In this blog I will explain how I have installed and configured the Kubernetes Dashboard on my Rasberry Pi Kubernetes cluster. Kubernetes dashboard is a web UI in which you can manage and troubleshoot your kubernetes cluster via a graphical webinterface. The installation procedure is as follows:
(As usual) make a ssh (putty) connection with your kubernetes master node k8s-master.
- Install Kubernetes Dashboard
You can install the kubernetes dashboard with the following command:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yamlYou need to create an admin user, otherwise you will see a blank kubernetes dashboard, since you don't have access to anything.
- Create admin user and grant appropriate access
Create the dashboard-adminuser.yaml file with the following command:
nano dashboard-adminuser.yamlCopy and paste the text below and save (Ctrl-O, Ctrl-X) the file in nano.
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
Apply the yaml file with the command below, so that the admin user will be created.
kubectl apply -f dashboard-adminuser.yaml- Get token to login
As you will see in a later stage you will need to have a token to login to the kubernetes dashboard. You can retrieve the toke with the following command:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')You then need to copy the token part and paste in a text file (for example in notepad on your windows desktop), so you will need it in a later stage.
It looks something like this:
eyJhbGciOiJSUzI1NiIsImtpZCI6IlJkb1JKZHZWYmRfVUlOWS1Pb0xsZUhPWHA3clg2TVZoNEZyaGNldldRX2cifQ.eyJpc3MiadfafafVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXMyNnJiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjNGYzMWNiMi1kNDM1LTQxNTItYmYyMC03OTZlODdmOTg4MmQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.WXOxA97DtDPEwmfLK6W2ttyR-oCDafaaJA7VaT9K78so4OUO8jZKUocqHhAPTz-PdBA1xfl_G0ZaT6BkAf_ZTwX39KJLnGqBYaxek4kXq4c3IKvnJpRvuXlrtmv-U23jFLHhhR6zlcsb3_6miEId6sh-TGaV7Osmt64GUDNkr4VkpqleO5BcjsvwUMZZwRzPSQy46PTM2n0s3MAXiOyXLLDQbqqH56V2y5IFGy3qjG6M20znLS6LAtKiZ5sEf4E2KkXs1yo4zNfBRtNVUCmrJduG87hbGYMDHLC6dsN1w1nY8ZdGwj9ukbuK2YEW2z-6AdMrxtuxb0bxrPKCy-htaFg
- Test access via kubectl proxy
To start kubectl you need to have kubectl installed on your windows desktop as described in my previous blog.
So type the following command on your windows desktop
kubectl proxyThe will open a proxy connection to your kubernetes cluster to localhost port 8001.
Next open a browser and copy/past the http address below
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
You will see the following webpage
Now copy the token from notepad text file earlier. You can also retrieve the token on your windows machine via the following powershell command. and copy the token text from the output.
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | sls admin-user | ForEach-Object { $_ -Split '\s+' } | Select -First 1)Copy the token in the enter token field, and voila ! Your kubernetes dashboard should open (see example below)
- Publish kubernetes dashboard via nginx-ingress with certificate (optional)
If you want to publish the kubernetes dashboard via the ingress controller with a https certificate (see my previous blogs about nginx-ingress and cert-manager). Nginx-ingress and cert-manager should be in-place before applying yaml file below.
I have used the following nginx-ingress.yaml config to publish the kubernetes dashboard via nginx-ingress, so you don't have to use kubectl proxy to access it.
To apply it to the following
- Create a public/private DNS entry for your kubernetes dashboard (for example k8s-dashboard.mydomain.com)
- SSH (putty) to your k8s-master node
- Type the following commands:
nano dashboard-ingress.yaml- Cut and past the text below (and adjust the red values to your own) and save it (Ctrl-O and Ctrl-X_
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
rules:
- host: k8s-dashboard.mydomain.com # < change this domain to your own
http:
paths:
- path: /
backend:
serviceName: kubernetes-dashboard
servicePort: 443
tls: # < placing a host in the TLS config will indicate a cert should be created
- hosts:
- k8s-dashboard.mydomain.com
secretName: k8s-dashboard-mydomain-com-tls # < cert-manager will store the created certificate in this secret.- Apply the yaml file with the following command
kubectl apply -f dashboard-ingress.yamlIf you have kubectl running in windows, you can also do the procedure above with notepad in stead of nano.
When the dashboard-ingress.yaml file has been applied and you should be able to access the kubernetes dashboard directly in a browser without starting a kubectl proxy running. It is of course via the address in the yaml file (example https://k8s-dashboard.mydomain.com)
If you have any questions, do not hesitate to leave a comment below.
More info:
http://www.ntweekly.com/2018/05/25/deploy-kubernetes-web-ui-dashboard-docker-windows/
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
Comments
Post a Comment