- Print
- PDF
Using clusters
- Print
- PDF
Available in Classic
In this guide, you will need to use the commands, kubectl
and helm
. In order to control clusters with these commands, you should download the configuration file from the Ncloud Kubernetes Service console and use it in one of the following ways:
- Add the configuration file to
$HOME/.kube/config
. - Add the option,
--kubeconfig="configuration file"
, when usingkubectl
andhelm
.
Install kubectl
kubectl provides CLI features to control clusters.
Install kubectl by operating system
- Install kubectl on Linux
- Install kubectl on macOS
- Install kubectl on Windows (Powershell)
- Install kubectl on Windows (Command Prompt)
Configure kubeconfig environment variables
Example: Set $KUBE_CONFIG on macOS/Linux
$ export KUBE_CONFIG="${HOME}/Downloads/kubeconfig-1865.yaml"
$ echo $KUBE_CONFIG
/Users/azamara/Downloads/kubeconfig-1865.yaml
$ kubectl --kubeconfig=$KUBE_CONFIG get nodes
NAME STATUS ROLES AGE VERSION
nks-pool-1865-w2zy Ready node 4d v1.12.3
nks-pool-1865-w2zz Ready node 4d v1.12.3
Example: Set $KUBE_CONFIG on Windows Powershell
> $KUBE_CONFIG=$HOME+"\Downloads\kubeconfig-1865.yaml"
> $KUBE_CONFIG
C:\Users\NAVER\Downloads\kubeconfig-1865.yaml
> kubectl --kubeconfig=$KUBE_CONFIG get nodes
NAME STATUS ROLES AGE VERSION
nks-pool-1865-w2zy Ready node 4d5h v1.12.3
nks-pool-1865-w2zz Ready node 4d5h v1.12.3
Example: Set $KUBE_CONFIG on Windows Command Prompt
> SET KUBE_CONFIG=%USERPROFILE%\Downloads\kubeconfig-1865.yaml
> kubectl --kubeconfig=%KUBE_CONFIG% get nodes
NAME STATUS ROLES AGE VERSION
nks-pool-1865-w2zy Ready node 4d5h v1.12.3
nks-pool-1865-w2zz Ready node 4d5h v1.12.3
Connect to Kubernetes Dashboard
Kubernetes Dashboard is a GUI tool that enables you to check and control clusters.
Get a token for accessing Kubernetes Dashboard
Check token information
$ kubectl --kubeconfig=$KUBE_CONFIG -n kube-system get secret | grep kubernetes-dashboard-token
kubernetes-dashboard-token-56h7n kubernetes.io/service-account-token 3 2d3h
From the secret list, find kubernetes-dashboard-token
and execute the following command to get the token information.
$ kubectl --kubeconfig=$KUBE_CONFIG -n kube-system describe secret kubernetes-dashboard-token-56h7n
Name: kubernetes-dashboard-token-56h7n
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: kubernetes-dashboard
kubernetes.io/service-account.uid: 77036f26-55de-11e9-b757-f220cd3abfc8
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsImtpZ...
Get only token values
To get only a token value as shown below, the awk command should be supported.
$ kubectl --kubeconfig=$KUBE_CONFIG -n kube-system describe secret \
$(kubectl --kubeconfig=$KUBE_CONFIG -n kube-system get secret | awk '/^kubernetes-dashboard-token/{print $1}') | awk '$1=="token:"{print $2}'
eyJhbGciOiJSUzI1NiIsImtpZ...
Start Kubernetes Dashboard Proxy
$ kubectl --kubeconfig=$KUBE_CONFIG proxy
Execute the above command and connect to the following address on your browser, and the Dashboard appears.
- http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/overview?namespace=default
Enter the token value (eyJhbGciOiJSUzI1NiIsImtpZ...
) on the home screen and click Login.
Now, you can easily view and control your clusters on the Dashboard.
Connect to Kubernetes Dashboard via an external domain
To connect to the Kubernetes Dashboard via an external domain, you should add the “system:anonymous” permission.
Check access address
Execute the following command to get the address of kubernetes-dashboard.
$ kubectl --kubeconfig=$KUBE_CONFIG cluster-info
...
kubernetes-dashboard is running at https://CLUSTER_ID.kr.nks.ntruss.com/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
...
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
- Example:
https://CLUSTER_ID.kr.nks.ntruss.com/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
Since external access to the address is blocked by default, you need to add system:anonymous permission first and then access the address. Get a token for accessing Kubernetes Dashboard and log in with the token (eyJhbGciOiJSUzI1NiIsImtpZ...
) to use the Kubernetes Dashboard.
Add system:anonymous permission
Adding this permission allows you to access the Kubernetes Dashboard from an external address.
$ cat <<EOF | kubectl --kubeconfig=$KUBE_CONFIG apply -f -
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard-anonymous
rules:
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["https:kubernetes-dashboard:"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- nonResourceURLs: ["/ui", "/ui/*", "/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-anonymous
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard-anonymous
subjects:
- kind: User
name: system:anonymous
EOF
Delete system:anonymous permission
Once the permission is deleted, you can no longer access the Kubernetes Dashboard from an external address.
$ kubectl --kubeconfig=$KUBE_CONFIG delete clusterrole kubernetes-dashboard-anonymous
$ kubectl --kubeconfig=$KUBE_CONFIG delete clusterrolebinding kubernetes-dashboard-anonymous
Install Weave Scope
Weave Scope is a visualization tool that helps you see resources of your Kubernetes clusters, including worker nodes, pods and containers conveniently.
Install Weave Scope
$ kubectl --kubeconfig=$KUBE_CONFIG apply -f "https://cloud.weave.works/k8s/scope.yaml?k8s-version=$(kubectl --kubeconfig=$KUBE_CONFIG version | base64 | tr -d '\n')"
namespace/weave created
serviceaccount/weave-scope created
clusterrole.rbac.authorization.k8s.io/weave-scope created
clusterrolebinding.rbac.authorization.k8s.io/weave-scope created
deployment.apps/weave-scope-app created
service/weave-scope-app created
daemonset.extensions/weave-scope-agent created
Access Weave Scope on your local machine
$ export POD_NAME=$(kubectl --kubeconfig=$KUBE_CONFIG get pods -n weave -l "name=weave-scope-app" -o jsonpath="{.items[0].metadata.name}"); echo $POD_NAME; kubectl --kubeconfig=$KUBE_CONFIG -n weave port-forward $POD_NAME 14040:4040
weave-scope-app-79b7f7b9b6-rx99f
Forwarding from 127.0.0.1:14040 -> 4040
Forwarding from [::1]:14040 -> 4040
Execute the above command and connect to the following address on your browser, and the Weave Scope page appears.
http://localhost:14040