furyhawk/cloudy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update authentication configuration for Longhorn ingress

Browse Source
This commit is contained in:
Teck Meng
2024-09-17 08:45:56 +08:00
parent 3c13802cf2
commit 8877e0110d
4 changed files with 154 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
cluster/kubernetes_dashboard/dashboard-ingress-route.yaml
+92
View File
@@ -0,0 +1,92 @@
# apiVersion: v1
# kind: Secret
# metadata:
# name: basic-auth-users-secret
# namespace: kubernetes-dashboard
# data:
# users: dXNlcjokYXByMSREdjgvWEFWayR1RmhjMlNyalloMGJuR09IYmNrV2oxCgo=
---
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
name: selfsigned
spec:
selfSigned: {}
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: kboard.taefik.local
namespace: kubernetes-dashboard
spec:
dnsNames:
- kboard.taefik.local
secretName: kboard.taefik.local
issuerRef:
name: selfsigned
kind: ClusterIssuer
---
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: insecure-transport
namespace: kubernetes-dashboard
spec:
serverName: kubernetes-dashboard-kong-proxy
insecureSkipVerify: true
---
# Declaring the user list
# apiVersion: traefik.io/v1alpha1
# kind: Middleware
# metadata:
# name: ingress-auth
# namespace: kubernetes-dashboard
# spec:
# basicAuth:
# secret: basic-auth-users-secret
# ---
# apiVersion: traefik.io/v1alpha1
# kind: Middleware
# metadata:
# name: strip-dashboard
# namespace: kubernetes-dashboard
# spec:
# stripPrefix:
# prefixes:
# - "/kboard"
# forceSlash: true
# ---
# Host(`test.traefik.local`) && PathPrefix(`/kboard`)
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: kubernetes-dashboard-ingress
namespace: kubernetes-dashboard
spec:
entryPoints:
# - web
- websecure
routes:
- match: Host(`kboard.taefik.local`)
kind: Rule
# middlewares:
# - name: ingress-auth
# namespace: kubernetes-dashboard
# - name: strip-dashboard
# namespace: kubernetes-dashboard
services:
- name: kubernetes-dashboard-kong-proxy
port: 443
# scheme: https
namespace: kubernetes-dashboard
serversTransport: insecure-transport
# Use the secret generated by cert-manager
tls:
secretName: kboard.taefik.local
cluster/kubernetes_dashboard/readme.md
+12
View File
@@ -0,0 +1,12 @@
# kubenetes dashboard
# https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
# kubectl proxy
```
kubectl -n kubernetes-dashboard apply -f dashboard-ingress-route.yaml
kubectl -n kubernetes-dashboard get ingressroutes
k delete -f dashboard-ingress-route.yaml
```
cluster/longhorn_ingress/readme.md
+6 -6
View File
@@ -3,9 +3,9 @@
## Description ## Description
```bash ```bash
# https://longhorn.io/docs/1.6.2/deploy/accessing-the-ui/longhorn-ingress/ # https://longhorn.io/docs/1.6.2/deploy/accessing-the-ui/longhorn-ingress/
# $ USER=admin; PASSWORD=1234; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth # USER=admin; PASSWORD=1234; echo "${USER}:$(openssl passwd -stdin -apr1 <<< ${PASSWORD})" >> auth
# $ cat auth # cat auth
# admin:$apr1$FnyKCYKb$6IP2C45fZxMcoLwkOwf7k0 # admin:$apr1$9ucb20/W$4PupY6OD8EsPbxUSGLFdG.
htpasswd -nb user password | openssl base64 > auth htpasswd -nb user password | openssl base64 > auth
# replace user and password with your own values in auth file to longhorn-ingress-route.yaml # replace user and password with your own values in auth file to longhorn-ingress-route.yaml
@@ -65,9 +65,9 @@ htpasswd -nb user password | openssl base64 > auth
kubectl -n longhorn-system apply -f longhorn-ingress-route.yaml kubectl -n longhorn-system apply -f longhorn-ingress-route.yaml
$ kubectl -n longhorn-system get ingressroutes kubectl -n longhorn-system get ingressroutes
NAME HOSTS ADDRESS PORTS AGE # NAME HOSTS ADDRESS PORTS AGE
longhorn-ingress * 45.79.165.114,66.228.45.37,97.107.142.125 80 2m7s # longhorn-ingress * 45.79.165.114,66.228.45.37,97.107.142.125 80 2m7s
$ curl -v http://97.107.142.125/ $ curl -v http://97.107.142.125/
* Trying 97.107.142.125... * Trying 97.107.142.125...
kubernetes/talos/readme.md
+44 -20
View File
@@ -37,6 +37,12 @@ https://factory.talos.dev/?arch=amd64&board=undefined&cmdline-set=true&extension
factory.talos.dev/installer/fd65c64ea210a46f2dfbd101075a9e0c4380d286e92c202bb42c5a7e67047c77:v1.7.6 factory.talos.dev/installer/fd65c64ea210a46f2dfbd101075a9e0c4380d286e92c202bb42c5a7e67047c77:v1.7.6
arm64
https://factory.talos.dev/?arch=arm64&cmdline-set=true&extensions=-&extensions=siderolabs%2Ffuse3&extensions=siderolabs%2Fiscsi-tools&extensions=siderolabs%2Fqemu-guest-agent&extensions=siderolabs%2Futil-linux-tools&platform=metal&target=metal&version=1.7.6
factory.talos.dev/installer/039a705a9d120fab2ce1931cbdfbdeeb3c6bfe5c2a0e26479772406cc769943e:v1.7.6
talosctl upgrade --nodes 192.168.50.191,192.168.50.192,192.168.50.193 --image factory.talos.dev/installer/039a705a9d120fab2ce1931cbdfbdeeb3c6bfe5c2a0e26479772406cc769943e:v1.7.6 --preserve
talosctl gen config talos-arm-cluster https://$CONTROL_PLANE_IP:6443 --output-dir _out --install-image factory.talos.dev/installer/fd65c64ea210a46f2dfbd101075a9e0c4380d286e92c202bb42c5a7e67047c77:v1.7.6 --force talosctl gen config talos-arm-cluster https://$CONTROL_PLANE_IP:6443 --output-dir _out --install-image factory.talos.dev/installer/fd65c64ea210a46f2dfbd101075a9e0c4380d286e92c202bb42c5a7e67047c77:v1.7.6 --force
talosctl apply-config --insecure --nodes $CONTROL_PLANE_IP --file _out/controlplane.yaml talosctl apply-config --insecure --nodes $CONTROL_PLANE_IP --file _out/controlplane.yaml
export TALOSCONFIG="_out/talosconfig" export TALOSCONFIG="_out/talosconfig"
@@ -93,7 +99,10 @@ documentation:
helm repo add longhorn https://charts.longhorn.io helm repo add longhorn https://charts.longhorn.io
helm repo update helm repo update
helm install longhorn longhorn/longhorn --create-namespace -n 'longhorn-system' -f longhorn.yaml kubectl create namespace longhorn-system
kubectl apply -f longhorn.yaml
helm install longhorn longhorn/longhorn --namespace longhorn-system
# helm install longhorn longhorn/longhorn --create-namespace -n 'longhorn-system' -f longhorn.yaml
helm repo add traefik https://traefik.github.io/charts helm repo add traefik https://traefik.github.io/charts
helm install traefik traefik/traefik --create-namespace -n 'traefik' -f traefik.yaml helm install traefik traefik/traefik --create-namespace -n 'traefik' -f traefik.yaml
@@ -102,29 +111,29 @@ helm install traefik traefik/traefik --create-namespace -n 'traefik' -f traefik.
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/ helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# Deploy a Helm Release named "kubernetes-dashboard" using the kubernetes-dashboard chart # Deploy a Helm Release named "kubernetes-dashboard" using the kubernetes-dashboard chart
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
Release "kubernetes-dashboard" does not exist. Installing it now. # Release "kubernetes-dashboard" does not exist. Installing it now.
NAME: kubernetes-dashboard # NAME: kubernetes-dashboard
LAST DEPLOYED: Sun Sep 15 23:12:56 2024 # LAST DEPLOYED: Sun Sep 15 23:12:56 2024
NAMESPACE: kubernetes-dashboard # NAMESPACE: kubernetes-dashboard
STATUS: deployed # STATUS: deployed
REVISION: 1 # REVISION: 1
TEST SUITE: None # TEST SUITE: None
NOTES: # NOTES:
************************************************************************************************* # *************************************************************************************************
*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready *** # *** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
************************************************************************************************* # *************************************************************************************************
Congratulations! You have just installed Kubernetes Dashboard in your cluster. # Congratulations! You have just installed Kubernetes Dashboard in your cluster.
To access Dashboard run: # To access Dashboard run:
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443 # kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443
NOTE: In case port-forward command does not work, make sure that kong service name is correct. # NOTE: In case port-forward command does not work, make sure that kong service name is correct.
Check the services in Kubernetes Dashboard namespace using: # Check the services in Kubernetes Dashboard namespace using:
kubectl -n kubernetes-dashboard get svc # kubectl -n kubernetes-dashboard get svc
Dashboard will be available at: # Dashboard will be available at:
https://localhost:8443 # https://localhost:8443
# Create a service account for the dashboard # Create a service account for the dashboard
@@ -136,3 +145,18 @@ kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"
kubectl -n kubernetes-dashboard create token admin-user kubectl -n kubernetes-dashboard create token admin-user
``` ```
## Uninstallation
```bash
helm uninstall traefik -n traefik
helm uninstall longhorn -n longhorn-system
helm uninstall cert-manager -n cert-manager
helm uninstall metallb -n metallb-system
helm uninstall kubernetes-dashboard -n kubernetes-dashboard
Uninstallation
kubectl -n longhorn-system patch -p '{"value": "true"}' --type=merge lhs deleting-confirmation-flag
helm uninstall longhorn -n longhorn-system
kubectl delete namespace longhorn-system
```