[NHN Cloud] NHN Kubernetes Service(NKS) 관리용 OpenSource 설치 방법
[DataUs] NHN Kubernetes Service(NKS) 관리용 OpenSource 설치 방법
2022년 NHN Cloud 무료 교육일정 : https://doc.skill.or.kr/2022-NHN-Cloud-Education
NHN Cloud 사용자 가이드 : https://doc.skill.or.kr/nhn-cloud-user-guide
2022년 NHN Cloud 행사/프로모션 정보 공유 : https://doc.skill.or.kr/2022-NHN-Cloud-Event-Promotion
1. Kubebox
Kubernetes 용 터미널 과 웹 콘솔을 제공하는 Kubebox 입니다.
1.1 Kubebox Features
✓ Configuration from kubeconfig files (
KUBECONFIG
environment variable or$HOME/.kube
)✓ Switch contexts interactively
✓ Authentication support (bearer token, basic auth, private key / cert, OAuth, OpenID Connect, Amazon EKS, Google Kubernetes Engine, Digital Ocean)
✓ Namespace selection and pods list watching
✓ Container log scrolling / watching
✓ Container resources usage (memory, CPU, network, file system charts) [1]
✓ Container remote exec terminal
✓ Cluster, namespace, pod events
❏ Object configuration editor and CRUD operations
❏ Cluster and nodes views / monitoring
1.2 Kubebox Terminal Console Install
1.2.1 Kubebox Install
원격 접속 후 터미널로 실행이 가능하며 이를 권장 함.
1.2.2 Kubebox Terminal Console 실행 화면
1.2.3 Kubebox Download & Executable
Download the Kubebox standalone executable for your OS:
1.3 Kubebox Web Console Install
Kubebox Web Console 접속 할 때 비밀번호 없이 접속이 가능하며 이를 제한 하여야 함.
1.3.1 Kubebox Web Console 실행 화면
1.4 Kubebox Development
1.5 Kubebox Hotkeys
Keybinding
Description
General
l, Ctrl+l
Login
n
Change current namespace
[Shift+]←, →
[Alt+]1, …, 9
Navigate screens (use Shift or Alt inside exec terminal)
Tab, Shift+Tab
Change focus within the active screen
↑, ↓
Navigate list / form / log
PgUp, PgDn
Move one page up / down
Enter
Select item / submit form
Esc
Close modal window / cancel form
Ctrl+z
Close current screen
q, Ctrl+q
Login
←, →
Navigate Kube configurations
Pods
Enter
Select pod / cycle containers
r
Remote shell into container
m
Memory usage
c
CPU usage
t
Network usage
f
File system usage
e
Pod events
Shift+e
Namespace events
Ctrl+e
Cluster events
1.6 Authentication
We try to support the various authentication strategies supported by
kubectl
, in order to provide seamless integration with your local setup. Here are the different authentication strategies we support, depending on how you’re using Kubebox:
Executable
Docker
Online
OpenID Connect
✔️
✔️
Amazon EKS
✔️
Digital Ocean
✔️
Google Kubernetes Engine
✔️
If the mode you’re using isn’t supported, you can refresh the authentication token/certs manually and update your kubeconfig file accordingly.
1.7 cAdvisor
Kubebox relies on cAdvisor to retrieve the resource usage metrics. Before version 0.8.0, Kubebox used to access the cAdvisor endpoints, that are embedded in the Kubelet. However, these endpoints are being deprecated, and will eventually be removed, as discussed in kubernetes#68522.
Starting version 0.8.0, Kubebox expects cAdvisor to be deployed as a DaemonSet. This can be achieved with:
It’s recommended to use the provided
cadvisor.yaml
file, that’s tested to work with Kubebox. However, the DaemonSet example, from the cAdvisor project, should also work just fine. Note that the cAdvisor containers must run with a privileged security context, so that they can access the container runtime on each node.You can change the default
--storage_duration
and--housekeeping_interval
options, added to the cAdvisor container arguments declared in thecadvisor.yaml
file, to adjust the duration of the storage moving window (default to5m0s
), and the sampling period (default to10s
) respectively. You may also have to provide the path of your cluster container runtime socket, in case it’s not following the usual convention.
1.8 FAQ
Resources usage metrics are unavailable!
The metrics are retrieved from the REST API, of the cAdvisor pod running on the same node as the container for which the metrics are being requested. That REST API is accessed via the API server proxy, which requires proper RBAC permission, e.g.:
2. Kubernetes Operational View
Kubernetes Operational View?
Goal: provide a common operational picture for multiple Kubernetes clusters.
Render nodes and indicate their overall status ("Ready")
Show node capacity and resource usage (CPU, memory)
Render one "box" per CPU and fill up to sum of pod CPU requests/usage
Render vertical bar for total memory and fill up to sum of pod memory requests/usage
Render individual pods
Indicate pod status by border line color (green: ready/running, yellow: pending, red: error etc)
Show current CPU/memory usage (gathered from Heapster) by small vertical bars
System pods ("kube-system" namespace) will be grouped together at the bottom
Provide tooltip information for nodes and pods
Animate pod creation and termination
What it is not:
It's not a replacement for the Kubernetes Dashboard. The Kubernetes Dashboard is a general purpose UI which allows managing applications.
It's not a monitoring solution. Use your preferred monitoring system to alert on production issues.
It's not a operation management tool. Kubernetes Operational View does not allow interacting with the actual cluster.
2.1 Kubernetes Operational View Install
2.2 Kubernetes Operational View 실행 화면
2.2.1 실행 화면
2.2.2 Pod Mouse Point over
2.2.3 화면 크게 하기
http://ServiceIP/#scale=2.0 로 화면 크기를 늘림.
2.3 Development & Building
2.3.1 Development
The app can be started in "mock mode" to work on UI features without running any Kubernetes cluster:
2.3.2 Building
The provided
Makefile
will generate a Docker image by default:
2.4 Multiple Clusters
Multiple clusters are supported by passing a list of API servers, reading a kubeconfig file or pointing to an HTTP Cluster Registry endpoint.
See the documentation on multiple clusters for details.
2.5 Configuration
The following environment variables are supported:
AUTHORIZE_URL
Optional OAuth 2 authorization endpoint URL for protecting the UI.
ACCESS_TOKEN_URL
Optional token endpoint URL for the OAuth 2 Authorization Code Grant flow.
SCOPE
Optional scope specifies level of access that the application is requesting.
CLUSTERS
Comma separated list of Kubernetes API server URLs. It defaults to
http://localhost:8001/
(default endpoint ofkubectl proxy
).CLUSTER_REGISTRY_URL
URL to cluster registry returning list of Kubernetes clusters.
CREDENTIALS_DIR
Directory to read (OAuth) credentials from --- these credentials are only used for non-localhost cluster URLs.
DEBUG
Set to "true" for local development to reload code changes.
KUBECONFIG_PATH
Path to kubeconfig file to use for cluster access.
KUBECONFIG_CONTEXTS
Comma separated list of contexts to use when reading the kubeconfig file from
KUBECONFIG_PATH
.MOCK
Set to "true" to mock Kubernetes cluster data.
QUERY_INTERVAL
Interval in seconds for querying clusters (default: 5). Each cluster will at most queried once per configured interval.
REDIS_URL
Optional Redis server to use for pub/sub events and job locking when running more than one replica. Example:
redis://my-redis:6379SERVER_PORT
HTTP port to listen on. It defaults to
8080
.NODE_LINK_URL_TEMPLATE
Template to make Nodes clickable, e.g. can point to kube-web-view.
{cluster}
(cluster ID) and{name}
(Node name) will be replaced in the URL template.POD_LINK_URL_TEMPLATE
Template to make Pods clickable, e.g. can point to kube-web-view.
{cluster}
(cluster ID),{namespace}
(Pod's namespace), and{name}
(Pod name) will be replaced in the URL template.ROUTE_PREFIX
The URL prefix under which kube-ops-view is externally reachable (for example, if kube-ops-view is served via a reverse proxy). Used for generating relative and absolute links back to kube-ops-view itself. If the URL has a path portion, it will be used to prefix all HTTP endpoints served by kube-ops-view. If omitted, relevant URL components will be derived automatically.
2.6 Supported Browsers
The UI uses WebGL, ECMAScript 6, and EventSource features. The following browsers are known to work:
Chrome/Chromium 53.0+
Mozilla Firefox 49.0+
See the ECMAScript 6 Compatibility Table for details on supported browser versions.
2.7 License
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/.
3. NHN Kubernetes Service(NKS) DashBoard
NHN Kubernetes Service(NKS) 는 기본 웹 UI 대시보드(dashboard)를 제공합니다. Kubernetes 대시보드에 대한 자세한 내용은 웹 UI (대시보드) 문서를 참고하세요.
3.1 NHN Kubernetes Service(NKS) DashBoard Install
Manager 서버에서 아래의 쉘(nhn_cloud_dash.sh) 파일을 이용하여 실행 하면 대시보드에 접속이 가능합니다.
3.2 NHN Kubernetes Service(NKS) DashBoard 접속 확인
크롬을 이용하여 https://133.186.219.13 으로 접속
접속아이피는 설정에 따라 변함
접속 할 때 토큰 정보를 입력 하여 로그인
정상적으로 로그인 후 다양한 정보를 확인 할 수 있습니다.
4. WeaveScope
Weave Scope automatically generates a map of your application, enabling you to intuitively understand, monitor, and control your containerized, microservices-based application.
Ensure your computer is behind a firewall that blocks.
Understand your Docker containers in real timeChoose an overview of your container infrastructure, or focus on a specific microservice. Easily identify and correct issues to ensure the stability and performance of your containerized applications.
Contextual details and deep linkingView contextual metrics, tags, and metadata for your containers. Effortlessly navigate between processes inside your container to hosts your containers run on, arranged in expandable, sortable tables. Easily find the container using the most CPU or memory for a given host or service.
Interact with and manage containersInteract with your containers directly: pause, restart, and stop containers. Launch a command line. All without leaving the scope browser window.
Extend and customize via pluginsAdd custom details or interactions for your hosts, containers, and/or processes by creating Scope plugins. Or, just choose from some that others have already written at the GitHub Weaveworks Scope Plugins organization.
4.1 WeaveScope Install
Manager 서버에서 쉘(nhn_cloud_weavescope.sh) 파일을 이용하여 실행 하면 Weavescope 의 웹 페이지에 접속이 가능합니다.
4.2 WeaveScope 크롬 접속 확인
4.3 License
Scope is licensed under the Apache License, Version 2.0. See LICENSE for the full license text. Find more details about the licenses of vendored code in VENDORED_CODE.md.
2022년 NHN Cloud 무료 교육일정 : https://doc.skill.or.kr/2022-NHN-Cloud-Education
NHN Cloud 사용자 가이드 : https://doc.skill.or.kr/nhn-cloud-user-guide
2022년 NHN Cloud 행사/프로모션 정보 공유 : https://doc.skill.or.kr/2022-NHN-Cloud-Event-Promotion
Last updated