반응형
쿠버네티스 대시보드 설치 및 외부 접근 방법
쿠버네티스 대시보드 설치
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
Warning: spec.template.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: deprecated since v1.19; use the "seccompProfile" field instead
deployment.apps/dashboard-metrics-scraper created
쿠버네티스 대시보드 외부 접근(NodePort) 방법
kubernetes-dashboard 편집
- type: ClusterIP -> type: NodePort 변경
kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
$ kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
creationTimestamp: "2021-11-02T01:38:45Z"
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
resourceVersion: "74025"
uid: e820dad7-1771-4223-9313-2a3b08e36d38
spec:
clusterIP: 10.104.46.187
clusterIPs:
- 10.104.46.187
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- nodePort: 30264
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
NodePort 확인
kubectl -n kubernetes-dashboard get service kubernetes-dashboard
$ kubectl -n kubernetes-dashboard get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.104.46.187 <none> 443:30264/TCP 21m
웹(UI) 대시보드
https://{NODE_IP}:30264
728x90
쿠버네티스 로그인 토큰 생성
serviceaccount 생성
cat <<EOF | kubectl create -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
EOF
$ cat <<EOF | kubectl create -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
EOF
serviceaccount/admin-user created
ClusterRoleBinding 생성
cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
EOF
$ cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
EOF
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
사용자 계정의 토큰 호출
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-xgzwf
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: d46c32d5-6d39-435d-9a7f-8a73c64e1fa3
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6InQxTjlkZlQ5Tl9NLW5hakgwc1draVVnY3dOYWt2OENUVHh6YUxlNElhZ28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXhnendmIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkNDZjMzJkNS02ZDM5LTQzNWQtOWE3Zi04YTczYzY0ZTFmYTMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.ZCnKwF7mXrJteVm1bJeVOKgmydSfD_vlFM1YmBjdNSX2ZQ2l1bewI3O3cMnQ3J6fU0AuawlXJUrrb24zeyqSua_0u-JmIfh7t3NeBJBhaUEZiygFJMrJlDdlzXJADxA0Wy_7AQFDMZCfU5kaPqhs0RokE1Ns0szsNPRkGslQO0_L-kCu9r-T020VFhTtv7j_HDjnAZF9zRphvhGlcoqfpUjIk8eYT99JJHf6labp1IhjbDUOFIb_w9RKZIZdemh288rWsdKjfLrnbOLWZGZhe17gdWhpwO1ZtTqCNx6KdDQgde11aPkLuxxZcLftnzReuGLaLql5ldY0uQFyapzd-Q
웹(UI) 대시보드
쿠버네티스 대시보드 > 모든 네임스페이스
참고URL
- 쿠버네티스 문서 : 쿠버네티스 대시보드를 배포하고 접속하기
728x90
반응형
'리눅스' 카테고리의 다른 글
stress 명령어 (0) | 2021.11.21 |
---|---|
docker를 사용한 kafka 클러스터 설정 (0) | 2021.11.17 |
/var/run/docker.sock의 permission denied 발생하는 경우 (0) | 2021.11.02 |
[kubernetes] 쿠버네티스 클러스터 구성(CentOS 7) (0) | 2021.11.01 |
쿠버네티스 초기화 오류(kubeadm init) (0) | 2021.11.01 |