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
...
  name: kubernetes-dashboard
  namespace: kube-system
  resourceVersion: "343478"
  selfLink: /api/v1/namespaces/kube-system/services/kubernetes-dashboard-head
  uid: 8e48f478-993d-11e7-87e0-901b0e532516
spec:
  clusterIP: 10.100.124.90
  externalTrafficPolicy: Cluster
  ports:
  - port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

下一步，我们需要检查显示板所在的端口.

$ kubectl -n kube-system get service kubernetes-dashboard
NAME                   CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes-dashboard   10.100.124.90   <nodes>       443:31707/TCP   21h

控制面板已在端口31707(HTTPS)上公开.现在，您可以从浏览器访问它:https://<master-ip>:31707.通过执行kubectl cluster-info可以找到master-ip.假定您的集群直接在执行这些命令的机器上运行，通常它是127.0.0.1或您机器的IP.

如果要在多节点群集上使用NodePort公开Dashboard，则必须找出运行Dashboard的节点的IP才能访问它.代替访问https://<master-ip>:<nodePort>，您应该访问https://<node-ip>:<nodePort>.

API服务器

如果Kubernetes API服务器是暴露的并且可以从外部访问，则可以直接在以下位置访问仪表板:

入口

仪表板也可以使用Ingress资源公开.例如

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
 name: kubernetes-dashboard-ingress
 namespace: kube-system
spec:
 rules:
   — host: kubernetes
     http:
       paths:
         — path: /ui
           backend:
             serviceName: kubernetes-dashboard
             servicePort: 80

How to access the canonical kubernetes dashboard from external network/IP? Is there a way to expose dashboard services externally rather accessing from the localhost browser where the canonical k8s cluster node?

解决方案

The documentation has a guide on how to do it.

Using kubectl proxy

kubectl proxy creates proxy server between your machine and Kubernetes API server. By default it is only accessible locally (from the machine that started it). Start local proxy server:

$ kubectl proxy

Starting to serve on 127.0.0.1:8001

Once proxy server is started you should be able to access Dashboard from your browser.

To access HTTPS endpoint of dashboard go to: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

NOTE: Dashboard should not be exposed publicly using kubectl proxy command as it only allows HTTP connection. For domains other than localhost and 127.0.0.1 it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.

Using NodePort

This way of accessing Dashboard is only recommended for development environments in a single node setup. Edit kubernetes-dashboard service.

$ kubectl -n kube-system edit service kubernetes-dashboard

You should see yaml representation of the service. Change type: ClusterIP to type: NodePort and save file. If it's already changed go to next step.

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
...
  name: kubernetes-dashboard
  namespace: kube-system
  resourceVersion: "343478"
  selfLink: /api/v1/namespaces/kube-system/services/kubernetes-dashboard-head
  uid: 8e48f478-993d-11e7-87e0-901b0e532516
spec:
  clusterIP: 10.100.124.90
  externalTrafficPolicy: Cluster
  ports:
  - port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

Next we need to check port on which Dashboard was exposed.

$ kubectl -n kube-system get service kubernetes-dashboard
NAME                   CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes-dashboard   10.100.124.90   <nodes>       443:31707/TCP   21h

Dashboard has been exposed on port 31707 (HTTPS). Now you can access it from your browser at: https://<master-ip>:31707. master-ip can be found by executing kubectl cluster-info. Usually it is either 127.0.0.1 or IP of your machine, assuming that your cluster is running directly on the machine, on which these commands are executed.

In case you are trying to expose Dashboard using NodePort on a multi-node cluster, then you have to find out IP of the node on which Dashboard is running to access it. Instead of accessing https://<master-ip>:<nodePort> you should access https://<node-ip>:<nodePort>.

API Server

In case Kubernetes API server is exposed and accessible from outside you can directly access dashboard at: https://<master-ip>:<apiserver-port>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Ingress

Dashboard can be also exposed using Ingress resource. For example

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
 name: kubernetes-dashboard-ingress
 namespace: kube-system
spec:
 rules:
   — host: kubernetes
     http:
       paths:
         — path: /ui
           backend:
             serviceName: kubernetes-dashboard
             servicePort: 80

这篇关于如何从外部访问规范的kubernetes仪表板?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！