Kubernetes 배포Dashboard

Kubernetes 배포Dashboard
Kubernetes Dashboard는 Kubernetes 정보를 시각적으로 표시하는 웹 플러그인입니다
배치하다

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml

프로비저닝
NodePort를 통한 액세스로 수정

kubectl -n kubernetes-dashboard edit service kubernetes-dashboard

ports 아래에 nodePort: 32576 추가, clusterIp 변경NodePort

spec:
  clusterIP: 10.104.3.252
  externalTrafficPolicy: Cluster
  ports:
  - nodePort: 32576
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: NodePort

이제 노드 IP 및 포트를 통해https://192.168.0.110:32576/Dashboard에 액세스(Chrome에서 인증서 오류, 액세스할 수 없음, Fix)
ServiceAccount 생성

vi admin-role.yaml

다음을 입력합니다.

kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: admin
  namespace: kubernetes-dashboard
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin
  namespace: kubernetes-dashboard
  labels:
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile

kubectl apply -f admin-role.yaml

Token 가져오기
실행:

kubectl -n kubernetes-dashboard  get secret|grep admin-token

admin-token-r8b4b                        kubernetes.io/service-account-token   3      48m
kubernetes-dashboard-admin-token-qlnhp   kubernetes.io/service-account-token   3      60m

실행:

kubectl -n kubernetes-dashboard describe secret admin-token-r8b4b

Name:         admin-token-r8b4b
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin
              kubernetes.io/service-account.uid: 03a2bca0-b6c0-4cde-93aa-c4a6cd70dfdb

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi1yOGI0YiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjAzYTJiY2EwLWI2YzAtNGNkZS05M2FhLWM0YTZjZDcwZGZkYiIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlcm5ldGVzLWRhc2hib2FyZDphZG1pbiJ9.g_dtJjhbLVfJRcdhlyYH-ekn08Dv3_Ok9oMZ7o0jU0Ri90sIhaANaprVlGK7QiKzIkz_BNT1Hw_reAseoOy7smFriKhn4a4wPMO0Ir1aJPavDdoVIEhBDHHzrukXl3mVO92WgkBkAMIo8HoVve-1pj9QVtT7hu_e8GXifyLu1v6s26lMbVouG8cPD4hzM2grRfhCt7qjioP3Gs6khtmHysu_uCBNW63HvuwzMBRS-lSr1ewWld4QnrvgqJ-IfLqAcjHjysNR26Xi9IBAswkq0E-1qSgIyduALITXx9FK9RqNBOTZ33OeDBCE-OYqmlIItDuYl4qRaksV3mccL4RVWA

획득한 Token을 Dashboard의 입력 상자에 입력하고 로그인하면 됩니다.
당면한 문제
1. 액세스 페이지 프롬프트 ServiceUnavailable

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "no endpoints available for service \"https:kubernetes-dashboard:\"",
  "reason": "ServiceUnavailable",
  "code": 503
}

Dashboard Pod 상태 보기

kubectl get pods -n kube-system | grep dashboard
kubernetes-dashboard-77fd78f978-zqbs4   0/1     ImagePullBackOff   0          115m

Pod 상세 정보 보기

kubectl -n kube-system describe pod kubernetes-dashboard-77fd78f978-zqbs4
Name:               kubernetes-dashboard-77fd78f978-zqbs4
Namespace:          kube-system
Priority:           0
PriorityClassName:  <none>
Node:               ubuntu/192.168.111.129
Start Time:         Tue, 16 Oct 2018 09:50:14 +0000
Labels:             k8s-app=kubernetes-dashboard
                    pod-template-hash=77fd78f978
Annotations:        <none>
Status:             Pending
IP:                 10.32.0.4
Controlled By:      ReplicaSet/kubernetes-dashboard-77fd78f978
Containers:
  kubernetes-dashboard:
    Container ID:
    Image:         k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
    Image ID:
    Port:          8443/TCP
    Host Port:     0/TCP
    Args:
      --auto-generate-certificates
    State:          Waiting
      Reason:       ImagePullBackOff
    Ready:          False
    Restart Count:  0
    Liveness:       http-get https://:8443/ delay=30s timeout=30s period=10s #success=1 #failure=3
    Environment:    <none>
    Mounts:
      /certs from kubernetes-dashboard-certs (rw)
      /tmp from tmp-volume (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from kubernetes-dashboard-token-7skvp (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             False
  ContainersReady   False
  PodScheduled      True
Volumes:
  kubernetes-dashboard-certs:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  kubernetes-dashboard-certs
    Optional:    false
  tmp-volume:
    Type:    EmptyDir (a temporary directory that shares a pod's lifetime)
    Medium:
  kubernetes-dashboard-token-7skvp:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  kubernetes-dashboard-token-7skvp
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node-role.kubernetes.io/master:NoSchedule
                 node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type     Reason   Age                     From             Message
  ----     ------   ----                    ----             -------
  Warning  Failed   9m17s (x458 over 119m)  kubelet, ubuntu  Error: ImagePullBackOff
  Normal   BackOff  4m14s (x479 over 119m)  kubelet, ubuntu  Back-off pulling image "k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0"

마지막 줄은 거울을 끌어올릴 때 실패한 것을 볼 수 있다.미러를 당겨 부팅하면 다음과 같은 두 가지 해결 방법이 있습니다.

# 1.            ，        
docker pull k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0

# 2.       ，               
docker pull registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0
docker tag registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0 k8s.gcr.io/kubernetes-dashboard-amd64:v1.10.0
docker rmi registry.cn-hangzhou.aliyuncs.com/google_containers/kubernetes-dashboard-amd64:v1.10.0

렌즈를 끌어다 놓고 잠시 기다리면 Kubernetes에서 자동으로 새 Pod를 생성합니다.또는 Dashboard의 모든 리소스를 제거하여 다시 만들 수도 있습니다.

kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

2. 재부팅 후 kubectl 프롬프트 사용The connection to the server 192.168.111.129:6443 was refused - did you specify the right host or port?Ubuntu를 다시 시작하면 Dashboard timeout에 액세스하여 kubectl get pods -n kube-system Pod 상태를 보고 프롬프트를 표시합니다.

The connection to the server 192.168.111.129:6443 was refused - did you specify the right host or port?

구성 문제인 줄 알았는데 참고https://github.com/kubernetes/kubernetes/issues/50295#issuecomment- 376603921, 시도해도 해결할 수 없음;마지막으로 kubeadm init 재생성을 시도합니다.

running with swap on is not supported. Please disable swap

Swap으로 인해 Kubenetes가 성공적으로 시작되지 않았습니다. swap을 닫고 다시 시작하면 문제가 해결됩니다.

sudo swapoff -a
sudo chown $(id -u):$(id -g) $HOME/.kube/config