使用 traefik 来代理 k8s-dashboard。
ingressroute-dashboard.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
|
# apiVersion: traefik.io/v1alpha1
# kind: IngressRoute
# metadata:
# name: kubernetes-http-web
# namespace: kubernetes-dashboard
# spec:
# entryPoints:
# - websecure
# routes:
# - match: Host(`k8s2dashboard.local.choral.io`)
# kind: Rule
# services:
# - name: kubernetes-dashboard
# kind: Service
# port: 443
# tls:
# secretName: local-choral-io-tls
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kubernetes-http-web
namespace: kubernetes-dashboard
spec:
entryPoints:
- websecure
routes:
- match: Host(`k8s2dashboard.local.choral.io`) && PathPrefix(`/`)
kind: Rule
services:
- kind: Service
name: kubernetes-dashboard
namespace: kubernetes-dashboard
port: 443
serversTransport: mytransport
#tls: # [11]
# secretName: supersecret
---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: mytransport
namespace: kubernetes-dashboard
spec:
insecureSkipVerify: true
|
创建之后,访问https://k8s2dashboard.local.choral.io,报错500,返回了验证证书失败。
解决:
在你的 trafik deployment 或者 deamonset 中加入 args 启动参数:
- --serversTransport.insecureSkipVerify=true
重新访问就成功了。
这个时候又出现 token 时间太短,那么让 token 过期时间变长一点
修改kubernetes-dashboard的deployment,加入一条arg参数:
这样过期时间会变长的。