대시보드 UI 배포
대시보드 UI는 기본으로 배포되지 않는다. 배포하려면 다음 커맨드를 실행한다.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml
사용자 만들기
dashboard-adminuser.yaml 파일 생성
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
아래 명령 실행
kubectl apply -f dashboard-adminuser.yaml
>> serviceaccount/admin-user created
롤바인딩
dashboard-adminuser-role.yaml 파일 생성
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
아래 명령 실행
kubectl apply -f dashboard-adminuser-role.yaml
>> clusterrolebinding.rbac.authorization.k8s.io/admin-user created
토큰 생성
kubectl -n kubernetes-dashboard create token admin-user
eyJhbGciOiJSUzI1NiIsImtpZCI6IkVLTnV2WXZpeFJ1elY2S1VMZVYxVjZIeHVVeU43RXNkWVB3S2dtdXZFRnMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiNzExMWI5Yy0wMWMxLTQ4OTktYTZhNS1mMmYwZDk5OTE5OWQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.EjBQcub0QvsKv5-TCxSF0ETX6gn4JL0wIFnE2iiCGmhcZjZW0FVA1xtmV_NSipdMAY-ZjWWRf7C1-y-aFm1QVBwk_fj8Pq9CEzcfWSs84X8ROxi8A54luC3_ywXFqhnQWSa7X8Aand0ajUsrn1nnlZJeAdAo3NtPpwVewlfGMBmsk-rpYyACyQkF84-dwwNkgE3xhvGXfK_jl0JH0F_fra1lgQ8WRxDiEvUyX_fId4pRO5Kpm9G9I9babyA5rAWyCqsRJfhNGqcYN-6as3-SuEDNs9IsCbTL5f3dYCymtpFPetc_FMuSk_KivCU8gBeYuyppvTOHvnLSYb0AMUoJTw
Secret 에 토큰 생성
- 대시보드 로그인 후 kubernetes-dashboard 네임스페이스에서 생성하거나
- 아래 내용으로 yaml 파일 생성 후
kubectl apply -f실행
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
eyJhbGciOiJSUzI1NiIsImtpZCI6IkVLTnV2WXZpeFJ1elY2S1VMZVYxVjZIeHVVeU43RXNkWVB3S2dtdXZFRnMifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiNzExMWI5Yy0wMWMxLTQ4OTktYTZhNS1mMmYwZDk5OTE5OWQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.EjBQcub0QvsKv5-TCxSF0ETX6gn4JL0wIFnE2iiCGmhcZjZW0FVA1xtmV_NSipdMAY-ZjWWRf7C1-y-aFm1QVBwk_fj8Pq9CEzcfWSs84X8ROxi8A54luC3_ywXFqhnQWSa7X8Aand0ajUsrn1nnlZJeAdAo3NtPpwVewlfGMBmsk-rpYyACyQkF84-dwwNkgE3xhvGXfK_jl0JH0F_fra1lgQ8WRxDiEvUyX_fId4pRO5Kpm9G9I9babyA5rAWyCqsRJfhNGqcYN-6as3-SuEDNs9IsCbTL5f3dYCymtpFPetc_FMuSk_KivCU8gBeYuyppvTOHvnLSYb0AMUoJTw
커맨드 라인 프록시
kubectl 커맨드라인 도구를 이용해 다음 커맨드를 실행함으로써 대시보드로의 접속을 활성화할 수 있다.
kubectl proxy
대시보드 접속
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
UI는 오직 커맨드가 실행된 머신에서만 접근 가능하다. 상세 내용은 kubectl proxy --help 옵션을 확인한다.
