Kubernetes는 kubectl 또는 API로 배포를 하지만, Dashboard를 통해 전반적인 상태를 UI로 확인할 수 있다. Dashboard를 배포하고, 외부에서 접속하는 방법을 확인해보자.
구성환경
- Windows 10 Pro 1809
- Hyper-v
VM 환경
- 10.10.0.10 docker-master
- 10.10.0.11 docker-node01
- 10.10.0.12 docker-node02
- Dashboard 배포하기
[root@docker-master ~]# kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs unchanged
serviceaccount/kubernetes-dashboard unchanged
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal unchanged
deployment.apps/kubernetes-dashboard unchanged
service/kubernetes-dashboard created
- NodePort 변경으로 외부에서 접속하기
[root@docker-master ~]# kubectl -n kube-system edit service kubernetes-dashboard
.....
"/tmp/kubectl-edit-t3qxl.yaml" 30L, 1081C
selfLink: /api/v1/namespaces/kube-system/services/kubernetes-dashboard
uid: 8feef149-55d3-11e9-8499-00155d5c8246
spec:
clusterIP: 10.96.176.39
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort # ClusterIP 에서 NodePort로 변경
status:
loadBalancer: {}
[root@docker-master ~]# kubectl -n kube-system get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.96.176.39 <none> 443:32735/TCP 70s
- Token을 통한 접속하기
[root@docker-master ~]# cat <<EOF | kubectl create -f -
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
EOF
serviceaccount/admin-user created
[root@docker-master ~]# cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
EOF
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
[root@docker-master ~]# kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-j4fnf
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: 0ab39a99-55d4-11e9-8499-00155d5c8246
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLWo0Zm5mIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwYWIzOWE5OS01NWQ0LTExZTktODQ5OS0wMDE1NWQ1YzgyNDYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.mDGa_fkM71bA-hnd3IhnpjyM9rGIBjscOt7W2aD7KujLcXKIFfuFmTId07G-6Vn135ajGijtq8zJLAQNvBrxPdg5-w2KN2KETyZ3l6AxCZc9Y_PaUgvgOXtWtDyCGMYAQwUtxW8bS0R-QxyZAfJ2uzYhT0M-A1KMzG0kTJfIZzYF7DjcPceroGOBeRQAAE-ef5i25H_K1M7MFgxLwUtlHlZnVp3KNUUmpTK71D-cfNtBG1p7pQbCD0zRZdDXDlsk7Bnm9XMJ3-9GYA_JnM4XmZXWY1v--eiKl6pk4TOWShjpB78wN3evb4CknrFaMn7Rn28YM09pEzXFqxA407GX0g
- 웹브라우저로 접속해서 토큰으로 로그인하기