如何使用远程集群中的NodePort访问kubernetes仪表板进行测试? [英] How can I access to kubernetes dashboard using NodePort in a remote cluster for testing?
问题描述
我有一个在远程VM(在VSphere上)上运行的测试Kubernetes集群,我可以通过ssh
(它们具有私有IP)对VM进行完全访问.知道我可以远程执行所有kubectl命令,我如何才能公开服务并从群集外部(从我的远程笔记本电脑尝试访问计算机)访问它们.
I have a testing Kubernetes cluster running in remote VMs (on VSphere), I have full access to the VMs through ssh
(they have private IPs). How can I expose services and access them from outside the cluster (from my remote laptop trying to get access to the machines) knowing that I can remotely perform all kubectl commands.
例如:我尝试使用仪表板,安装了该仪表板,将服务更改为NodePort,并尝试使用此URL http:master-private-ip:exposedport
从我的笔记本电脑访问它,也使用了工作IP,但没有工作.它仅在浏览器中返回�
(二进制输出).当我尝试通过https
连接时,会引发证书错误.
For example: I tried with the dashboard, I installed it, I have changed the service to NodePort, and I tried to access to it from my laptop using this URL http:master-private-ip:exposedport
, also with worker IPs, but it does not work. It returns in browser only �
(binary output). When I try to connect through https
, it trows a certificates error.
$ kubectl get svc -n kube-system -l k8s-app=kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.97.143.110 <none> 443:30714/TCP 42m
$ kubectl proxy -p 8001
$ curl http://172.16.5.226:30714 --output -
我期望输出显示Kubernetes仪表板的UI中的html
I have expected that the output shows me the html
from the UI of the Kubernetes dashboard
推荐答案
注意:仪表板不应通过HTTP公开公开.对于通过HTTP访问的域,将无法登录.单击登录页面上的登录"按钮后,什么也不会发生.
NOTE: Dashboard should not be exposed publicly over HTTP. For domains accessed over HTTP it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.
如果您正确完成了所有操作,则应该可以在HTTPS
If you have done everything correctly it should work over HTTPS
要使用NodePort
显示仪表板,您需要编辑kubernetes-dashboard
服务.
In order to expose Dashboard using NodePort
you need to edit kubernetes-dashboard
service.
kubectl -n kube-system edit service kubernetes-dashboard
找到type: ClusterIP
并将其更改为type: NodePort
,然后保存文件.
Find type: ClusterIP
and change it to type: NodePort
, then save the file.
然后,检查仪表板暴露给哪个端口:
Then, check which port was the Dashboard exposed to:
kubectl -n kube-system get service kubernetes-dashboard
可能看起来:
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard 10.100.124.90 <nodes> 443:31707/TCP 21h
要访问仪表板,请将浏览器导航到https://<server_IP>:31707
To access the Dashboard navigate your browser to https://<server_IP>:31707
如果您使用的是自签名证书,则需要将其保密.它必须命名为kubernetes-dashboard-certs
,并且必须位于kube-system
命名空间中.
In your case with self-signed certificate, you need to put it into a secret. It has to be named kubernetes-dashboard-certs
and it has to be in kube-system
namespace.
您必须将证书另存为dashboard.crt
和dashboard.key
,并将它们存储在$HOME/certs
下.
You have to save the cert as dashboard.crt
and dashboard.key
and store them under $HOME/certs
.
kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system
在此处中对此安装过程进行了说明.
This installation process is explained here.
这篇关于如何使用远程集群中的NodePort访问kubernetes仪表板进行测试?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!