반응형
kubernetes dashboard 구성
대시보드 설치를 위해 아래 명령어 실행
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard unchanged
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs unchanged
secret/kubernetes-dashboard-csrf configured
secret/kubernetes-dashboard-key-holder unchanged
configmap/kubernetes-dashboard-settings unchanged
role.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper createdproxy 실행
kubectl proxy$ kubectl proxy
Starting to serve on 127.0.0.1:8001
*** 로컬 서버에서만 웹에 접근할 수 있음
서비스 계정 생성
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
EOF$ cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
EOF
- output -
serviceaccount/admin-user unchangedClusterRoleBinding 만들기
cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF$ cat <<EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
EOF
- output -
clusterrolebinding.rbac.authorization.k8s.io/admin-user unchanged토근받기
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-2wd8h
Namespace: kubernetes-dashboard
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: cf92e37d-9967-41fb-9462-f90e3a339ed0
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 20 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IjdDNC1NaHl5anljYmIxWEIxMUR0N2M4bzk3cXdWUmJMTjY2WG9pa05kUnci
fQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY
2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pb
i11c2VyLXRva2VuLTJ3ZDhoIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkb
WluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjZjkyZTM3ZC05OTY3L
TQxZmItOTQ2Mi1mOTBlM2EzMzllZDAiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6Y
WRtaW4tdXNlciJ9.EnFEkR4heEVvhNt8IJkRx30Erd6-BJ0OGU5vwftegJMQNLba38AoMs6QNHd3WVlN-AS0YJ6IfUAWMyWkPbG2
hkk59U_TIdfMunNrZcJcr06pWoLFcDA-ay9k0U9oZVdDYUOhtr2-d0fNrLZZhSSQM9I3N5TSINz4qCi8s4eSxeaEr_3eBNzNNYcd
u9KARG1mA4SJJnNdJCj6rFnNc_UYn93MNI70IbNmuAV0qlE7ceOhqrgKOH0Q76v2XCXulK5RtdfEjqmkHrlS1yqR0K-dIB_HL8yO
qcPe9ShkVE2snWLQaR-6Gut5vNZ5smai1o939Spy5SLucwlyN4lIkvLKPANodePort로 편집(외부에서 접속하기 위함)
kubectl get service kubernetes-dashboard -n kubernetes-dashboard$ kubectl edit service kubernetes-dashboard -n kubernetes-dashboard
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
creationTimestamp: "2020-11-06T08:14:11Z"
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
resourceVersion: "810156"
selfLink: /api/v1/namespaces/kubernetes-dashboard/services/kubernetes-dashboard
uid: 3680b9e2-b50a-4cbe-90e2-bae953fd9e38
spec:
clusterIP: 10.106.4.251
externalTrafficPolicy: Cluster
ports:
- nodePort: 32471
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort ###ClusterIP 에서 NodePort로 변경
status:
loadBalancer: {}kubectl get service kubernetes-dashboard -n kubernetes-dashboard$ kubectl get service kubernetes-dashboard -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.106.4.251 <none> 443:32471/TCP 30m웹 대시보드 접근
- 토근 입력
- 대시보드 Overview
참고URL
- kubernetes/dashboard : https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
728x90
반응형
'리눅스' 카테고리의 다른 글
| [kubernetes] APP(httpd) 배포 테스트 (0) | 2020.11.10 |
|---|---|
| 쿠버네티스에서 NGINX Ingress Controller를 설정하는 방법 (0) | 2020.11.09 |
| [kubernetes] 웹 서버(nginx) 배포(deployment) (0) | 2020.11.05 |
| [kubernetes] kubectl get (0) | 2020.11.05 |
| [kubernetes] 모든 네임스페이스 내 모든 파드의 목록 조회 (0) | 2020.11.04 |
