Kubernetes

[KUBERNETES] dashboard 설치

1. dashboard,admin-rbac, heapster 설치

1
2
3
4
5
6
7
8
9
10
11
12
13
git clone https://github.com/DragOnMe/k8s-1.8-dashboard-heapster-mod.git
cd k8s-1.8.1-dashboard/
kubectl apply -f kubernetes-dashboard.yaml
kubectl apply -f kubernetes-dashboard-admin-rbac.yaml
cd ../
kubectl apply -f k8s-heapster/

[root@localhost k8s-1.8.1-dashboard]# kubectl get pods -nkube-system -w
NAME                                            READY     STATUS    RESTARTS   AGE
heapster-dfd674df9-k6vr7                        1/1       Running   0          3d
kubernetes-dashboard-5bd6f767c7-2h6wv           1/1       Running   0          2d
monitoring-grafana-76848b566c-cts9n             1/1       Running   0          3d
monitoring-influxdb-6c4b84d695-d8j4t            1/1       Running   0          3d

kubernetes-dashboard.yaml 수정

  1. image 변경 (1.8.1 -> 1.8.3)
  2. service nodeport 설정
    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    13
    14
    15
    16
    17
    18
    19
    20
    21
    22
    23
     spec:
          containers:
          - name: kubernetes-dashboard
            image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
    //==========================================================

    kind: Service
    apiVersion: v1
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard
      namespace: kube-system
    spec:
      # Added NodePort
      type: NodePort
      ports:
        - port: 443
          targetPort: 8443
          # Added nodePort: 30000
          nodePort: 30000
      selector:
        k8s-app: kubernetes-dashboard

2. dashboard 접근 token 조회

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
[root@localhost]# kubectl -n kube-system get secret | grep kubernetes-dashboard-admin
kubernetes-dashboard-admin-token-mcx5k           kubernetes.io/service-account-token 
[root@localhost]# kubectl describe -nkube-system secret kubernetes-dashboard-admin-token-mcx5k
Name:         kubernetes-dashboard-admin-token-mcx5k
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=kubernetes-dashboard-admin
              kubernetes.io/service-account.uid=1d1aa7aa-30c1-11e8-a365-002590a7058c

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsInR....중략...
FhyrXH_2ZZlAkYvm0oCT5VZMYCnKQ77NZEdyFXvZpsrXTA4BwfKyPFaFxUPKA

3. 서버local이 아닌 브라우저에서 접근하기위해 nginx수정

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
server {
        listen 443;
        server_name <접근호스트>;
        ssl on;
        ssl_certificate /etc/kubernetes/pki/ca.crt;
        ssl_certificate_key  /etc/kubernetes/pki/ca.key;

        location / {
                proxy_pass https://<master-ip>:30000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }
}