Update authentication configuration for Longhorn ingress

2024-09-17 08:45:56 +08:00
parent 3c13802cf2
commit 8877e0110d
4 changed files with 154 additions and 26 deletions
@@ -0,0 +1,92 @@
+# apiVersion: v1
+# kind: Secret
+# metadata:
+#   name: basic-auth-users-secret
+#   namespace: kubernetes-dashboard
+# data:
+#   users: dXNlcjokYXByMSREdjgvWEFWayR1RmhjMlNyalloMGJuR09IYmNrV2oxCgo=
+
+---
+apiVersion: cert-manager.io/v1
+kind: ClusterIssuer
+metadata:
+  name: selfsigned
+spec:
+  selfSigned: {}
+
+---
+apiVersion: cert-manager.io/v1
+kind: Certificate
+metadata:
+  name: kboard.taefik.local
+  namespace: kubernetes-dashboard
+spec:
+  dnsNames:
+    - kboard.taefik.local
+  secretName: kboard.taefik.local
+  issuerRef:
+    name: selfsigned
+    kind: ClusterIssuer
+
+---
+
+apiVersion: traefik.io/v1alpha1
+kind: ServersTransport
+metadata:
+  name: insecure-transport
+  namespace: kubernetes-dashboard
+spec:
+  serverName: kubernetes-dashboard-kong-proxy
+  insecureSkipVerify: true
+---
+# Declaring the user list
+# apiVersion: traefik.io/v1alpha1
+# kind: Middleware
+# metadata:
+#   name: ingress-auth
+#   namespace: kubernetes-dashboard
+# spec:
+#   basicAuth:
+#     secret: basic-auth-users-secret
+
+# ---
+# apiVersion: traefik.io/v1alpha1
+# kind: Middleware
+# metadata:
+#   name: strip-dashboard
+#   namespace: kubernetes-dashboard
+# spec:
+#   stripPrefix:
+#     prefixes:
+#       - "/kboard"
+#     forceSlash: true
+
+# ---
+# Host(`test.traefik.local`) && PathPrefix(`/kboard`)
+
+apiVersion: traefik.io/v1alpha1
+kind: IngressRoute
+metadata:
+  name: kubernetes-dashboard-ingress
+  namespace: kubernetes-dashboard
+spec:
+  entryPoints:
+    # - web
+    - websecure
+  routes:
+    - match: Host(`kboard.taefik.local`)
+      kind: Rule
+      # middlewares:
+        # - name: ingress-auth
+        #   namespace: kubernetes-dashboard
+        # - name: strip-dashboard
+        #   namespace: kubernetes-dashboard
+      services:
+        - name: kubernetes-dashboard-kong-proxy
+          port: 443
+          # scheme: https
+          namespace: kubernetes-dashboard
+          serversTransport: insecure-transport
+      # Use the secret generated by cert-manager
+  tls:
+    secretName: kboard.taefik.local
@@ -0,0 +1,12 @@
+# kubenetes dashboard
+# https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
+
+# kubectl proxy
+```
+kubectl -n kubernetes-dashboard apply -f dashboard-ingress-route.yaml
+
+kubectl -n kubernetes-dashboard get ingressroutes
+
+
+k delete -f dashboard-ingress-route.yaml
+```
@@ -3,9 +3,9 @@
 ## Description
 ```bash
 # https://longhorn.io/docs/1.6.2/deploy/accessing-the-ui/longhorn-ingress/
-# $ USER=admin; PASSWORD=1234; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
-# $ cat auth
-# admin:$apr1$FnyKCYKb$6IP2C45fZxMcoLwkOwf7k0
+# USER=admin; PASSWORD=1234; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
+# cat auth
+# admin:$apr1$9ucb20/W$4PupY6OD8EsPbxUSGLFdG.

 htpasswd -nb user password | openssl base64 > auth
 # replace user and password with your own values in auth file to longhorn-ingress-route.yaml
@@ -65,9 +65,9 @@ htpasswd -nb user password | openssl base64 > auth

 kubectl -n longhorn-system apply -f longhorn-ingress-route.yaml

-$ kubectl -n longhorn-system get ingressroutes
-NAME               HOSTS   ADDRESS                                     PORTS   AGE
-longhorn-ingress   *       45.79.165.114,66.228.45.37,97.107.142.125   80      2m7s
+kubectl -n longhorn-system get ingressroutes
+# NAME               HOSTS   ADDRESS                                     PORTS   AGE
+# longhorn-ingress   *       45.79.165.114,66.228.45.37,97.107.142.125   80      2m7s

 $ curl -v http://97.107.142.125/
 *   Trying 97.107.142.125...
@@ -37,6 +37,12 @@ https://factory.talos.dev/?arch=amd64&board=undefined&cmdline-set=true&extension

 factory.talos.dev/installer/fd65c64ea210a46f2dfbd101075a9e0c4380d286e92c202bb42c5a7e67047c77:v1.7.6

+arm64
+https://factory.talos.dev/?arch=arm64&cmdline-set=true&extensions=-&extensions=siderolabs%2Ffuse3&extensions=siderolabs%2Fiscsi-tools&extensions=siderolabs%2Fqemu-guest-agent&extensions=siderolabs%2Futil-linux-tools&platform=metal&target=metal&version=1.7.6
+factory.talos.dev/installer/039a705a9d120fab2ce1931cbdfbdeeb3c6bfe5c2a0e26479772406cc769943e:v1.7.6
+
+talosctl upgrade --nodes 192.168.50.191,192.168.50.192,192.168.50.193 --image factory.talos.dev/installer/039a705a9d120fab2ce1931cbdfbdeeb3c6bfe5c2a0e26479772406cc769943e:v1.7.6 --preserve
+
 talosctl gen config talos-arm-cluster https://$CONTROL_PLANE_IP:6443 --output-dir _out --install-image factory.talos.dev/installer/fd65c64ea210a46f2dfbd101075a9e0c4380d286e92c202bb42c5a7e67047c77:v1.7.6 --force
 talosctl apply-config --insecure --nodes $CONTROL_PLANE_IP --file _out/controlplane.yaml
 export TALOSCONFIG="_out/talosconfig"
@@ -93,7 +99,10 @@ documentation:

 helm repo add longhorn https://charts.longhorn.io
 helm repo update
-helm install longhorn longhorn/longhorn --create-namespace -n 'longhorn-system' -f longhorn.yaml
+kubectl create namespace longhorn-system
+kubectl apply -f longhorn.yaml
+helm install longhorn longhorn/longhorn --namespace longhorn-system
+# helm install longhorn longhorn/longhorn --create-namespace -n 'longhorn-system' -f longhorn.yaml

 helm repo add traefik https://traefik.github.io/charts
 helm install traefik traefik/traefik --create-namespace -n 'traefik' -f traefik.yaml
@@ -102,29 +111,29 @@ helm install traefik traefik/traefik --create-namespace -n 'traefik' -f traefik.
 helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
 # Deploy a Helm Release named "kubernetes-dashboard" using the kubernetes-dashboard chart
 helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
-Release "kubernetes-dashboard" does not exist. Installing it now.
-NAME: kubernetes-dashboard
-LAST DEPLOYED: Sun Sep 15 23:12:56 2024
-NAMESPACE: kubernetes-dashboard
-STATUS: deployed
-REVISION: 1
-TEST SUITE: None
-NOTES:
-*************************************************************************************************
-*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
-*************************************************************************************************
+# Release "kubernetes-dashboard" does not exist. Installing it now.
+# NAME: kubernetes-dashboard
+# LAST DEPLOYED: Sun Sep 15 23:12:56 2024
+# NAMESPACE: kubernetes-dashboard
+# STATUS: deployed
+# REVISION: 1
+# TEST SUITE: None
+# NOTES:
+# *************************************************************************************************
+# *** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
+# *************************************************************************************************

-Congratulations! You have just installed Kubernetes Dashboard in your cluster.
+# Congratulations! You have just installed Kubernetes Dashboard in your cluster.

-To access Dashboard run:
-  kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443
+# To access Dashboard run:
+#   kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443

-NOTE: In case port-forward command does not work, make sure that kong service name is correct.
-      Check the services in Kubernetes Dashboard namespace using:
-        kubectl -n kubernetes-dashboard get svc
+# NOTE: In case port-forward command does not work, make sure that kong service name is correct.
+#       Check the services in Kubernetes Dashboard namespace using:
+#         kubectl -n kubernetes-dashboard get svc

-Dashboard will be available at:
-  https://localhost:8443
+# Dashboard will be available at:
+#   https://localhost:8443


 # Create a service account for the dashboard
@@ -135,4 +144,19 @@ kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"
 # serviceaccount/kubernetes-dashboard created
 kubectl -n kubernetes-dashboard create token admin-user

+```
+
+## Uninstallation
+
+```bash
+helm uninstall traefik -n traefik
+helm uninstall longhorn -n longhorn-system
+helm uninstall cert-manager -n cert-manager
+helm uninstall metallb -n metallb-system
+helm uninstall kubernetes-dashboard -n kubernetes-dashboard
+
+Uninstallation
+kubectl -n longhorn-system patch -p '{"value": "true"}' --type=merge lhs deleting-confirmation-flag
+helm uninstall longhorn -n longhorn-system
+kubectl delete namespace longhorn-system
 ```