728x90
반응형
쿠버네티스 대시보드 설치
1. 대시보드 yaml 파일 다운로드
root@master:~# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
--2021-12-07 15:31:28-- https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
raw.githubusercontent.com (raw.githubusercontent.com)을(를) 해석하는 중... 185.199.110.133, 185.199.109.133, 185.199.108.133, ...
접속 raw.githubusercontent.com (raw.githubusercontent.com)|185.199.110.133|:443... 접속됨.
HTTP 요청을 전송했습니다. 응답을 기다리는 중입니다... 200 OK
길이: 7543 (7.4K) [text/plain]
다음 위치에 저장: `recommended.yaml'
recommended.yaml 100%[=================================================================================================================================>] 7.37K --.-KB/s / 0s
2021-12-07 15:31:29 (47.1 MB/s) - `recommended.yaml' 저장됨 [7543/7543]2. 대시보드 yaml 파일 수정
HTTPS가 아닌 HTTP로 바인딩하기 위하여 아래와 같이 컨테이너 8443 포트를 9090 포트로 수정하고 서비스 443 포트를 80으로 수정한다. --auto-generate-certificates를 반드시 주석처리를 해줘야 HTTPS로 바인딩을 하지 않는다.
root@master:~# vi recommended.yaml
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 80
targetPort: 9090
selector:
k8s-app: kubernetes-dashboard
---
...
kind: Deployment
apiVersion: apps/v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: kubernetesui/dashboard:v2.4.0
imagePullPolicy: Always
ports:
- containerPort: 9090
protocol: TCP
args:
# 주석처리
#- --auto-generate-certificates
# 추가
- --enable-skip-login=false
# 추가
- --enable-insecure-login=true
...
volumeMounts:
...
livenessProbe:
httpGet:
scheme: HTTP
path: /
port: 90903. yaml을 활용하여 pod, service 등 생성
root@master:~# kubectl create -f recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/admin-user created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/admin-user created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created4. Ingress yaml 파일 작성
외부에서 대시보드에 접근하기 Ingress를 생성한다. 기존에 nginx ingress가 설치되어 있다는 전제하에 실행하였다.
root@master:~# cat > dashboard-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubernetes-dashboard-ingress
annotations:
kubernetes.io/ingress.class: nginx
spec:
rules:
- http:
paths:
- path: /dashboard
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 805. Ingress 생성
root@master:~# kubectl create -f dashboard-ingress.yaml
ingress.networking.k8s.io/dashboard-ingress created6. 계정 생성
root@master:~# cat > dashboard-admin.yaml
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system7. 계정 생성
root@master:~# kubectl create -f dashboard-admin.yaml
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
8. 토큰 조회
root@master:~# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: attachdetach-controller-token-pntvl
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: attachdetach-controller
kubernetes.io/service-account.uid: 0381deac-39f0-4f6e-9e6a-9d64a599c8bd
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1099 bytes
namespace: 11 bytes
token: eyJhbG...
9. 대시보드 접속
728x90
반응형
'DevOps > Kubernetes' 카테고리의 다른 글
| Kubernetes::핵심 개념 (Core Concepts) (0) | 2023.12.19 |
|---|---|
| Kubernetes - Helm (헬름) (0) | 2021.12.28 |
| Kubernetes - canary deployment (카나리 배포) (0) | 2021.12.03 |
| Kubernetes - Ingress (인그레스) (0) | 2021.12.01 |
| Kubernetes - kube-proxy (0) | 2021.11.30 |
