1. 개요
2. 다운로드 및 설치
$ DOWNLOAD_URL=$(curl --silent "https://api.github.com/repos/kubernetes-incubator/metrics-server/releases/latest" | jq -r .tarball_url) $ DOWNLOAD_VERSION=$(grep -o '[^/v]*$' <<< $DOWNLOAD_URL) $ curl -Ls $DOWNLOAD_URL -o metrics-server-$DOWNLOAD_VERSION.tar.gz $ mkdir metrics-server-$DOWNLOAD_VERSION $ tar -xzf metrics-server-$DOWNLOAD_VERSION.tar.gz --directory metrics-server-$DOWNLOAD_VERSION --strip-components 1 $ kubectl apply -f metrics-server-$DOWNLOAD_VERSION/deploy/1.8+/ clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created serviceaccount/metrics-server created deployment.apps/metrics-server created service/metrics-server created clusterrole.rbac.authorization.k8s.io/system:metrics-server created clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
3. 매트릭 서버 배포 확인
$ kubectl get deployment metrics-server -n kube-system NAME READY UP-TO-DATE AVAILABLE AGE metrics-server 0/1 1 0 9m55s
4. 대시보드 배포
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created
5. 계정 및 역할 생성
5.1. 파일 생성
eks-admin-service-account.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: eks-admin namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: eks-admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: eks-admin namespace: kube-system
5.2. 적용
$ kubectl apply -f eks-admin-service-account.yaml serviceaccount/eks-admin created clusterrolebinding.rbac.authorization.k8s.io/eks-admin created
6. 대시보드 연결
6.1. 연결
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}') Name: eks-admin-token-gqfz6 Namespace: kube-system Labels:Annotations: kubernetes.io/service-account.name: eks-admin kubernetes.io/service-account.uid: xxx Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 11 bytes token: xxx
위의 token: 값은 뒤에서 사용된다.
6.2. proxy 처리
6.2.1. 로컬로만 proxy
$ kubectl proxy Starting to serve on 127.0.0.1:8001
6.2.2. 외부로도 proxy
$ kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='.*' Starting to serve on [::]:8001
이렇게 하고 브라우저에서 http://13.13.13.13:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login 처럼 외부 IP(EIP)를 통해 접근하면 된다.
하지만 이렇게 하면 초기화면은 뜨지만 로그인은 되지 않는다. 그 이유는 127.0.0.1로 접속한 것이 아니면 안되는 것이.. 그냥 정해진 원칙이다. 쿠버네티스의... 그리고 앞에 Nginx를 두고 리버스 프록시로 태워도 안되는 것은 마찬가지다.