Kubernetes Part 8: Install and Configure Kubernetes Dashboard

 


In this blog I will explain how I have installed and configured the Kubernetes  Dashboard on my Rasberry Pi Kubernetes cluster. Kubernetes dashboard is a web UI in which you can manage and troubleshoot your kubernetes cluster via a graphical webinterface. The installation procedure is as follows:

(As usual) make a ssh (putty) connection with your kubernetes master node k8s-master.

- Install Kubernetes Dashboard

You can install the kubernetes dashboard with the following command:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

You need to create an admin user, otherwise you will see a blank kubernetes dashboard, since you don't have access to anything.

- Create admin user and grant appropriate access

Create the dashboard-adminuser.yaml file with the following command:

nano dashboard-adminuser.yaml

Copy and paste the text below and save (Ctrl-O, Ctrl-X) the file in nano.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

Apply the yaml file with the command below, so that the admin user will be created. 

kubectl apply -f dashboard-adminuser.yaml


- Get token to login

As you will see in a later stage you will need to have a token to login to the kubernetes dashboard. You can retrieve the toke with the following command:

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

You then need to copy the token part and paste in a text file (for example in notepad on your windows desktop), so you will need it in a later stage.

It looks something like this:

eyJhbGciOiJSUzI1NiIsImtpZCI6IlJkb1JKZHZWYmRfVUlOWS1Pb0xsZUhPWHA3clg2TVZoNEZyaGNldldRX2cifQ.eyJpc3MiadfafafVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXMyNnJiIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjNGYzMWNiMi1kNDM1LTQxNTItYmYyMC03OTZlODdmOTg4MmQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.WXOxA97DtDPEwmfLK6W2ttyR-oCDafaaJA7VaT9K78so4OUO8jZKUocqHhAPTz-PdBA1xfl_G0ZaT6BkAf_ZTwX39KJLnGqBYaxek4kXq4c3IKvnJpRvuXlrtmv-U23jFLHhhR6zlcsb3_6miEId6sh-TGaV7Osmt64GUDNkr4VkpqleO5BcjsvwUMZZwRzPSQy46PTM2n0s3MAXiOyXLLDQbqqH56V2y5IFGy3qjG6M20znLS6LAtKiZ5sEf4E2KkXs1yo4zNfBRtNVUCmrJduG87hbGYMDHLC6dsN1w1nY8ZdGwj9ukbuK2YEW2z-6AdMrxtuxb0bxrPKCy-htaFg


- Test access via kubectl proxy 

To start kubectl you need to have kubectl installed on your windows desktop as described in my previous blog

So type the following command on your windows desktop

kubectl proxy

The will open a proxy connection to your kubernetes cluster to localhost port 8001.

Next open a browser and copy/past the http address below

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

You will see the following webpage


Now copy the token from notepad text file earlier. You can also retrieve the token on your windows machine via the following powershell command. and copy the token text from the output.

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | sls admin-user | ForEach-Object { $_ -Split '\s+' } | Select -First 1)

Copy the token in the enter token field, and voila ! Your kubernetes dashboard should open (see example below)


- Publish kubernetes dashboard via nginx-ingress with certificate (optional)

If you want to publish the kubernetes dashboard via the ingress controller with a https certificate (see my previous blogs about nginx-ingress and cert-manager). Nginx-ingress and cert-manager should be in-place before applying yaml file below.

I have used the following nginx-ingress.yaml config to publish the kubernetes dashboard via nginx-ingress, so you don't have to use kubectl proxy to access it.

To apply it to the following

- Create a public/private DNS entry for your kubernetes dashboard (for example k8s-dashboard.mydomain.com) 
- SSH (putty) to your k8s-master node
- Type the following commands:

nano dashboard-ingress.yaml

- Cut and past the text below (and adjust the red values to your own) and save it (Ctrl-O and Ctrl-X_

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
  name:  kubernetes-dashboard
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  rules:
  - host: k8s-dashboard.mydomain.com # < change this domain to your own
    http:
      paths:
      - path: /
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 443
  tls: # < placing a host in the TLS config will indicate a cert should be created
  - hosts:
    - k8s-dashboard.mydomain.com
    secretName: k8s-dashboard-mydomain-com-tls # < cert-manager will store the created certificate in this secret.

- Apply the yaml file with the following command

kubectl apply -f dashboard-ingress.yaml

If you have kubectl running in windows, you can also do the procedure above with notepad in stead of nano. 

When the dashboard-ingress.yaml file has been applied and you should be able to access the kubernetes dashboard directly in a browser without starting a kubectl proxy running. It is of course via the address in the yaml file (example https://k8s-dashboard.mydomain.com) 

If you have any questions, do not hesitate to leave a comment below.

More info:
http://www.ntweekly.com/2018/05/25/deploy-kubernetes-web-ui-dashboard-docker-windows/
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md


Comments