首页 文章

仪表板的入口配置

提问于
浏览
6

我从github做了nginx入口控制器教程并公开了kubernetes仪表板

kubernetes-dashboard   NodePort    10.233.53.77    <none>        443:31925/TCP   20d

创造了入口

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.org/ssl-backends: "kubernetes-dashboard"
    kubernetes.io/ingress.allow-http: "false"
  name: dashboard-ingress
  namespace: kube-system
spec:
  tls:
  - hosts:
    - serverdnsname
    secretName: kubernetes-dashboard-certs
  rules:
  - host: serverdnsname
    http:
      paths:
      - path: /dashboard
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

ingress-nginx   ingress-nginx          NodePort    10.233.21.200   <none>        80:30827/TCP,443:32536/TCP   5h

https://serverdnsname:32536/dashboard但仪表板抛出错误

2018/01/18 14:42:51 http: TLS handshake error from ipWhichEndsWith.77:52686: tls: first record does not look like a TLS handshake

和入口控制器日志

2018/01/18 14:42:51 [error] 864#864: *37 upstream sent no valid HTTP/1.0 header while reading response header from upstream, client: 10.233.82.1, server: serverdnsname, request: "GET /dashboard HTTP/2.0", upstream: "http://ipWhichEndsWith.249:8443/dashboard", host: "serverdnsname:32536"
10.233.82.1 - [10.233.82.1] - - [18/Jan/2018:14:42:51 +0000] "GET /dashboard HTTP/2.0" 009 7 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 OPR/49.0.2725.64" 25 0.001 [kube-system-kubernetes-dashboard-443] ipWhichEndsWith.249:8443 7 0.001 200

在我看来,这与nginx重定向到上游有关:“http://ipWhichEndsWith.249:8443/dashboard” . 试图将控制器映像版本更新到0.9.0-beta.19 - 没有帮助

感谢您的任何帮助 .

nginx kubernetes dashboard docker-ingress

3 回答

  • 12

    仅供代码参考 . 有2个gtochas . 设置正确的注释,因为仪表板会与https进行对话并为入口使用正确的名称空间 . tls config是可选的 .

    ---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: dashboard-google
  namespace: kube-system
  annotations:
    nginx.ingress.kubernetes.io/secure-backends: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
  tls:
    - hosts:
      - kube.mydomain.com
      secretName: tls-secret
  rules:
    - host: kube.mydomain.com
      http:
        paths:
        - path: /
          backend:
            serviceName: kubernetes-dashboard
            servicePort: 443
    回复于
  • 0

    正如您所指出的,看起来nginx将您的https请求代理到 ipWhichEndsWith.249:8443 ,这是一个HTTPS endpoints ,使用 http 作为协议 .

    您应该将以下注释添加到PodSpec:

    LATEST添加此注释以替换弃用的注释,因为0.18.0#2871添加对AJP协议的支持

    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"

    DEPRECATED此批注已在0.18.0中弃用,并在0.20.0发布后删除#3203删除批注grpc-backend和secure-backend已弃用

    nginx.ingress.kubernetes.io/secure-backends: "true"

    这应该使nginx使用https将您的请求转发到pod .

    资料来源:https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md#backend-protocol

    文件:https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#backend-protocol

    回复于
  • 0

    您也可以使用此处提供的舵表

    https://github.com/helm/charts/tree/master/stable/kubernetes-dashboard

    然后设置 values.yaml 文件以覆盖启用它的 ingress 部分,并添加主机 .

    回复于

相关问题