我的master node 在 192.168.1.3 上
我現在想要讓他在這台上用 https://192.168.1.3:30880 訪問
請問該怎麼去做?

@calvinyu
我這麼做了

# 添加 Jetstack Helm 仓库
helm repo add jetstack https://charts.jetstack.io

# 更新本地 Helm Chart 仓库缓存
helm repo update

# 安装 cert-manager Helm Chart
helm install cert-manager jetstack/cert-manager -n cert-manager --create-namespace --set prometheus.enabled=false


#使用Let’s Encrypt启用网关 SSL 配置
ets-pst-001@ets-pst-001:~/kubesphere$ helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.3.tgz \
> --set portal.hostname=192.168.1.3 \
> --set ingress.enabled=true \
> --set ingress.tls.source=letsEncrypt \
> --set letsEncrypt.email=tzuyu1109@gmail.com \
> --set portal.https.port=443
Error: UPGRADE FAILED: failed to create resource: Ingress.extensions "ks-console" is invalid: spec.rules[0].host: Invalid value: "192.168.1.3": must be a DNS name, not an IP address

該如何解決?

ets-pst-001@ets-pst-001:~/kubesphere$ helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.3.tgz --set portal.hostname=ks-console.kubesphere-system.svc --set ingress.enabled=true --set ingress.tls.source=letsEncrypt --set letsEncrypt.email=tzuyu1109@gmail.com --set portal.https.port=443
Release "ks-core" has been upgraded. Happy Helming!
NAME: ks-core
LAST DEPLOYED: Fri Feb 14 14:33:00 2025
NAMESPACE: kubesphere-system
STATUS: deployed
REVISION: 3
TEST SUITE: None
NOTES:
Thank you for choosing KubeSphere Helm Chart.

Please be patient and wait for several seconds for the KubeSphere deployment to complete.

1. Wait for Deployment Completion

    Confirm that all KubeSphere components are running by executing the following command:

    kubectl get pods -n kubesphere-system
2. Access the KubeSphere Console

    Once the deployment is complete, you can access the KubeSphere console using the following URL:

    http://192.168.1.3:30880

3. Login to KubeSphere Console

    Use the following credentials to log in:

    Account: admin
    Password: P@88w0rd

NOTE: It is highly recommended to change the default password immediately after the first login.
For additional information and details, please visit https://kubesphere.io.

一樣不行用 https://192.168.1.3:30880 訪問

使用 ingress + TLS,你需要通过域名 + ingress controller 的 https 端口访问

  • cici 回复了此帖

    hongming 請問我要先去安裝配置 ingress 對吧?

    有沒有ingress教學? 我cert manager 那些都搞成功了

    hongming 做出來了但我的都會導像nginx

    ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kube-system get svc
    NAME                                                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                        AGE
    coredns                                              ClusterIP   10.233.0.3      <none>        53/UDP,53/TCP,9153/TCP         3d5h
    kubelet                                              ClusterIP   None            <none>        10250/TCP,10255/TCP,4194/TCP   54m
    nginx-ingress-ingress-nginx-controller               NodePort    10.233.19.212   <none>        80:31652/TCP,443:30443/TCP     35m
    nginx-ingress-ingress-nginx-controller-admission     ClusterIP   10.233.1.84     <none>        443/TCP                        35m
    whizard-monitoring-agent-k-coredns                   ClusterIP   None            <none>        9153/TCP                       54m
    whizard-monitoring-agent-k-kube-controller-manager   ClusterIP   None            <none>        10257/TCP                      54m
    whizard-monitoring-agent-k-kube-scheduler            ClusterIP   None            <none>        10259/TCP                      54m

      cici

      ingress 得关联域名来使用,通常不会直接用 ip

      • cici 回复了此帖

        hongming 所以我沒辦法做成是https://192.168.1.3:30880去訪問嗎

          cici

          需要额外的配置

          @hongming Hi,您是用 lb,但我的是nodeport

          請問您是怎麼做到的
          我剛剛是

          1. helm install ingress
          2. helm install cert-manager 用 letsEncrypt
            接著就開始亂掉了

          有人可以協助嗎?卡在這個地方一直沒辦法接續

          @hongming 請問能夠分享詳細步驟嗎 謝謝

          • hongmingK零SK壹S

          • 已编辑

          @cici 我前面回复中涉及的截图就已经包含所有的步骤了

          获取到 ingress controller 的访问地址

          nginx-ingress-ingress-nginx-controller               NodePort    10.233.19.212   <none>        80:31652/TCP,443:30443/TCP     35m

          把域名解析到 node ip,通过 nginx svc 443 关联的 node port 访问,比如 192.168.1.3.nip.io:30443

          ks-core 配置启用 ingress,配置好域名和端口(ingress controller 的访问入口)

          helm upgrade --install -n kubesphere-system --create-namespace ks-core https://charts.kubesphere.io/main/ks-core-1.1.3.tgz \
            --set portal.hostname=192.168.1.3.nip.io \
            --set ingress.enabled=true \
            --set portal.https.port=30443

          重点是--set portal.hostname=192.168.1.3.nip.ioportal.https.port=30443 这俩配置

          最后通过 https://192.168.1.3.nip.io:30443 来访问

            • 已编辑

            hongming
            Hi,
            我重新做了一次,現在卡在 ingress 要怎麼加上 tls?
            我的作法:

            ##安装 ingress-nginx controller
            helm upgrade --install ingress-nginx ingress-nginx \
              --repo https://kubernetes.github.io/ingress-nginx \
              --namespace ingress-nginx --create-namespace
            
            ##安装 cert-manager
            helm repo add jetstack https://charts.jetstack.io
            helm repo update
            kubectl create namespace cert-manager
            helm install cert-manager jetstack/cert-manager -n cert-manager --create-namespace --set prometheus.enabled=false --set crds.enabled=true
            
            ##創建 ClusterIssuer
            apiVersion: cert-manager.io/v1
            kind: ClusterIssuer
            metadata:
              name: letsencrypt-prod
            spec:
              acme:
                email: abc@gmail.com
                server: https://acme-v02.api.letsencrypt.org/directory
                privateKeySecretRef:
                  name: letsencrypt-prod
                solvers:
                - http01:
                    ingress:
                      class: nginx
            
            
            kubectl apply -f cluster-issuer.yaml
            ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kube-system get svc
            NAME      TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)                  AGE
            coredns   ClusterIP   10.233.0.3   <none>        53/UDP,53/TCP,9153/TCP   111m
            ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n kubesphere-system get svc
            NAME                    TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
            extensions-museum       ClusterIP   10.233.21.70    <none>        443/TCP        52m
            ks-apiserver            ClusterIP   10.233.44.157   <none>        80/TCP         52m
            ks-console              NodePort    10.233.45.63    <none>        80:30880/TCP   52m
            ks-controller-manager   ClusterIP   10.233.48.223   <none>        443/TCP        52m
            ets-pst-001@ets-pst-001:~/kubesphere$ kubectl -n ingress-nginx get svc
            NAME                                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE
            ingress-nginx-controller             NodePort    10.233.46.50   <none>        80:30301/TCP,443:30441/TCP   96m
            ingress-nginx-controller-admission   ClusterIP   10.233.27.26   <none>        443/TCP                      96m
            kind: Ingress
            apiVersion: networking.k8s.io/v1
            metadata:
              name: ks-console-ingress
              namespace: kubesphere-system
              creationTimestamp: '2025-02-17T06:38:52Z'
              annotations:
                kubectl.kubernetes.io/last-applied-configuration: >
                  {"apiVersion":"networking.k8s.io/v1","kind":"Ingress","metadata":{"annotations":{"nginx.ingress.kubernetes.io/ssl-redirect":"true"},"name":"ks-console-ingress","namespace":"kubesphere-system"},"spec":{"ingressClassName":"nginx","rules":[{"host":"ks.local","http":{"paths":[{"backend":{"service":{"name":"ks-console","port":{"number":30880}}},"path":"/","pathType":"Prefix"}]}}],"tls":[{"hosts":["ks.local"],"secretName":"kubesphere-tls"}]}}
                nginx.ingress.kubernetes.io/ssl-redirect: 'true'
            spec:
              defaultBackend:
                service:
                  name: ks-console
                  port:
                    number: 80
              ingressClassName: nginx
              rules:
              - host: ks.local
                http:
                  paths:
                  - backend:
                      service:
                        name: ks-console
                        port:
                          number: 80
                    path: /
                    pathType: Prefix
              tls:
              - hosts:
                - ks.local
                secretName: kubesphere-tls
            status:
              loadBalancer:
                ingress:
                - ip: 10.233.46.50

            請問我下一步該怎麼辦

            cici portal.hostname 配置为 192.168.1.3.nip.io 就可以了

            也可以直接修改

            kubectl -n kubesphere-system edit ingress ks-console