如何使用远程集群中的NodePort访问kubernetes仪表板进行测试? [英] How can I access to kubernetes dashboard using NodePort in a remote cluster for testing?

问题描述

我有一个在远程VM(在VSphere上)上运行的测试Kubernetes集群，我可以通过ssh(它们具有私有IP)对VM进行完全访问.知道我可以远程执行所有kubectl命令，我如何才能公开服务并从群集外部(从我的远程笔记本电脑尝试访问计算机)访问它们.

I have a testing Kubernetes cluster running in remote VMs (on VSphere), I have full access to the VMs through ssh (they have private IPs). How can I expose services and access them from outside the cluster (from my remote laptop trying to get access to the machines) knowing that I can remotely perform all kubectl commands.

例如:我尝试使用仪表板，安装了该仪表板，将服务更改为NodePort，并尝试使用此URL http:master-private-ip:exposedport从我的笔记本电脑访问它，也使用了工作IP，但没有工作.它仅在浏览器中返回�(二进制输出).当我尝试通过https连接时，会引发证书错误.

For example: I tried with the dashboard, I installed it, I have changed the service to NodePort, and I tried to access to it from my laptop using this URL http:master-private-ip:exposedport, also with worker IPs, but it does not work. It returns in browser only � (binary output). When I try to connect through https, it trows a certificates error.

$ kubectl get svc -n kube-system -l k8s-app=kubernetes-dashboard
  NAME                   TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
  kubernetes-dashboard   NodePort       10.97.143.110    <none>        443:30714/TCP   42m
$ kubectl  proxy -p 8001
$ curl http://172.16.5.226:30714 --output -

我期望输出显示Kubernetes仪表板的UI中的html

I have expected that the output shows me the html from the UI of the Kubernetes dashboard

推荐答案

注意:仪表板不应通过HTTP公开公开.对于通过HTTP访问的域，将无法登录.单击登录页面上的登录"按钮后，什么也不会发生.

NOTE: Dashboard should not be exposed publicly over HTTP. For domains accessed over HTTP it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.

如果您正确完成了所有操作，则应该可以在HTTPS

If you have done everything correctly it should work over HTTPS

如访问Dashboard 1.7中所述.X及以上.

要使用NodePort显示仪表板，您需要编辑kubernetes-dashboard服务.

In order to expose Dashboard using NodePort you need to edit kubernetes-dashboard service.

kubectl -n kube-system edit service kubernetes-dashboard

找到type: ClusterIP并将其更改为type: NodePort，然后保存文件.

Find type: ClusterIP and change it to type: NodePort, then save the file.

然后，检查仪表板暴露给哪个端口:

Then, check which port was the Dashboard exposed to:

kubectl -n kube-system get service kubernetes-dashboard 可能看起来:

NAME                   CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes-dashboard   10.100.124.90   <nodes>       443:31707/TCP   21h

要访问仪表板，请将浏览器导航到https://<server_IP>:31707

To access the Dashboard navigate your browser to https://<server_IP>:31707

如果您使用的是自签名证书，则需要将其保密.它必须命名为kubernetes-dashboard-certs，并且必须位于kube-system命名空间中.

In your case with self-signed certificate, you need to put it into a secret. It has to be named kubernetes-dashboard-certs and it has to be in kube-system namespace.

您必须将证书另存为dashboard.crt和dashboard.key，并将它们存储在$HOME/certs下.

You have to save the cert as dashboard.crt and dashboard.key and store them under $HOME/certs.

kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system

在此处中对此安装过程进行了说明.

This installation process is explained here.

这篇关于如何使用远程集群中的NodePort访问kubernetes仪表板进行测试?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！