Login
      Contents x
      Using clusters
        • Print
        • PDF
        Contents

        Using clusters

          • Print
          • PDF
          Article Summary

          Available in Classic

          In this guide, you will need to use the commands, kubectl and helm. In order to control clusters with these commands, you should download the configuration file from the Ncloud Kubernetes Service console and use it in one of the following ways:

          • Add the configuration file to $HOME/.kube/config.
          • Add the option, --kubeconfig="configuration file", when using kubectl and helm.

          Install kubectl

          kubectl provides CLI features to control clusters.

          Install kubectl by operating system

          Configure kubeconfig environment variables

          Example: Set $KUBE_CONFIG on macOS/Linux

          $ export KUBE_CONFIG="${HOME}/Downloads/kubeconfig-1865.yaml"
$ echo $KUBE_CONFIG
/Users/azamara/Downloads/kubeconfig-1865.yaml

$ kubectl --kubeconfig=$KUBE_CONFIG get nodes
NAME                 STATUS   ROLES   AGE   VERSION
nks-pool-1865-w2zy   Ready    node    4d    v1.12.3
nks-pool-1865-w2zz   Ready    node    4d    v1.12.3

          Example: Set $KUBE_CONFIG on Windows Powershell

          > $KUBE_CONFIG=$HOME+"\Downloads\kubeconfig-1865.yaml"
> $KUBE_CONFIG
C:\Users\NAVER\Downloads\kubeconfig-1865.yaml
> kubectl --kubeconfig=$KUBE_CONFIG get nodes
NAME                 STATUS   ROLES   AGE    VERSION
nks-pool-1865-w2zy   Ready    node    4d5h   v1.12.3
nks-pool-1865-w2zz   Ready    node    4d5h   v1.12.3

          Example: Set $KUBE_CONFIG on Windows Command Prompt

          > SET KUBE_CONFIG=%USERPROFILE%\Downloads\kubeconfig-1865.yaml
> kubectl --kubeconfig=%KUBE_CONFIG% get nodes
NAME                 STATUS   ROLES   AGE    VERSION
nks-pool-1865-w2zy   Ready    node    4d5h   v1.12.3
nks-pool-1865-w2zz   Ready    node    4d5h   v1.12.3

          Connect to Kubernetes Dashboard

          Kubernetes Dashboard is a GUI tool that enables you to check and control clusters.

          Get a token for accessing Kubernetes Dashboard

          Check token information 

          $ kubectl --kubeconfig=$KUBE_CONFIG -n kube-system get secret | grep kubernetes-dashboard-token
kubernetes-dashboard-token-56h7n                 kubernetes.io/service-account-token   3      2d3h

          From the secret list, find kubernetes-dashboard-token and execute the following command to get the token information.

          $ kubectl --kubeconfig=$KUBE_CONFIG -n kube-system describe secret kubernetes-dashboard-token-56h7n
Name:         kubernetes-dashboard-token-56h7n
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: kubernetes-dashboard
              kubernetes.io/service-account.uid: 77036f26-55de-11e9-b757-f220cd3abfc8

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZ...

          Get only token values

          To get only a token value as shown below, the awk command should be supported.

          $ kubectl --kubeconfig=$KUBE_CONFIG -n kube-system describe secret \
$(kubectl --kubeconfig=$KUBE_CONFIG -n kube-system get secret | awk '/^kubernetes-dashboard-token/{print $1}') | awk '$1=="token:"{print $2}'
eyJhbGciOiJSUzI1NiIsImtpZ...

          Start Kubernetes Dashboard Proxy 

          $ kubectl --kubeconfig=$KUBE_CONFIG proxy

          Execute the above command and connect to the following address on your browser, and the Dashboard appears.

          • http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/overview?namespace=default

          nks-1-2-1_en

          Enter the token value (eyJhbGciOiJSUzI1NiIsImtpZ...) on the home screen and click Login.

          nks-1-2-2_en

          Now, you can easily view and control your clusters on the Dashboard.

          Connect to Kubernetes Dashboard via an external domain

          To connect to the Kubernetes Dashboard via an external domain, you should add the “system:anonymous” permission.

          Check access address

          Execute the following command to get the address of kubernetes-dashboard.

          $ kubectl --kubeconfig=$KUBE_CONFIG cluster-info
...
kubernetes-dashboard is running at https://CLUSTER_ID.kr.nks.ntruss.com/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
...

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
          • Example: https://CLUSTER_ID.kr.nks.ntruss.com/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy

          Since external access to the address is blocked by default, you need to add system:anonymous permission first and then access the address. Get a token for accessing Kubernetes Dashboard and log in with the token (eyJhbGciOiJSUzI1NiIsImtpZ...) to use the Kubernetes Dashboard.

          nks-1-2-1a_en

          Add system:anonymous permission

          Adding this permission allows you to access the Kubernetes Dashboard from an external address.

          $ cat <<EOF | kubectl --kubeconfig=$KUBE_CONFIG apply -f -
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: kubernetes-dashboard-anonymous
rules:
- apiGroups: [""]
  resources: ["services/proxy"]
  resourceNames: ["https:kubernetes-dashboard:"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- nonResourceURLs: ["/ui", "/ui/*", "/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/*"]
  verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard-anonymous
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard-anonymous
subjects:
- kind: User
  name: system:anonymous
EOF

          Delete system:anonymous permission

          Once the permission is deleted, you can no longer access the Kubernetes Dashboard from an external address.

          $ kubectl --kubeconfig=$KUBE_CONFIG delete clusterrole kubernetes-dashboard-anonymous
$ kubectl --kubeconfig=$KUBE_CONFIG delete clusterrolebinding kubernetes-dashboard-anonymous

          Install Weave Scope

          Weave Scope is a visualization tool that helps you see resources of your Kubernetes clusters, including worker nodes, pods and containers conveniently.

          Install Weave Scope 

          $ kubectl --kubeconfig=$KUBE_CONFIG apply -f "https://cloud.weave.works/k8s/scope.yaml?k8s-version=$(kubectl --kubeconfig=$KUBE_CONFIG version | base64 | tr -d '\n')"
namespace/weave created
serviceaccount/weave-scope created
clusterrole.rbac.authorization.k8s.io/weave-scope created
clusterrolebinding.rbac.authorization.k8s.io/weave-scope created
deployment.apps/weave-scope-app created
service/weave-scope-app created
daemonset.extensions/weave-scope-agent created

          Access Weave Scope on your local machine 

          $ export POD_NAME=$(kubectl --kubeconfig=$KUBE_CONFIG get pods -n weave -l "name=weave-scope-app" -o jsonpath="{.items[0].metadata.name}"); echo $POD_NAME; kubectl --kubeconfig=$KUBE_CONFIG -n weave port-forward $POD_NAME 14040:4040
weave-scope-app-79b7f7b9b6-rx99f
Forwarding from 127.0.0.1:14040 -> 4040
Forwarding from [::1]:14040 -> 4040

          Execute the above command and connect to the following address on your browser, and the Weave Scope page appears.

          • http://localhost:14040

          nks-1-2-3_en

          Was this article helpful?
          What's Next
          Change password!
          Changing your password will log you out immediately. Use the new password to log back in.
          Change profile
          Success!
          First name must have atleast 2 characters. Numbers and special characters are not allowed.
          Last name must have atleast 1 characters. Numbers and special characters are not allowed.
          Enter a valid email
          Enter a valid password
          Your profile has been successfully updated.
          Logout