{"id":1520,"date":"2020-01-16T13:04:43","date_gmt":"2020-01-16T10:04:43","guid":{"rendered":"https:\/\/artem.services\/?p=1520"},"modified":"2020-01-16T13:06:05","modified_gmt":"2020-01-16T10:06:05","slug":"kubernetes-dashboard-%d1%87%d0%b5%d1%80%d0%b5%d0%b7-service-%d0%bf%d0%be-https-aws-eks","status":"publish","type":"post","link":"https:\/\/artem.services\/?p=1520","title":{"rendered":"Kubernetes — Dashboard \u0447\u0435\u0440\u0435\u0437 service \u043f\u043e HTTPS (AWS EKS)"},"content":{"rendered":"

\"\"<\/p>\n

\u0417\u0430\u0434\u0430\u0447\u0430:<\/h3>\n

\u041f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a Kubernetes Dashboard<\/a> \u043f\u043e \u0434\u043e\u043c\u0435\u043d\u043d\u043e\u043c\u0443 \u0438\u043c\u0435\u043d\u0438, \u0430 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f "kubectl proxy<\/strong>". \u0422\u0430\u043a \u0436\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u043b\u0436\u043d\u043e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u043f\u043e HTTPS<\/strong>, \u043d\u043e \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u0435\u0441\u0442\u0438 \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u0430\u0434\u0440\u0435\u0441, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0435\u0440\u0435\u0437 VPN<\/strong>, \u0438 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0438\u043a\u0430\u043a\u0438\u0445 Ingress<\/strong>'\u043e\u0432.<\/p>\n

 <\/p>\n

\u0420\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u0443\u0435\u043c \u0434\u0435\u043f\u043b\u043e\u0439\u043c\u0435\u043d\u0442 "kubernetes-dashboard<\/strong>":<\/p>\n

\r\nkubectl edit deployments.apps -n kubernetes-dashboard kubernetes-dashboard\r\n<\/pre>\n
 <\/p>\n
\u041f\u0440\u0438\u0432\u043e\u0434\u0438\u043c \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u044b \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c\u0443 \u0432\u0438\u0434\u0443:<\/p>\n
\r\n    spec:\r\n      containers:\r\n      - args:\r\n        - --namespace=kubernetes-dashboard\r\n        - --enable-insecure-login\r\n        - --insecure-port=8443\r\n<\/pre>\n
 <\/p>\n
\u0410 \u0442\u0430\u043a \u0436\u0435 \u0434\u043b\u044f "livenessProbe<\/strong>" \u043c\u0435\u043d\u044f\u0435\u043c "scheme: HTTPS<\/strong>" \u043d\u0430 "scheme: HTTP<\/strong>":<\/p>\n
\r\n        livenessProbe:\r\n          failureThreshold: 3\r\n          httpGet:\r\n            path: \/\r\n            port: 8443\r\n            scheme: HTTP\r\n          initialDelaySeconds: 30\r\n          periodSeconds: 10\r\n<\/pre>\n
 <\/p>\n
\u0422\u0435\u043f\u0435\u0440\u044c \u0434\u0430\u0448\u0431\u043e\u0440\u0434 \u0431\u0443\u0434\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d \u043f\u043e HTTP<\/strong>.<\/p>\n
\u0412 \u043a\u043e\u043d\u0441\u043e\u043b\u0438 AWS<\/strong> \u043f\u0435\u0440\u0435\u0445\u043e\u0434\u0438\u043c \u0432 "Certificate Manager<\/strong>", \u0432\u044b\u0431\u0438\u0440\u0430\u0435\u043c \u0440\u0435\u0433\u0438\u043e\u043d, \u0432 \u043a\u043e\u0442\u043e\u0440\u043e\u043c \u0440\u0430\u0437\u0432\u0435\u0440\u043d\u0443\u0442 EKS<\/strong> \u0438 \u0434\u0435\u043b\u0430\u0435\u043c \u0437\u0430\u043f\u0440\u043e\u0441 \u043d\u0430 \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0434\u043b\u044f \u043d\u0443\u0436\u043d\u043e\u0433\u043e \u0434\u043e\u043c\u0435\u043d\u0430. \u041f\u043e\u0441\u043b\u0435 \u0442\u043e\u0433\u043e, \u043a\u0430\u043a \u0441\u0435\u0440\u0442\u0438\u0444\u0438\u043a\u0430\u0442 \u0432\u0430\u043b\u0438\u0434\u0438\u0440\u043e\u0432\u0430\u043d, \u043a\u043e\u043f\u0438\u0440\u0443\u0435\u043c \u0435\u0433\u043e ARN<\/strong>.<\/p>\n
 <\/p>\n
\u0421\u043e\u0437\u0434\u0430\u0435\u043c \u043c\u0430\u043d\u0438\u0444\u0435\u0441\u0442 \u0441 Kubernetes<\/strong> \u0441\u0435\u0440\u0432\u0438\u0441\u043e\u043c.<\/p>\n
kubernetes-dashboard-internal.yaml:<\/h3>\n
\r\napiVersion: v1\r\nkind: Service\r\nmetadata:\r\n  labels:\r\n    k8s-app: kubernetes-dashboard\r\n  annotations:\r\n    service.beta.kubernetes.io\/aws-load-balancer-internal: 0.0.0.0\/0\r\n    service.beta.kubernetes.io\/aws-load-balancer-ssl-cert: 'arn:aws:acm:&lt;AWS_REGION&gt;:&lt;ACCOUNT_ID&gt;:certificate\/&lt;CERTIFICATE_ID&gt;'\r\n    service.beta.kubernetes.io\/aws-load-balancer-backend-protocol: http\r\n    service.beta.kubernetes.io\/aws-load-balancer-ssl-ports: "*"\r\n  name: kubernetes-dashboard-internal\r\n  namespace: kubernetes-dashboard\r\nspec:\r\n  ports:\r\n  - port: 443\r\n    protocol: TCP\r\n    targetPort: 8443\r\n  selector:\r\n    k8s-app: kubernetes-dashboard\r\n  sessionAffinity: None\r\n  type: LoadBalancer\r\n<\/pre>\n
 <\/p>\n
\u041f\u0440\u0438\u043c\u0435\u043d\u0438\u043c \u0435\u0433\u043e:<\/p>\n
\r\nkubectl apply -f kubernetes-dashboard-internal.yaml\r\n<\/pre>\n
 <\/p>\n
\u0422\u0435\u043f\u0435\u0440\u044c \u043e\u0441\u0442\u0430\u0435\u0442\u0441\u044f \u0442\u043e\u043b\u044c\u043a\u043e \u0441\u043e\u0437\u0434\u0430\u0442\u044c ALIAS<\/strong> \u0437\u0430\u043f\u0438\u0441\u044c \u0432 Route53<\/strong> \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0435\u0435 \u0438\u043c\u044f \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0433\u043e LoadBalancer<\/strong>'\u0430, \u043f\u043e\u0441\u043c\u043e\u0442\u0440\u0435\u0442\u044c \u0435\u0433\u043e \u0438\u043c\u044f \u043c\u043e\u0436\u043d\u043e \u0442\u0430\u043a:<\/p>\n
\r\nkubectl get svc -n kubernetes-dashboard kubernetes-dashboard-internal\r\n<\/pre>\n
 <\/p>\n
\u0422\u0435\u043f\u0435\u0440\u044c \u0438\u0437 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0445 \u0441\u0435\u0442\u0435\u0439 AWS<\/strong> \u0438\u043b\u0438 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f VPN, \u043f\u043e \u0434\u043e\u043c\u0435\u043d\u043d\u043e\u043c\u0443 \u0438\u043c\u0435\u043d\u0438 \u0431\u0443\u0434\u0435\u0442 \u0434\u043e\u0441\u0442\u0443\u043f\u0435\u043d Kubernetes Dashboard<\/strong>.<\/p>\n","protected":false},"excerpt":{"rendered":"
\u0417\u0430\u0434\u0430\u0447\u0430: \u041f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a Kubernetes Dashboard \u043f\u043e \u0434\u043e\u043c\u0435\u043d\u043d\u043e\u043c\u0443 \u0438\u043c\u0435\u043d\u0438, \u0430 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f "kubectl proxy". \u0422\u0430\u043a \u0436\u0435 \u043f\u043e\u0434\u043a\u043b\u044e\u0447\u0435\u043d\u0438\u0435 \u0434\u043e\u043b\u0436\u043d\u043e \u043e\u0441\u0443\u0449\u0435\u0441\u0442\u0432\u043b\u044f\u0442\u044c\u0441\u044f \u043f\u043e HTTPS, \u043d\u043e \u043f\u0440\u0438 \u044d\u0442\u043e\u043c \u0432\u0435\u0441\u0442\u0438 \u043d\u0430 \u0432\u043d\u0443\u0442\u0440\u0435\u043d\u043d\u0438\u0439 \u043b\u043e\u043a\u0430\u043b\u044c\u043d\u044b\u0439 \u0430\u0434\u0440\u0435\u0441, \u0434\u043e\u0441\u0442\u0443\u043f\u043d\u044b\u0439 \u0442\u043e\u043b\u044c\u043a\u043e \u0447\u0435\u0440\u0435\u0437 VPN, \u0438 \u043d\u0435 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u0443\u044f \u0434\u043b\u044f \u044d\u0442\u043e\u0433\u043e \u043d\u0438\u043a\u0430\u043a\u0438\u0445 Ingress'\u043e\u0432.   \u0420\u0435\u0434\u0430\u043a\u0442\u0438\u0440\u0443\u0435\u043c \u0434\u0435\u043f\u043b\u043e\u0439\u043c\u0435\u043d\u0442 "kubernetes-dashboard":   \u041f\u0440\u0438\u0432\u043e\u0434\u0438\u043c \u0430\u0440\u0433\u0443\u043c\u0435\u043d\u0442\u044b \u043a \u0441\u043b\u0435\u0434\u0443\u044e\u0449\u0435\u043c\u0443 \u0432\u0438\u0434\u0443:   \u0410 \u0442\u0430\u043a \u0436\u0435 \u0434\u043b\u044f … \u041f\u0440\u043e\u0434\u043e\u043b\u0436\u0438\u0442\u044c \u0447\u0438\u0442\u0430\u0442\u044c "Kubernetes — Dashboard \u0447\u0435\u0440\u0435\u0437 service \u043f\u043e HTTPS (AWS EKS)"<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[24,20],"tags":[25,1191,1189,147,18,17,82,57],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1520"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1520"}],"version-history":[{"count":3,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1520\/revisions"}],"predecessor-version":[{"id":1523,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1520\/revisions\/1523"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1520"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1520"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1520"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}