Used as a Kubernetes Pod
The Kubernetes dashboard can be deployed as a pod on Kubernetes requiring users to log in using the standard standard authentication configured for access to its API.
$wget https://raw.githubusercontent.com/cockpit-project/cockpit/master/containers/kubernetes-cockpit.json
$kubectl create -f kubernetes-cockpit.json
This pod can be used on kubernetes that is configured with basic authentication. By default the pod tries to access the kubernetes API securely and expects that the kubernetes API server has been deployed with a CA, certificate files and service account key. In order to change this behavior, edit the kubernetes-cockpit.json and change theKUBE_INSECURE environment variable to true.
You can retrieve the address where you can access the dashboard via:
$kubectl get service kubernetes-cockpit
Used as an Openshift Pod
The Kubernetes dashboard can be deployed as a pod on Openshift, and use Openshift OAuth authentication. Running software on Openshift requires forethought, planning and configuration. In particular, in order to run the admin interface as a pod you need to first decide the host name that it will be accessible at. This is the host name part of its URL.
Next use the following commands to deploy the registry pod and service. You'll need to have admin access to the Openshift cluster, as an OAuth client needs to be created. Replace the XXX with the host name you want to make the registry accessible at. In addition replace YYY with the host name of the Openshift API server.
$wget https://raw.githubusercontent.com/cockpit-project/cockpit/master/containers/openshift-cockpit.template
$oc process -f openshift-cockpit.template -v COCKPIT_KUBE_URL=https://XXX -v OPENSHIFT_OAUTH_PROVIDER_URL=https://YYY:8443 | oc create -f -
You can retrieve the address where you can access the dashboard via:
$oc get service openshift-cockpit
openshift origin部署
oc process -f openshift-cockpit.template -p COCKPIT_KUBE_URL=https://cockpit.xx.net -p OPENSHIFT_OAUTH_PROVIDER_URL=https://openshift-clsuter.xx.net:8443 | oc create -f -
开始时候一直没搞成功,参考这里
https://hub.docker.com/r/cockpit/kubernetes/
WARNING: By default OpenShift, Origin, and Atomic Platform allow ANY non-empty username/password access via oauth. You should almost always change this configuration before deploying this container. See https://docs.openshift.org/latest/install_config/configuring_authentication.html for more information.
Cockpit will use the OpenShift OAuth server to authenticate users. You need to provide the pod with the public url for the OpenShift OAuth server and provide OpenShift with the public url that will be used to access this service.
oc process -f containers/openshift-cockpit.template
-v COCKPIT_KUBE_URL=https://ip-or-domain -v OPENSHIFT_OAUTH_PROVIDER_URL=https://ip-or-domain:port | oc create -f -
执行完事后新建route
然后点route url就可以访问了。(我把系统默认带的registry-console干掉了在访问的)
参考如下:
OpenShift Container Platform provides a web-based interface to the integrated registry. This registry console is an optional component for browsing and managing images. It is deployed as a stateless service running as a pod.
If you installed OpenShift Container Platform as a stand-alone registry, the registry console is already deployed and secured automatically during installation. |
|
If Cockpit is already running, you'll need to shut it down before proceeding in order to avoid a port conflict (9090 by default) with the registry console. |
效果如下: