[데브옵스를 위한 쿠버네티스 마스터] 리소스 로깅과 모니터링 - 큐브 대시보드 설치와 사용

큐브 대시보드 설치와 사용

---

Kubernetes Dashboard

• Kubernetes 클러스터 용 범용 웹 기반 UI
• 사용자는 클러스터에서 실행중인 응용 프로그램을 관리하고 문제를 해결, 클러스터 자체를 관리
• https://github.com/kubernetes/dashboard

---

Kubernetes Dashboard 설치

• https://github.com/kubernetes/dashboard
• 다음 명령을 사용하여 git에 올라온 yaml 파일을 바로 적용

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.1.0/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

kubernetes-dashboard 설치 확인

$ kubectl get all -n kubernetes-dashboard
NAME                                            READY   STATUS    RESTARTS   AGE
pod/dashboard-metrics-scraper-894c58c65-425pd   1/1     Running   0          98s
pod/kubernetes-dashboard-775dfc9478-gbmw8       1/1     Running   0          98s

NAME                                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
service/dashboard-metrics-scraper   ClusterIP   10.36.6.235    <none>        8000/TCP   98s
service/kubernetes-dashboard        ClusterIP   10.36.13.174   <none>        443/TCP    102s

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/dashboard-metrics-scraper   1/1     1            1           99s
deployment.apps/kubernetes-dashboard        1/1     1            1           100s

NAME                                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/dashboard-metrics-scraper-894c58c65   1         1         1       99s
replicaset.apps/kubernetes-dashboard-775dfc9478       1         1         1       100s

kubernetes 의 service 타입을 NodePort 타입으로 변경

$ kubectl edit service/kubernetes-dashboard -n kubernetes-dashboard

spec:
  ...
  type: NodePort
  ...

NodePort 로 변경된 것을 확인

$ kubectl get all -n kubernetes-dashboard
NAME                                            READY   STATUS    RESTARTS   AGE
pod/dashboard-metrics-scraper-894c58c65-425pd   1/1     Running   0          6m29s
pod/kubernetes-dashboard-775dfc9478-gbmw8       1/1     Running   0          6m29s

NAME                                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
service/dashboard-metrics-scraper   ClusterIP   10.36.6.235    <none>        8000/TCP        6m29s
service/kubernetes-dashboard        NodePort    10.36.13.174   <none>        443:31487/TCP   6m33s

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/dashboard-metrics-scraper   1/1     1            1           6m30s
deployment.apps/kubernetes-dashboard        1/1     1            1           6m31s

NAME                                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/dashboard-metrics-scraper-894c58c65   1         1         1       6m30s
replicaset.apps/kubernetes-dashboard-775dfc9478       1         1         1       6m31s

kubernetes-dashboard 의 ServiceAccount 확인
kubernetes-dashboard 권한을 사용할 수 있도록 만들어진 계정 확인

$ kubectl get sa -n kubernetes-dashboard kubernetes-dashboard
NAME                   SECRETS   AGE
kubernetes-dashboard   1         11m

kuebernetes-dashboard 의 ServiceAccount 내용 확인

$ kubectl get sa -n kubernetes-dashboard kubernetes-dashboard -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"}}
  creationTimestamp: "2021-01-16T12:33:49Z"
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  resourceVersion: "5286369"
  selfLink: /api/v1/namespaces/kubernetes-dashboard/serviceaccounts/kubernetes-dashboard
  uid: b77c3ca7-26c4-41c6-a99a-63eb62a94c41
secrets:
- name: kubernetes-dashboard-token-9rmv4

kubernetes-dashboard secret 확인

$ kubectl get secret -n kubernetes-dashboard
NAME                               TYPE                                  DATA   AGE
default-token-t6xr4                kubernetes.io/service-account-token   3      14m
kubernetes-dashboard-certs         Opaque                                0      14m
kubernetes-dashboard-csrf          Opaque                                1      14m
kubernetes-dashboard-key-holder    Opaque                                2      14m
kubernetes-dashboard-token-9rmv4   kubernetes.io/service-account-token   3      14m

kubernetes-dashboard-token 확인

$ kubectl describe secret -n kubernetes-dashboard kubernetes-dashboard-token-9rmv4
Name:         kubernetes-dashboard-token-9rmv4
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: b77c3ca7-26c4-41c6-a99a-63eb62a94c41
Type:  kubernetes.io/service-account-token
Data
====
ca.crt:     1159 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IlRRenlNMnU0YlQyMVJRUFNWMHhuTUt5T3JuZEk3d3Y0SjdiTm1KMHQtTEEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2V
ydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi05cm12NCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImI3N2MzY
2E3LTI2YzQtNDFjNi1hOTlhLTYzZWI2MmE5NGM0MSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.nHZATstFsCn69kyFlctRBg1Aa3nICWrc_JdrgV5-JifmmWIcJuaGsMCeE6cnLrLunwhS26aXCA35KjlEkGmD89rXa06OCwzWy9ydrf-jSRKG37OvUa4zT6
XQJVGDT1e-qB9oYF-YzKfxJXOfOKGNU1vqEXVIQJwNBPa9jh4NVdorfcTYBtaLyn7ktZvDX2tH9tjmNwBpg00Wd8v9kTa0zJiLGvtJE2uyo-Ct9WkKTn1ikCzxLqX5Lz2V-4C-37r8UYpvL_MpHHkEAlcG4nPQDJ8TVK7XYn1xLH6_or5CVZPJxq_Bb3Q9CF5oJrAjQzQrJPF1bKdvVoLOS8PwvwhK6g

• 외부로 443 포트를 열고 127.0.0.1:31487 접속

토큰을 체크하고 출력된 토큰을 복사해서 붙여 넣고 로그인

https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md#creating-a-clusterrolebinding

kubernetes-dashboard ServiceAccount 에 권한 주기

kube-dashboard-role-binding.yaml 파일 생성

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard-rolebinding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard

kubectl 로 생성

$ kubectl create -f kube-dashboard-role-binding.yaml
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-rolebinding created

kubernetes-dashboard 에 접속해서 확인하면 모니터링이 잘 되는 것을 확인할 수 있음

---

Kubernetes Dashboard 토큰 확인

$ kubectl create -f user.yaml

$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

출력되는 토큰을 복사

yJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJ rdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZX JuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY 2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8v c2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1 pbi11c2VyLXRva2VuLTVrMjlrIiwia3ViZXJuZXRlcy 5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291b nQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVz LmlvL3NlcnZpY2VhY2NvdW50...

---

Kubernetes Dashboard 접속

모니터링, 편집, 삭제 및 exec 로 바로 shell 로 접속이 가능