ABOUT ME

    -

    Today
    -
    Yesterday
    -
    Total
    -
    • Kubernetes 대시보드 설치 및 연결
      k8s 2023. 12. 5. 15:10

      오늘은 쿠버네티스 대시보드 연결하는 방법이다.
      대시보드를 이용해서 강의를 진행하시는 분들도 계셔서 나또한 세팅해놓고 꾸준히 공부중이다.

      이전 포스팅에서 사용한

      2023.11.24 - [k8s] - mac m2 Vagrant 와 Parallels Pro를 이용해 로컬구성하기

       

      mac m2 Vagrant 와 Parallels Pro를 이용해 로컬구성하기

      master node 및 worker node 2개를 생성한다. OS는 ubuntu 20.04를 사용한다. ( 22.04는 네트워크가 불안정한지 호환이 안되는지 에러가 자주 발생했다. ) 파드 네트워크는 cilium을 사용 했다. virtualbox 설치 (m시

      limsanggyu.tistory.com

      이 로컬에서 진행하였다.

       

       

      설치

      마스터 노드에서 아래 해당 명령어를 입력해 설치를 진행한다.

      #쿠버네티스 대시보드 설치
kubectl apply -f https://raw.githubusercontent.com/k8s-1pro/install/main/ground/k8s-1.27/dashboard-2.7.0/dashboard.yaml

       

      또한, https://raw.githubusercontent.com/k8s-1pro/install/main/ground/k8s-1.27/dashboard-2.7.0/dashboard.yaml

      이부분을 검색하면 yaml안 내용을 확인할 수 있다.

      아래는 설치 명령어의 yaml내용이다.

      # Copyright 2017 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

apiVersion: v1
kind: Namespace
metadata:
  name: kubernetes-dashboard

---

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 30000
  selector:
    k8s-app: kubernetes-dashboard
  type: NodePort

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kubernetes-dashboard
type: Opaque

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-csrf
  namespace: kubernetes-dashboard
type: Opaque
data:
  csrf: ""

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-key-holder
  namespace: kubernetes-dashboard
type: Opaque

---

kind: ConfigMap
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-settings
  namespace: kubernetes-dashboard

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
rules:
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
  - apiGroups: [""]
    resources: ["secrets"]
    resourceNames: ["kubernetes-dashboard-key-holder", "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
    verbs: ["get", "update", "delete"]
    # Allow Dashboard to get and update 'kubernetes-dashboard-settings' config map.
  - apiGroups: [""]
    resources: ["configmaps"]
    resourceNames: ["kubernetes-dashboard-settings"]
    verbs: ["get", "update"]
    # Allow Dashboard to get metrics.
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["heapster", "dashboard-metrics-scraper"]
    verbs: ["proxy"]
  - apiGroups: [""]
    resources: ["services/proxy"]
    resourceNames: ["heapster", "http:heapster:", "https:heapster:", "dashboard-metrics-scraper", "http:dashboard-metrics-scraper"]
    verbs: ["get"]

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
rules:
  # Allow Metrics Scraper to get metrics from the Metrics server
  - apiGroups: ["metrics.k8s.io"]
    resources: ["pods", "nodes"]
    verbs: ["get", "list", "watch"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard2
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.7.0
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            - --enable-skip-login
            - --apiserver-host=192.168.56.10
            - --token=eyJhbGciOiJSUzI1NiIsImtpZCI6IjRrMzlLV2VkZ2FtZWJvWmlNVE9aWWZPRGlqeWpqUzM4S0MzYXUzd3BXakEifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzAwNDUxMDAzLCJpYXQiOjE3MDA0NDc0MDMsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJhZG1pbi11c2VyIiwidWlkIjoiMzQxOWVmNmUtMGExZi00YTcwLThlODAtNGRlYjkxMDU5M2U1In19LCJuYmYiOjE3MDA0NDc0MDMsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbi11c2VyIn0.KB0SgMV1wVBdrs11AUzVQdobddVadYvTE5gu-4m7IuCqtYFaardT5oz-zkcpwy0fnT9mReOoSBu6RZEdF5E68I-pwEU6gWPu_xw7hJb3fYwg3IcQinX_WJ6BwexRWpDsOugrqC8lMVuTmikXD6GwgI6mtSnmMhGuAfEvPerDoHo0UFntOwBUoNAlAuiT5HFV5pT6FGxbnx410EUGmJYzlcHJJwwFdlnqVRoIPQAcQc7V9nD2gesT9cib_hyflnleejC371kK0Mr2bcUqN14vX2B9KaXlTwMAqx68qaoA9wAgPevvU8OwX452Hp-cGPr57oECtdrEbaq2LZoxw5gbYQ
            - --token-ttl=0
            # Uncomment the following line to manually specify Kubernetes API server Host
            # If not specified, Dashboard will attempt to auto discover the API server and connect
            # to it. Uncomment only if the default does not work.
            # - --apiserver-host=http://my-address:port
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
              # Create on-disk volume to store exec logs
            - mountPath: /tmp
              name: tmp-volume
          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 8443
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 8000
      targetPort: 8000
  selector:
    k8s-app: dashboard-metrics-scraper

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: dashboard-metrics-scraper
  template:
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: dashboard-metrics-scraper
          image: kubernetesui/metrics-scraper:v1.0.8
          ports:
            - containerPort: 8000
              protocol: TCP
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 8000
            initialDelaySeconds: 30
            timeoutSeconds: 30
          volumeMounts:
          - mountPath: /tmp
            name: tmp-volume
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      volumes:
        - name: tmp-volume
          emptyDir: {}

       

      설치가 완료되었으면 kubectl get pods -n kubernetes-dashboard 명령어를 통해서 정상 작동하는지 확인해보자

       

      정상 작동이 되면 kubernetes-dashboard 네임스페이스 내에서 클러스터 관리자 권한을 부여하는 클러스터 역할 바인딩을 생성하자

      vi cluster-role-binding.yaml

      #cluster-role-binding.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

       

      kubectl create -f cluster-role-binding.yaml

       

      다음은 대시보드 토큰을 위한 서비스 어카운트를 생성하자.

      vi service-account.yaml

      #ServiceAccount

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
      kubectl create -f service-account.yaml



      다음 내 로컬 아이피 주소로 대시보드에 접속을 해보면

      참고로 내 로컬 아이피 주소를 모를때는 ifconfig 명령어를 입력해 검정색 가려진 부분 ip주소를 사용하면 된다.
      아마 둘다 사용하는데 지장은 없을거다.

      https://해당하는 IP주소:30000/#/login

위 주소로 로그인하면 된다.
맨 위에 대시보드 yaml내용을 보게되면 노드포트가 30000으로 지정이 되어있기 때문에
노드포트를 사용해 30000port로 접속하면 된다.

       

      위 주소로 접속하면되면 고급을 눌러 안전하지 않음을 클릭해 접속하면 된다.


      안전하지 않음을 눌러 들어가게되면 쿠버네티스 대시보드 화면이 보이는데

      마스터 노드에서 아래 명령어를 입력 후 나오는 토큰 값을 입력해 로그인 해주면 마무리된다.

      #대시보드 토큰 발행
kubectl -n kubernetes-dashboard create token admin-user

       

      나중에 대시보드를 또 요기나게 사용할 수 있는 날이 올수도 있으니 기록용으로 일단 작성해 두었다.

      'k8s' 카테고리의 다른 글

      tfcloud 를 통한 EKS Terraform 설정  (0) 2023.12.20
      로컬 서버에 Longhorn구축  (1) 2023.12.07
      쿠버네티스 기초용어  (1) 2023.12.06
      mac m2 Vagrant 와 Parallels Pro를 이용해 로컬구성하기  (2) 2023.11.24
      Mac M2 UTM k8s 로컬 환경 구성  (0) 2023.11.23

      관련글 관련글 더보기

    Designed by Tistory.

    티스토리툴바