본문 바로가기

리눅스

[kubernetes] 쿠버네티스 대시보드 설치 및 외부 접근 방법

728x90

쿠버네티스 대시보드 설치 및 외부 접근 방법

쿠버네티스 대시보드 설치

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
Warning: spec.template.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: deprecated since v1.19; use the "seccompProfile" field instead
deployment.apps/dashboard-metrics-scraper created

쿠버네티스 대시보드 외부 접근(NodePort) 방법

kubernetes-dashboard 편집

- kubectl -n kubernetes-dashboard edit service kubernetes-dashboard

- type: ClusterIP -> type: NodePort 변경

$ kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
  creationTimestamp: "2021-11-02T01:38:45Z"
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  resourceVersion: "74025"
  uid: e820dad7-1771-4223-9313-2a3b08e36d38
spec:
  clusterIP: 10.104.46.187
  clusterIPs:
  - 10.104.46.187
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - nodePort: 30264
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

NodePort 확인

kubectl -n kubernetes-dashboard get service kubernetes-dashboard 

$ kubectl -n kubernetes-dashboard get service kubernetes-dashboard 
NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.104.46.187   <none>        443:30264/TCP   21m

웹(UI) 대시보드

https://{NODE_IP}:30264

쿠버네티스 로그인 토큰 생성

serviceaccount 생성

cat <<EOF | kubectl create -f -
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: admin-user
   namespace: kube-system
EOF

serviceaccount/admin-user created

ClusterRoleBinding 생성

cat <<EOF | kubectl create -f -
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: admin-user
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: cluster-admin
 subjects:
 - kind: ServiceAccount
   name: admin-user
   namespace: kube-system
EOF

clusterrolebinding.rbac.authorization.k8s.io/admin-user created

사용자 계정의 토큰 호출

 - kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') 

$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') 
Name:         admin-user-token-xgzwf
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: d46c32d5-6d39-435d-9a7f-8a73c64e1fa3

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InQxTjlkZlQ5Tl9NLW5hakgwc1draVVnY3dOYWt2OENUVHh6YUxlNElhZ28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXhnendmIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkNDZjMzJkNS02ZDM5LTQzNWQtOWE3Zi04YTczYzY0ZTFmYTMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.ZCnKwF7mXrJteVm1bJeVOKgmydSfD_vlFM1YmBjdNSX2ZQ2l1bewI3O3cMnQ3J6fU0AuawlXJUrrb24zeyqSua_0u-JmIfh7t3NeBJBhaUEZiygFJMrJlDdlzXJADxA0Wy_7AQFDMZCfU5kaPqhs0RokE1Ns0szsNPRkGslQO0_L-kCu9r-T020VFhTtv7j_HDjnAZF9zRphvhGlcoqfpUjIk8eYT99JJHf6labp1IhjbDUOFIb_w9RKZIZdemh288rWsdKjfLrnbOLWZGZhe17gdWhpwO1ZtTqCNx6KdDQgde11aPkLuxxZcLftnzReuGLaLql5ldY0uQFyapzd-Q

웹(UI) 대시보드

쿠버네티스 대시보드 > 모든 네임스페이스

728x90