이전에 설치한 쿠버네티스 클러스터를 쉽게 관리하기 위한 쿠버네티스 대시보드 설치 내용에 대한 포스팅입니다.
1. 쿠버네티스 대시보드 설치
1-1. 대시보드 설치
- 쿠버네티스 대시보드 설치
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yamlnamespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
Warning: spec.template.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: deprecated since v1.19, non-functional in v1.25+; use the "seccompProfile" field instead
deployment.apps/dashboard-metrics-scraper created
1-2. 외부 접근 방법 변경
외부에서 쿠버네티스 대시보드를 접근 하는 방법을 기존 Cluster IP에서 NodePort로 변경해줍니다.
- 쿠버네티스 대시보드 외부 접근(NodePort) 설정
kubernetes-dashboard 편집 -> type 부분을 Cluster IP에서 NodePort로 변경
$ kubectl -n kubernetes-dashboard edit service kubernetes-dashboard# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
creationTimestamp: "2022-04-18T05:02:03Z"
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
resourceVersion: "4504"
uid: 87e523dd-2599-473c-aa17-3b2284998828
spec:
clusterIP: 10.111.218.155
clusterIPs:
- 10.111.218.155
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
- NodePort 확인(master node)
확인 결과 대시보드 포트는 31655이며, 웹 브라우저로 접근 시 활용합니다.
$ kubectl -n kubernetes-dashboard get service kubernetes-dashboardNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.111.218.155 <none> 443:31655/TCP 3m17s
1-3. 쿠버네티스 대시보드 접근
- 대시보드 접근
대시보드 URL : https://192.168.0.1:31655
#https://<master_ip>:<NodePort>
- 쿠버네티스 로그인 토큰 생성
$ cat <<EOF | kubectl create -f -
> apiVersion: v1
> kind: ServiceAccount
> metadata:
> name: admin-user
> namespace: kube-system
> EOF
serviceaccount/admin-user created
- ClusterRoleBinding 생성
$ cat <<EOF | kubectl create -f -
> apiVersion: rbac.authorization.k8s.io/v1
> kind: ClusterRoleBinding
> metadata:
> name: admin-user
> roleRef:
> apiGroup: rbac.authorization.k8s.io
> kind: ClusterRole
> name: cluster-admin
> subjects:
> - kind: ServiceAccount
> name: admin-user
> namespace: kube-system
> EOF
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
- 사용자 계정의 토큰 호출
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')Name: admin-user-token-gfrxg
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 2d57903d-bc4d-41e8-af86-5695ad6a3ba6
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 11 bytes
token: eyJhb~~~
- 웹 대시보드
쿠버네티스 대시보드 -> 검색창 항목에 '모든 네임스페이스' 선택합니다.
'컨테이너 > Kubernetes' 카테고리의 다른 글
| 쿠버네티스 클러스터 설치 (Centos7.9) (0) | 2022.04.19 |
|---|