소개
Kubernetes 클러스터를 위한 범용 웹 기반 UI
웹 UI로 클러스터에서 실행 중인 애플리케이션을 관리하고 문제를 해결, 클러스터 자체를 관리 가능
https://github.com/kubernetes/dashboard
설치
helm을 사용해서 설치
# 레포 추가
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# kubernetes-dashboard chart 업그레이드, 없으면 설치
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboardkubernetes-dashboard namespace에 설치
cert-manager및 nginx-ingress-controller 필요하기에 자동으로 설치된다.
만약 이미 있다면
--set=nginx.enabled=false
--set=cert-manager.enabled=false
을 추가하여 설치한다.
install cert-manager
가끔씩 꼬여서 직접 하나하나 설치해야할 때가 있어서 올린다.
helm repo add jetstack https://charts.jetstack.io
helm repo update
helm install \
cert-manager jetstack/cert-manager \
--namespace cert-manager \
--create-namespace \
--version v1.12.0 \
# --set installCRDs=true- --set installCRDs=true : Helm은 Certificate CRD를 쿠버네티스에 설치합니다.
Pod 보안 정책 및 승인
kubectl label --overwrite ns kubernetes-dashboard pod-security.kubernetes.io/enforce=baseline제거방법
helm delete kubernetes-dashboard --namespace kubernetes-dashboard다른 설치 방법 kubernetes 설치 방법 공식문서
https://kubernetes.io/ko/docs/tasks/access-application-cluster/web-ui-dashboard/
설치후 접속
port-forward 방식으로 접속
https://localhost:8443 으로 접속할 수 있다.
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-nginx-controller 8443:443helm 기본 설치하면 nginx-controler 에서 roadbalaner 로 설정이 되어 있는데
이것을 nodeport로 바꿔주면 편하게 접속 할 수 있다.
또한 spec: host , tls: 부분의 localhost를 제거하면 외부에서도 접속이 가능하게 된다.
k edit ingress -n kubernetes-dashboard kubernetes-dashboardapiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/issuer: selfsigned
meta.helm.sh/release-name: kubernetes-dashboard
meta.helm.sh/release-namespace: kubernetes-dashboard
nginx.ingress.kubernetes.io/ssl-redirect: "true"
creationTimestamp: "2023-07-13T05:34:04Z"
generation: 2
labels:
app.kubernetes.io/instance: kubernetes-dashboard
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/part-of: kubernetes-dashboard
helm.sh/chart: kubernetes-dashboard-7.0.2
name: kubernetes-dashboard
namespace: kubernetes-dashboard
resourceVersion: "141089"
uid: 453cfb33-d40f-4ed6-b350-b8074de20a92
spec:
ingressClassName: nginx
rules:
- http:
paths:
- backend:
service:
name: kubernetes-dashboard-web
port:
name: web
path: /
pathType: ImplementationSpecific
- backend:
service:
name: kubernetes-dashboard-api
port:
name: api
path: /api
pathType: ImplementationSpecific
tls:
- secretName: kubernetes-dashboard-certs
status:
loadBalancer:
ingress:
- ip: 10.97.171.155
dashboard user 만들기
ClusterRoleBinding-admin-user.yaml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboardServiceAccount-admin-user.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboardmake Dashboard Token
kubectl -n kubernetes-dashboard create token admin-user실행 후 나온 토큰을 저장해 두고 로그인을 한다.
접속화면
TS
Error: failed post-install: warning: Hook post-install kubernetes-dashboard/templates/networking/post-install-ingress-issuer.yaml failed: 1 error occurred:
* Internal error occurred: failed calling webhook "webhook.cert-manager.io": failed to call webhook: Post "https://kubernetes-dashboard-cert-manager-webhook.kubernetes-dashboard.svc:443/mutate?timeout=10s": dial tcp 10.107.187.120:443: connect: connection refusedkubectl edit configmaps -n kube-flannel kube-flannel-cfg
kind: ConfigMap
apiVersion: v1
metadata:
name: kube-flannel-cfg
namespace: kube-system
labels:
tier: node
app: flannel
data:
net-conf.json: |
{
"Network": "10.244.0.0/16",
"Backend": {
"Type": "host-gw"
}
}
k delete pods -n kube-flannel kube-flannel-ds-f8mcv kube-flannel-ds-q76v4 kube-flannel-ds-stqf9
오류 시 여러가지 시도해볼 것들
--kubelet-insecure-tls=true
--enable-aggregator-routing = true
--set startupapicheck.timeout=5m --set installCRDs=true
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard --set startupapicheck.timeout=5m --set installCRDs=true --set=api.nodeSelector.node-name=instance-ubuntu-arm,web.nodeSelector.node-name=instance-ubuntu-armwebhook관련오류 webhook.securePort=10260 로 바꿔서
helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --version v1.9.0 --set startupapicheck.timeout=5m --set installCRDs=true --set webhook.hostNetwork=true --set webhook.securePort=10260admin 계정 모든 권한
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: admin-user-clusterrole
rules:
- apiGroups: ["*"]
resources: ["*"]
verbs: ["*"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user-clusterrolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: admin-user-clusterrole
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard'Infra > Kubernetes' 카테고리의 다른 글
| containerd, kubernetes 설치하기 feat. Arm , Troubleshooting (0) | 2023.09.05 |
|---|---|
| Helm 설치 및 사용 (0) | 2023.09.05 |
| WARNING: Kubernetes configuration admin.conf (0) | 2023.09.04 |
| CKA 취득 (0) | 2023.04.16 |
| CKA 준비과정 (0) | 2023.04.16 |
