반응형
Kubernetes Dashboard를 설치하고 구성하는 방법(WEB UI)
1. Kubernetes Dashboard 설치
Dashboard 배포
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard unchanged
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs unchanged
secret/kubernetes-dashboard-csrf configured
secret/kubernetes-dashboard-key-holder unchanged
configmap/kubernetes-dashboard-settings unchanged
role.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
확인
kubectl get pods -n kubernetes-dashboard
2. 서비스 계정 생성 및 권한 부여
Kubernetes Dashboard에 접근하기 위해서는 권한을 가진 서비스 계정을 생성해야 합니다.
관리자 권한을 가진 서비스 계정 생성
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
EOF
$ cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
EOF
- output -
serviceaccount/admin-user unchanged
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
$ cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
- output -
clusterrolebinding.rbac.authorization.k8s.io/admin-user unchanged
토큰 가져오기
kubectl create token admin-user -n kubernetes-dashboard
$ kubectl create token admin-user -n kubernetes-dashboard
eyJhbGciOiJSUzI1NiIsImtpZCI6InM4a1F0Wma6.eyJhdWQiOl5K-bOCMtgMZw
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-2wd8h
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: cf92e37d-9967-41fb-9462-f90e3a339ed0
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdDNC1NaHl5anljYmIxWEIxMUR0N2M4bzk3cXdWUmJMTjY2WG9pa05kUnci
fQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY
2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pb
i11c2VyLXRva2VuLTJ3ZDhoIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkb
WluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjZjkyZTM3ZC05OTY3L
TQxZmItOTQ2Mi1mOTBlM2EzMzllZDAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6Y
WRtaW4tdXNlciJ9.EnFEkR4heEVvhNt8IJkRx30Erd6-BJ0OGU5vwftegJMQNLba38AoMs6QNHd3WVlN-AS0YJ6IfUAWMyWkPbG2
hkk59U_TIdfMunNrZcJcr06pWoLFcDA-ay9k0U9oZVdDYUOhtr2-d0fNrLZZhSSQM9I3N5TSINz4qCi8s4eSxeaEr_3eBNzNNYcd
u9KARG1mA4SJJnNdJCj6rFnNc_UYn93MNI70IbNmuAV0qlE7ceOhqrgKOH0Q76v2XCXulK5RtdfEjqmkHrlS1yqR0K-dIB_HL8yO
qcPe9ShkVE2snWLQaR-6Gut5vNZ5smai1o939Spy5SLucwlyN4lIkvLKPA
728x90
3. Dashboard에 접근
kubectl proxy 실행
kubectl proxy
$ kubectl proxy
Starting to serve on 127.0.0.1:8001
웹 브라우저에서 Dashboard 열기
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
*** 로컬 서버에서만 웹에 접근할 수 있음
토큰을 사용하여 로그인
kubectl create token admin-user -n kubernetes-dashboard
외부에서 Dashboard에 접근
NodePort로 편집(외부에서 접속하기 위함)
kubectl edit service kubernetes-dashboard -n kubernetes-dashboard
kubernetes-dashboard 서비스의 타입을 NodePort로 변경합니다.
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
creationTimestamp: "2020-11-06T08:14:11Z"
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
resourceVersion: "810156"
selfLink: /api/v1/namespaces/kubernetes-dashboard/services/kubernetes-dashboard
uid: 3680b9e2-b50a-4cbe-90e2-bae953fd9e38
spec:
clusterIP: 10.106.4.251
externalTrafficPolicy: Cluster
ports:
- nodePort: 32471
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort ###ClusterIP 에서 NodePort로 변경
status:
loadBalancer: {}
외부 IP와 포트를 사용하여 Dashboard에 접근합니다.
kubectl get service kubernetes-dashboard -n kubernetes-dashboard
$ kubectl get service kubernetes-dashboard -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.106.4.251 <none> 443:32471/TCP 30m
웹 브라우저에서 Dashboard 열기
- 토근 입력
kubectl create token admin-user -n kubernetes-dashboard
대시보드 Overview
참고URL
- kubernetes/dashboard : https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
728x90
반응형
'리눅스' 카테고리의 다른 글
[kubernetes] APP(httpd) 배포 테스트 (0) | 2020.11.10 |
---|---|
쿠버네티스에서 NGINX Ingress Controller를 설정하는 방법 (0) | 2020.11.09 |
[kubernetes] 웹 서버(nginx) 배포(deployment) (0) | 2020.11.05 |
[kubernetes] kubectl get (0) | 2020.11.05 |
kubernetes 클러스터 내 모든 네임스페이스의 파드 상태 확인 (0) | 2020.11.04 |