YJWANG

Kubernetes Dashboard 설정 본문

60.Cloud/80.Kubernetes

Kubernetes Dashboard 설정

왕영주 2020. 12. 4. 10:43

refer to

https://kubernetes.io/ko/docs/tasks/access-application-cluster/web-ui-dashboard/
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

아래와 같이 kubernetes dashboard를 설치하고 로그인 하는 법에 대해 기술합니다.



Dashboard 설치

첫번째 URL (공식홈페이지)에 나와있는 대로 설치를 진행합니다.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

정상적으로 배포가 됨을 확인합니다.

[root@master01 ~]# kubectl get pods -n kubernetes-dashboard 
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-7b59f7d4df-44nqf   1/1     Running   0          65m
kubernetes-dashboard-74d688b6bc-mggk9        1/1     Running   0          65m

저는 접근하기 위해 proxy를 사용하지 않고 NodePort로 진행했습니다.

[root@master01 ~]# kubectl get svc -n kubernetes-dashboard kubernetes-dashboard 
NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.100.28.176   <none>        443:31396/TCP   66m
[root@master01 ~]# kubectl edit svc -n kubernetes-dashboard kubernetes-dashboard 
...
  type: NodePort
...

Dashboard login을 위한 token 생성

아래 yaml파일을 생성하여 dash-admin이라는 ServiceAccount를 만들거고 Cluster-admin role을 부여합니다.

==> ./role.yaml <==
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   name: dash-admin
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: cluster-admin
 subjects:
 - kind: ServiceAccount
   name: dash-admin
   namespace: kube-system

==> ./user.yaml <==
 apiVersion: v1
 kind: ServiceAccount
 metadata:
   name: dash-admin
   namespace: kube-system
# kubectl apply -f user.yaml
# kubectl apply -f role.yaml

생성된 user의 token을 확인합니다. (명령문의 user 이름은 생성하신 user에 맞게 변경합니다.)

[root@master01 dashboard]# kubectl describe secrets -n kube-system dash-admin
Name:         dash-admin-token-8p2mm
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dash-admin
              kubernetes.io/service-account.uid: da62a2ad-6203-4dc3-a8ea-e45b46402c5f

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1066 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IktWVzJIMnF6Ry1fYkw5eW5mdGNxeG15SmUxNXpEa0dHcXdPMnhxbU5rUDAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkYXNoLWFkbWluLXRva2VuLThwMm1tIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRhc2gtYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkYTYyYTJhZC02MjAzLTRkYzMtYThlYS1lNDViNDY0MDJjNWYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06ZGFzaC1hZG1pbiJ9.rKKd_R_Pu2N_nPVcX526rgNL6xGk_IY1p9OJeYvoMjmiNi0kE0o-HLSKhM7y1ntchsBy7j_1v3x8iy7GspVpWdObgEQA4_7qXkoJABvAMJpDUlt4oLHrcOwZSXwR6DHkUCGOxZsOBaECrPow_Bo8Vj0F8uYd-fsVZLYMFqFkjoRrxMcky7VgJ-V2HAAhqOGwaIvdMGLJqAX0h9RIoaYnhUaf9MAR_zeLRVwzFvkai9n5NPpeS_1M-rdqTxFFx0obFgdoIA-aU7QxKTHbZA0CXxgIkRAMJNXvO-hJ7o8plH_KrDNNVOvV4H_hV7w63zfSp66v4a12Ez_HiomE9Dx6KQ

token: 뒤에 있는 부분을 복사하여 login할 때 입력합니다.

반응형
저작자표시
'60.Cloud/80.Kubernetes' Related Articles more