[k8s]쿠버네티스 대시보드(dash-board) 설치
by SuSu Daddy쿠버네티스 대시보드(dash-board) 설치하기
□ 참고 사이트
- 쿠버네티스 대시보드 설치
GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters
General-purpose web UI for Kubernetes clusters. Contribute to kubernetes/dashboard development by creating an account on GitHub.
github.com
- 쿠버네티스 대시보드 유저 생성
GitHub - kubernetes/dashboard: General-purpose web UI for Kubernetes clusters
General-purpose web UI for Kubernetes clusters. Contribute to kubernetes/dashboard development by creating an account on GitHub.
github.com
□ 쿠버네티스 설치 스크립트 다운받기
wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml
--2022-08-15 05:44:16-- https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 185.199.111.133, 185.199.108.133, 185.199.109.133, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|185.199.111.133|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 7621 (7.4K) [text/plain]
Saving to: ‘recommended.yaml’
recommended.yaml 100%[==============================================================================================>] 7.44K --.-KB/s in 0s□ NodePort를 이용하여 외부에서 접속가능 하도록 설정
- 다운받은 recommended.yaml 파일을 열어 service를 NodePort로 변경
| 수정전 | 수정후 |
| kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: ports: - port: 443 targetPort: 8443 selector: k8s-app: kubernetes-dashboard |
kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard namespace: kubernetes-dashboard spec: ports: - port: 443 targetPort: 8443 notePort: 31000 selector: k8s-app: kubernetes-dashboard type: NodePort |
- 수정된 yaml 파일 적용
kubectl -f apply recommended.yaml- 접속하기
https://{control-plane ip}:31000
□ Token 생성
- service-account
#dash-board-service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard- cluster-rolebinding
# dash-board-cluster-rolebinding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard- yaml 파일 적용
kubectl apply -f dash-board-service-account.yaml
kubectl apply -f dash-board-cluster-rolebinding.yaml- Token 생성
kubectl -n kubernetes-dashboard create token admin-user[참고]
- 기존엔 아래와 같이 serviceaccount 생성 token이 자동 생성되어 아래의 명령어로 추출이 가능하였다. 하지만 1.22버전 부터는 수동으로 service account api token을 생성하여야 한다.
kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"Since 1.22, this type of Secret is no longer used to mount credentials into Pods, and obtaining tokens via the
TokenRequest API is recommended instead of using service account token Secret objects. Tokens obtained from the
TokenRequest API are more secure than ones stored in Secret objects, because they have a bounded lifetime and are not readable by other API clients. You can use the kubectl create token command to obtain a token from the
TokenRequest API.
- Manually create a service account API token
Configure Service Accounts for Pods
A service account provides an identity for processes that run in a Pod. Note: This document is a user introduction to Service Accounts and describes how service accounts behave in a cluster set up as recommended by the Kubernetes project. Your cluster admi
kubernetes.io
'Dev > Kubernetes' 카테고리의 다른 글
| [k8s] Install jenkins with Helm (0) | 2022.08.24 |
|---|---|
| [k8s] load balancer for bare-metal (0) | 2022.08.24 |
| [k8s] Install ingress-nginx with Helm (0) | 2022.08.24 |
| [k8s] 1. 쿠버네티스로 컨테이너 실행하기 (0) | 2022.08.12 |
| Kubernetes Cluster via kubeadm on Ubuntu 22.04 (Unbuntu 20.04, containerd) (0) | 2022.08.10 |
블로그의 정보
SuSu Daddy
SuSu Daddy