본문 바로가기

리눅스

Kubernetes Dashboard를 설치하고 구성하는 방법

반응형

Kubernetes Dashboard를 설치하고 구성하는 방법(WEB UI)

1. Kubernetes Dashboard 설치

Dashboard 배포

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard unchanged
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs unchanged
secret/kubernetes-dashboard-csrf configured
secret/kubernetes-dashboard-key-holder unchanged
configmap/kubernetes-dashboard-settings unchanged
role.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

확인

kubectl get pods -n kubernetes-dashboard

2. 서비스 계정 생성 및 권한 부여

Kubernetes Dashboard에 접근하기 위해서는 권한을 가진 서비스 계정을 생성해야 합니다.

 

관리자 권한을 가진 서비스 계정 생성

cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
EOF
$ cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
EOF

- output -
serviceaccount/admin-user unchanged

 

cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
EOF
$ cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
EOF

- output -
clusterrolebinding.rbac.authorization.k8s.io/admin-user unchanged

토큰 가져오기

kubectl create token admin-user -n kubernetes-dashboard
$ kubectl create token admin-user -n kubernetes-dashboard
eyJhbGciOiJSUzI1NiIsImtpZCI6InM4a1F0Wma6.eyJhdWQiOl5K-bOCMtgMZw

 

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-2wd8h
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: cf92e37d-9967-41fb-9462-f90e3a339ed0

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IjdDNC1NaHl5anljYmIxWEIxMUR0N2M4bzk3cXdWUmJMTjY2WG9pa05kUnci
fQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY
2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pb
i11c2VyLXRva2VuLTJ3ZDhoIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkb
WluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjZjkyZTM3ZC05OTY3L
TQxZmItOTQ2Mi1mOTBlM2EzMzllZDAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6Y
WRtaW4tdXNlciJ9.EnFEkR4heEVvhNt8IJkRx30Erd6-BJ0OGU5vwftegJMQNLba38AoMs6QNHd3WVlN-AS0YJ6IfUAWMyWkPbG2
hkk59U_TIdfMunNrZcJcr06pWoLFcDA-ay9k0U9oZVdDYUOhtr2-d0fNrLZZhSSQM9I3N5TSINz4qCi8s4eSxeaEr_3eBNzNNYcd
u9KARG1mA4SJJnNdJCj6rFnNc_UYn93MNI70IbNmuAV0qlE7ceOhqrgKOH0Q76v2XCXulK5RtdfEjqmkHrlS1yqR0K-dIB_HL8yO
qcPe9ShkVE2snWLQaR-6Gut5vNZ5smai1o939Spy5SLucwlyN4lIkvLKPA
728x90

3. Dashboard에 접근

kubectl proxy 실행

kubectl proxy
$ kubectl proxy
Starting to serve on 127.0.0.1:8001

웹 브라우저에서 Dashboard 열기

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

*** 로컬 서버에서만 웹에 접근할 수 있음

토큰을 사용하여 로그인

kubectl create token admin-user -n kubernetes-dashboard

외부에서 Dashboard에 접근

NodePort로 편집(외부에서 접속하기 위함)

kubectl edit service kubernetes-dashboard -n kubernetes-dashboard

kubernetes-dashboard 서비스의 타입을 NodePort로 변경합니다.

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
  creationTimestamp: "2020-11-06T08:14:11Z"
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  resourceVersion: "810156"
  selfLink: /api/v1/namespaces/kubernetes-dashboard/services/kubernetes-dashboard
  uid: 3680b9e2-b50a-4cbe-90e2-bae953fd9e38
spec:
  clusterIP: 10.106.4.251
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 32471
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: NodePort ###ClusterIP 에서 NodePort로 변경
status:
  loadBalancer: {}

외부 IP와 포트를 사용하여 Dashboard에 접근합니다.

kubectl get service kubernetes-dashboard -n kubernetes-dashboard
$ kubectl get service kubernetes-dashboard -n kubernetes-dashboard
NAME                   TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.106.4.251   <none>        443:32471/TCP   30m

웹 브라우저에서 Dashboard 열기

  • 토근 입력
kubectl create token admin-user -n kubernetes-dashboard

Kubernetes-Dashboard

대시보드 Overview

Kubernetes-Dashboard

 

참고URL

- kubernetes/dashboard : https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

 

728x90
반응형