EKS에 Kubernetes metrics-server (대시보드) 배포하기

Print
Tech Note 정보
카테고리: [ Amazon Web Services ]
조회수: 30266

1. 개요

2. 다운로드 및 설치

$ DOWNLOAD_URL=$(curl --silent "https://api.github.com/repos/kubernetes-incubator/metrics-server/releases/latest" | jq -r .tarball_url)
$ DOWNLOAD_VERSION=$(grep -o '[^/v]*$' <<< $DOWNLOAD_URL)
$ curl -Ls $DOWNLOAD_URL -o metrics-server-$DOWNLOAD_VERSION.tar.gz
$ mkdir metrics-server-$DOWNLOAD_VERSION
$ tar -xzf metrics-server-$DOWNLOAD_VERSION.tar.gz --directory metrics-server-$DOWNLOAD_VERSION --strip-components 1
$ kubectl apply -f metrics-server-$DOWNLOAD_VERSION/deploy/1.8+/
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
deployment.apps/metrics-server created
service/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created

3. 매트릭 서버 배포 확인

$ kubectl get deployment metrics-server -n kube-system
NAME             READY   UP-TO-DATE   AVAILABLE   AGE
metrics-server   0/1     1            0           9m55s

4. 대시보드 배포

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

5. 계정 및 역할 생성

5.1. 파일 생성

eks-admin-service-account.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: eks-admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: eks-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: eks-admin
  namespace: kube-system

5.2. 적용

$ kubectl apply -f eks-admin-service-account.yaml
serviceaccount/eks-admin created
clusterrolebinding.rbac.authorization.k8s.io/eks-admin created

6. 대시보드 연결

6.1. 연결

$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')
Name:         eks-admin-token-gqfz6
Namespace:    kube-system
Labels:       
Annotations:  kubernetes.io/service-account.name: eks-admin
              kubernetes.io/service-account.uid: xxx

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      xxx

위의 token: 값은 뒤에서 사용된다.

6.2. proxy 처리

6.2.1. 로컬로만 proxy

$ kubectl proxy
Starting to serve on 127.0.0.1:8001

6.2.2. 외부로도 proxy

$ kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='.*'
Starting to serve on [::]:8001

이렇게 하고 브라우저에서 http://13.13.13.13:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login 처럼 외부 IP(EIP)를 통해 접근하면 된다.

하지만 이렇게 하면 초기화면은 뜨지만 로그인은 되지 않는다. 그 이유는 127.0.0.1로 접속한 것이 아니면 안되는 것이.. 그냥 정해진 원칙이다. 쿠버네티스의... 그리고 앞에 Nginx를 두고 리버스 프록시로 태워도 안되는 것은 마찬가지다.