前提環境
kubernetesが動作している環境を準備する。
Web UI (Dashboard)の追加
Dashboard UIはデフォルトで追加されていないようです。
■YMLファイル取得
[root@k8s-master ~]# curl -O https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4727 100 4727 0 0 22906 0 --:--:-- --:--:-- --:--:-- 22946
[root@k8s-master ~]#
■create
[root@k8s-master ~]# kubectl create -f kubernetes-dashboard.yaml
secret "kubernetes-dashboard-certs" created
serviceaccount "kubernetes-dashboard" created
role "kubernetes-dashboard-minimal" created
rolebinding "kubernetes-dashboard-minimal" created
deployment "kubernetes-dashboard" created
service "kubernetes-dashboard" created
[root@k8s-master ~]#
リバースプロキシとしての起動① ※NG
[root@k8s-master ~]# kubectl proxy
Starting to serve on 127.0.0.1:8001
接続確認(curl)
アドレスをローカルループバックでは何かが取得できたが、アドレス"192.168.20.100"を指定した場合は接続できない
[root@k8s-master ~]# curl -L http://192.168.20.100:8001/ui
curl: (7) Failed connect to 192.168.20.100:8001; 接続を拒否されました
[root@k8s-master ~]#
[root@k8s-master ~]# curl -L http://localhost:8001/ui
<!doctype html> <html ng-app="kubernetesDashboard"> <head> <meta charset="utf-8"> <title ng-controller="kdTitle as $ctrl" ng-bind="$ctrl.title()"></title> <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png"> <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="static/vendor.93db0a0d.css"> <link rel="stylesheet" href="static/app.93e259f7.css"> </head> <body ng-controller="kdMain as $ctrl"> <!--[if lt IE 10]>
<p class="browsehappy">You are using an <strong>outdated</strong> browser.
Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your
experience.</p>
<![endif]--> <kd-login layout="column" layout-fill="" ng-if="$ctrl.isLoginState()"> </kd-login> <kd-chrome layout="column" layout-fill="" ng-if="!$ctrl.isLoginState()"> </kd-chrome> <script src="static/vendor.bd425c26.js"></script> <script src="api/appConfig.json"></script> <script src="static/app.b5ad51ac.js"></script> </body> </html> [root@k8s-master ~]#
[root@k8s-master ~]#
リバースプロキシとしての起動② ※OK
[root@k8s-master ~]# kubectl proxy --address 0.0.0.0 --accept-hosts '.*'
Starting to serve on [::]:8001
接続確認(curl)
最新のDashboard?では接続URL①はリダイレクトされなくてdashboard画面が表示されないようです。その場合は②のURLで直接Dashboardに接続すると大丈夫そうでした。
■接続URL①: http://192.168.20.100:8001/ui
アドレスをローカルアドレスとローカルループバックで何かが取得できたので大丈夫そう。
[root@k8s-master ~]# curl -L http://192.168.20.100:8001/ui
<!doctype html> <html ng-app="kubernetesDashboard"> <head> <meta charset="utf-8"> <title ng-controller="kdTitle as $ctrl" ng-bind="$ctrl.title()"></title> <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png"> <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="static/vendor.93db0a0d.css"> <link rel="stylesheet" href="static/app.93e259f7.css"> </head> <body ng-controller="kdMain as $ctrl"> <!--[if lt IE 10]>
<p class="browsehappy">You are using an <strong>outdated</strong> browser.
Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your
experience.</p>
<![endif]--> <kd-login layout="column" layout-fill="" ng-if="$ctrl.isLoginState()"> </kd-login> <kd-chrome layout="column" layout-fill="" ng-if="!$ctrl.isLoginState()"> </kd-chrome> <script src="static/vendor.bd425c26.js"></script> <script src="api/appConfig.json"></script> <script src="static/app.b5ad51ac.js"></script> </body> </html>
[root@k8s-master ~]#
[root@k8s-master ~]# curl -L http://localhost:8001/ui
<!doctype html> <html ng-app="kubernetesDashboard"> <head> <meta charset="utf-8"> <title ng-controller="kdTitle as $ctrl" ng-bind="$ctrl.title()"></title> <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png"> <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="static/vendor.93db0a0d.css"> <link rel="stylesheet" href="static/app.93e259f7.css"> </head> <body ng-controller="kdMain as $ctrl"> <!--[if lt IE 10]>
<p class="browsehappy">You are using an <strong>outdated</strong> browser.
Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your
experience.</p>
<![endif]--> <kd-login layout="column" layout-fill="" ng-if="$ctrl.isLoginState()"> </kd-login> <kd-chrome layout="column" layout-fill="" ng-if="!$ctrl.isLoginState()"> </kd-chrome> <script src="static/vendor.bd425c26.js"></script> <script src="api/appConfig.json"></script> <script src="static/app.b5ad51ac.js"></script> </body> </html> [root@k8s-master ~]#
接続確認(ブラウザ)
接続URL①: http://192.168.20.100:8001/ui
初回接続時の画面が表示されたので、ここまでは問題なさそうがが、
スキップして次に進むと
という表示となり「User "system:serviceaccount:kube-system:kubernetes-dashboard"」が無いような警告が出る。
kubernetes-dashboard.yamlの設定変更が不足しているようだ。
YAML修正
[root@k8s-master ~]# vi kubernetes-dashboard.yaml
■■■ 追加 ■■■
# ------------------- Dashboard Deployment ------------------- #
kind: Deployment
apiVersion: apps/v1beta2
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
spec:
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
template:
metadata:
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- name: kubernetes-dashboard
image: k8s.gcr.io/kubernetes-dashboard-amd64:v1.8.3
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
# Uncomment the following line to manually specify Kubernetes API server Host
# If not specified, Dashboard will attempt to auto discover the API server and connect
# to it. Uncomment only if the default does not work.
# - --apiserver-host=http://my-address:port
- --apiserver-host=http://192.168.20.100:8001
volumeMounts:
- name: kubernetes-dashboard-certs
mountPath: /certs
# Create on-disk volume to store exec logs
- mountPath: /tmp
name: tmp-volume
livenessProbe:
httpGet:
scheme: HTTPS
path: /
port: 8443
initialDelaySeconds: 30
timeoutSeconds: 30
volumes:
- name: kubernetes-dashboard-certs
secret:
secretName: kubernetes-dashboard-certs
- name: tmp-volume
emptyDir: {}
serviceAccountName: kubernetes-dashboard
# Comment the following tolerations if Dashboard must not be deployed on master
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
---
# ------------------- Dashboard Service ------------------- #
接続確認(ブラウザ)
接続URL: http://192.168.20.100:8001/ui
スキップを押して次に進むと、一応情報は取得できた。
が、だれがアクセスしても何でも出来てしまうのでセキュリティ的には最悪のアクセス権設定。。
