如何通过 NGINX 重定向 k8s 仪表板

tag-icon tag-icon nginx
如何通过 NGINX 重定向 k8s 仪表板

我已经设法在本地主机上启动仪表板,例如:http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/如官方页面上所述Web 用户界面(仪表板)但是当我访问通过节点名获得的 URL 时出现以下错误:

Insecure access detected. Sign in will not be available. Access Dashboard securely over HTTPS or using localhost.

根据文档无法登录用户应该通过 localhost 连接(由于无头节点,在我的情况下不可能)或以 https:/... 连接

我正在尝试将默认仪表板 URL 重定向到 https:node.test,但无法使其正常工作。

我当前的配置:

server {
        listen                  443    ssl     http2;
        server_name             node.test;

        ssl_certificate         /etc/nginx/certs/cert.crt;
        ssl_certificate_key     /etc/nginx/certs/key.crt;

        ssl_ciphers                     HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers       on;
        ssl_protocols                   TLSv1.2 TLSv1.3;

        # 10MB shared ssl session with timeout 10 min
        ssl_session_cache               shared:SSL:10m;
        ssl_session_timeout             10m;

        rewrite ^/$ http:/localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ break;
}

我收到一个 404 响应示例:

$ curl https://node.test
<html>
<head><title>404 Not Found</title></head>
<body>
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>

我启动 kubectl 代理的方式的示例:

$ kubectl proxy --port=8001 --address='node' --accept-hosts="^*$"
Starting to serve on IP:8001

我如何才能获得正确的重定向?

仪表板用户界面

答案1

如果将来可以帮助其他人,解决方案如下:

server {
        listen                  443    ssl     http2;
        server_name             node.test;

        ssl_certificate         /etc/nginx/certs/cert.crt;
        ssl_certificate_key     /etc/nginx/certs/key.crt;

        ssl_ciphers                     HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers       on;
        ssl_protocols                   TLSv1.2 TLSv1.3;

        # 10MB shared ssl session with timeout 10 min
        ssl_session_cache               shared:SSL:10m;
        ssl_session_timeout             10m;

        location / {
                proxy_pass              http://node:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/;
        }
}

假设您已经在后台运行 kubectl 代理并监听:

$ kubectl proxy --address node --accept-hosts '.*'
Starting to serve on IP:8001

更新:如果其他人想要为 UI 添加负载均衡器,可以这样做:

upstream kubernetes-ui-dev {
        least_conn;
        server  hostname_here:8001;
        # another server
        # another server
}

server {
        listen                          4443    ssl     http2;
        server_name                     node.test;

        ssl_certificate                 /etc/nginx/certs/cert.crt;
        ssl_certificate_key             /etc/nginx/certs/key.crt;

        ssl_ciphers                     HIGH:!aNULL:!MD5;
        ssl_prefer_server_ciphers       on;
        ssl_protocols                   TLSv1.2 TLSv1.3;

        # 10MB shared ssl session with timeout 10 min
        ssl_session_cache               shared:SSL:10m;
        ssl_session_timeout             10m;

        location / {
                proxy_pass              http://kubernetes-ui-dev/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/;
        }
}

希望这也能帮助其他人。

相关内容