我的master node 在 192.168.1.3 上
我現在想要讓他在這台上用 https://192.168.1.3:30880 訪問
請問該怎麼去做?

@calvinyu
我這麼做了

# 添加 Jetstack Helm 仓库
helm repo add jetstack https://charts.jetstack.io

# 更新本地 Helm Chart 仓库缓存
helm repo update

# 安装 cert-manager Helm Chart
helm install cert-manager jetstack/cert-manager -n cert-manager --create-namespace --set prometheus.enabled=false


#使用Let’s Encrypt启用网关 SSL 配置
ets-pst-001@ets-pst-001:~/kubesphere$ helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.3.tgz \
> --set portal.hostname=192.168.1.3 \
> --set ingress.enabled=true \
> --set ingress.tls.source=letsEncrypt \
> --set letsEncrypt.email=tzuyu1109@gmail.com \
> --set portal.https.port=443
Error: UPGRADE FAILED: failed to create resource: Ingress.extensions "ks-console" is invalid: spec.rules[0].host: Invalid value: "192.168.1.3": must be a DNS name, not an IP address

該如何解決?

ets-pst-001@ets-pst-001:~/kubesphere$ helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.3.tgz --set portal.hostname=ks-console.kubesphere-system.svc --set ingress.enabled=true --set ingress.tls.source=letsEncrypt --set letsEncrypt.email=tzuyu1109@gmail.com --set portal.https.port=443
Release "ks-core" has been upgraded. Happy Helming!
NAME: ks-core
LAST DEPLOYED: Fri Feb 14 14:33:00 2025
NAMESPACE: kubesphere-system
STATUS: deployed
REVISION: 3
TEST SUITE: None
NOTES:
Thank you for choosing KubeSphere Helm Chart.

Please be patient and wait for several seconds for the KubeSphere deployment to complete.

1. Wait for Deployment Completion

    Confirm that all KubeSphere components are running by executing the following command:

    kubectl get pods -n kubesphere-system
2. Access the KubeSphere Console

    Once the deployment is complete, you can access the KubeSphere console using the following URL:

    http://192.168.1.3:30880

3. Login to KubeSphere Console

    Use the following credentials to log in:

    Account: admin
    Password: P@88w0rd

NOTE: It is highly recommended to change the default password immediately after the first login.
For additional information and details, please visit https://kubesphere.io.

一樣不行用 https://192.168.1.3:30880 訪問

使用 ingress + TLS,你需要通过域名 + ingress controller 的 https 端口访问

  • cici 回复了此帖

    hongming 請問我要先去安裝配置 ingress 對吧?

      有沒有ingress教學? 我cert manager 那些都搞成功了

      hongming 做出來了但我的都會導像nginx

      ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kube-system get svc
NAME                                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                        AGE
coredns                                              ClusterIP   10.233.0.3      <none>        53/UDP,53/TCP,9153/TCP         3d5h
kubelet                                              ClusterIP   None            <none>        10250/TCP,10255/TCP,4194/TCP   54m
nginx-ingress-ingress-nginx-controller               NodePort    10.233.19.212   <none>        80:31652/TCP,443:30443/TCP     35m
nginx-ingress-ingress-nginx-controller-admission     ClusterIP   10.233.1.84     <none>        443/TCP                        35m
whizard-monitoring-agent-k-coredns                   ClusterIP   None            <none>        9153/TCP                       54m
whizard-monitoring-agent-k-kube-controller-manager   ClusterIP   None            <none>        10257/TCP                      54m
whizard-monitoring-agent-k-kube-scheduler            ClusterIP   None            <none>        10259/TCP                      54m

          cici

          ingress 得关联域名来使用,通常不会直接用 ip

          • cici 回复了此帖

              • Ccici

                • 发布 #10

                hongming 所以我沒辦法做成是https://192.168.1.3:30880去訪問嗎

                    cici

                    需要额外的配置

                      • Ccici

                        • 发布 #12

                        @hongming Hi,您是用 lb,但我的是nodeport

                        • Ccici

                          • 发布 #13

                          請問您是怎麼做到的
                          我剛剛是

                          1. helm install ingress
                          2. helm install cert-manager 用 letsEncrypt
                            接著就開始亂掉了

                          • Ccici

                            • 发布 #14

                            有人可以協助嗎?卡在這個地方一直沒辦法接續

                            • Ccici

                              • 发布 #15

                              @hongming 請問能夠分享詳細步驟嗎 謝謝

                              • hongmingK零SK壹S

                              • 发布 #16
                              • 已编辑

                              @cici 我前面回复中涉及的截图就已经包含所有的步骤了

                              获取到 ingress controller 的访问地址

                              nginx-ingress-ingress-nginx-controller               NodePort    10.233.19.212   <none>        80:31652/TCP,443:30443/TCP     35m

                              把域名解析到 node ip,通过 nginx svc 443 关联的 node port 访问,比如 192.168.1.3.nip.io:30443

                              ks-core 配置启用 ingress,配置好域名和端口(ingress controller 的访问入口)

                              helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.3.tgz \
  --set portal.hostname=192.168.1.3.nip.io \
  --set ingress.enabled=true \
  --set portal.https.port=30443

                              重点是--set portal.hostname=192.168.1.3.nip.ioportal.https.port=30443 这俩配置

                              最后通过 https://192.168.1.3.nip.io:30443 来访问

                                • Ccici

                                  • 发布 #17
                                  • 已编辑

                                  hongming
                                  Hi,
                                  我重新做了一次,現在卡在 ingress 要怎麼加上 tls?
                                  我的作法:

                                  ##安装 ingress-nginx controller
helm upgrade --install ingress-nginx ingress-nginx \
  --repo https://kubernetes.github.io/ingress-nginx \
  --namespace ingress-nginx --create-namespace

##安装 cert-manager
helm repo add jetstack https://charts.jetstack.io
helm repo update
kubectl create namespace cert-manager
helm install cert-manager jetstack/cert-manager -n cert-manager --create-namespace --set prometheus.enabled=false --set crds.enabled=true

##創建 ClusterIssuer
apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: abc@gmail.com
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-prod
    solvers:
    - http01:
        ingress:
          class: nginx


kubectl apply -f cluster-issuer.yaml
                                  ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kube-system get svc
NAME      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
coredns   ClusterIP   10.233.0.3   <none>        53/UDP,53/TCP,9153/TCP   111m
ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kubesphere-system get svc
NAME                    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
extensions-museum       ClusterIP   10.233.21.70    <none>        443/TCP        52m
ks-apiserver            ClusterIP   10.233.44.157   <none>        80/TCP         52m
ks-console              NodePort    10.233.45.63    <none>        80:30880/TCP   52m
ks-controller-manager   ClusterIP   10.233.48.223   <none>        443/TCP        52m
ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n ingress-nginx get svc
NAME                                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE
ingress-nginx-controller             NodePort    10.233.46.50   <none>        80:30301/TCP,443:30441/TCP   96m
ingress-nginx-controller-admission   ClusterIP   10.233.27.26   <none>        443/TCP                      96m
                                  kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: ks-console-ingress
  namespace: kubesphere-system
  creationTimestamp: '2025-02-17T06:38:52Z'
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: >
      {"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/ssl-redirect":"true"},"name":"ks-console-ingress","namespace":"kubesphere-system"},"spec":{"ingressClassName":"nginx","rules":[{"host":"ks.local","http":{"paths":[{"backend":{"service":{"name":"ks-console","port":{"number":30880}}},"path":"/","pathType":"Prefix"}]}}],"tls":[{"hosts":["ks.local"],"secretName":"kubesphere-tls"}]}}
    nginx.ingress.kubernetes.io/ssl-redirect: 'true'
spec:
  defaultBackend:
    service:
      name: ks-console
      port:
        number: 80
  ingressClassName: nginx
  rules:
  - host: ks.local
    http:
      paths:
      - backend:
          service:
            name: ks-console
            port:
              number: 80
        path: /
        pathType: Prefix
  tls:
  - hosts:
    - ks.local
    secretName: kubesphere-tls
status:
  loadBalancer:
    ingress:
    - ip: 10.233.46.50

                                  請問我下一步該怎麼辦

                                    cici portal.hostname 配置为 192.168.1.3.nip.io 就可以了

                                    也可以直接修改

                                    kubectl -n kubesphere-system edit ingress ks-console