일 | 월 | 화 | 수 | 목 | 금 | 토 |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | 7 |
8 | 9 | 10 | 11 | 12 | 13 | 14 |
15 | 16 | 17 | 18 | 19 | 20 | 21 |
22 | 23 | 24 | 25 | 26 | 27 | 28 |
29 | 30 | 31 |
Tags
- pacman
- golang
- cephadm
- Octavia
- nfs-provisioner
- yum
- k8s
- Linux
- terraform
- Kubeflow
- archlinux
- kolla-ansible
- repository
- awx
- libvirt
- Kubernetes
- Ansible
- HTML
- grafana-loki
- KVM
- port open
- Docker
- ceph
- ceph-ansible
- i3
- Arch
- ubuntu
- kolla
- OpenStack
- cloud-init
Archives
- Today
- Total
YJWANG
Kubernetes Dashboard 설정 본문
refer to
https://kubernetes.io/ko/docs/tasks/access-application-cluster/web-ui-dashboard/
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
아래와 같이 kubernetes dashboard를 설치하고 로그인 하는 법에 대해 기술합니다.
Dashboard 설치
첫번째 URL (공식홈페이지)에 나와있는 대로 설치를 진행합니다.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
정상적으로 배포가 됨을 확인합니다.
[root@master01 ~]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-7b59f7d4df-44nqf 1/1 Running 0 65m
kubernetes-dashboard-74d688b6bc-mggk9 1/1 Running 0 65m
저는 접근하기 위해 proxy를 사용하지 않고 NodePort로 진행했습니다.
[root@master01 ~]# kubectl get svc -n kubernetes-dashboard kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.100.28.176 <none> 443:31396/TCP 66m
[root@master01 ~]# kubectl edit svc -n kubernetes-dashboard kubernetes-dashboard
...
type: NodePort
...
Dashboard login을 위한 token 생성
아래 yaml파일을 생성하여 dash-admin이라는 ServiceAccount를 만들거고 Cluster-admin role을 부여합니다.
==> ./role.yaml <==
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dash-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dash-admin
namespace: kube-system
==> ./user.yaml <==
apiVersion: v1
kind: ServiceAccount
metadata:
name: dash-admin
namespace: kube-system
# kubectl apply -f user.yaml
# kubectl apply -f role.yaml
생성된 user의 token을 확인합니다. (명령문의 user 이름은 생성하신 user에 맞게 변경합니다.)
[root@master01 dashboard]# kubectl describe secrets -n kube-system dash-admin
Name: dash-admin-token-8p2mm
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: dash-admin
kubernetes.io/service-account.uid: da62a2ad-6203-4dc3-a8ea-e45b46402c5f
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1066 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IktWVzJIMnF6Ry1fYkw5eW5mdGNxeG15SmUxNXpEa0dHcXdPMnhxbU5rUDAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoLWFkbWluLXRva2VuLThwMm1tIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRhc2gtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkYTYyYTJhZC02MjAzLTRkYzMtYThlYS1lNDViNDY0MDJjNWYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGFzaC1hZG1pbiJ9.rKKd_R_Pu2N_nPVcX526rgNL6xGk_IY1p9OJeYvoMjmiNi0kE0o-HLSKhM7y1ntchsBy7j_1v3x8iy7GspVpWdObgEQA4_7qXkoJABvAMJpDUlt4oLHrcOwZSXwR6DHkUCGOxZsOBaECrPow_Bo8Vj0F8uYd-fsVZLYMFqFkjoRrxMcky7VgJ-V2HAAhqOGwaIvdMGLJqAX0h9RIoaYnhUaf9MAR_zeLRVwzFvkai9n5NPpeS_1M-rdqTxFFx0obFgdoIA-aU7QxKTHbZA0CXxgIkRAMJNXvO-hJ7o8plH_KrDNNVOvV4H_hV7w63zfSp66v4a12Ez_HiomE9Dx6KQ
token: 뒤에 있는 부분을 복사하여 login할 때 입력합니다.
반응형