Install Kubernetes Dashboard
The Kubernetes Dashboard has helped me a TON with debugging issues with my applications. Of course, it is very much possible to get the same info using the kubernetes CLI, but the dashboard just makes it very simple.
Install The Kubernetes Dashboard
We will be installing the Dashboard using the recommended manifest file provided by Kubernetes. Keep in mind, in the future you will need to replace the version(currently 2.5.1) with the latest version found on the release page: https://github.com/kubernetes/dashboard/releases
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
Create Admin user
We’ll now create an admin-user to login to the dashboard. Keep in mind, this user will have administrator privleges
-
We’ll first start off by creating the dashboard directory in `~/k3s/' folder.
$ mkdir -p ~/k3s/dashboard/ -
We’re now ready to create the Service Account. Input the code below into a yaml file. I’ve gone with dashboardadmin.yaml
apiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard -
Next we’ll create the ClusterRolebinding. Paste the code below into a yaml file. I’ve gone with dashboardrbac.yaml
apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboard -
Now we’re ready to apply these two manifest files:
$ cd ~/k3s/dashboard/ $ kubectl apply -f dashboardadmin.yaml serviceaccount/admin-user created $ kubectl apply -f dashboardrbac.yaml clusterrolebinding.rbac.authorization.k8s.io/admin-user created
Getting the bearer Token
Before we can access the dashboard, We’ll need to grab the Bearer Token:
$ kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
The above command should output something like the following:
eyJhbGciOiJSUzI1NiIsImtpZCI6IjZWa2RNYzd4enN5cFotVUlPNkJQaERKZ081ZFVOdE96ekxlaUZvOVdOLUUifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTJxYjZ0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwNjg3MGU2Mi00Y2EyLTRhN2QtODkxZi01NGQ3NWFiN2I1MDkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.GwVtSohAHcUZSYfkxUyCDiQePtxttMlH0ZG6GZ3_xRr9KWSA_SpcRAVyROOnB6ZRvj_rXgABFRofbor4tvBVXhke6xFhxeOttiLsygoj5pJJR8JecvZf7vEvx0N-c69zhl-bQtzP6_uPiKJr8xCqgYvHmmT67UYb1Yo8rOnD5XsOBPJKMkQSA8__4_fvl6eYQf-HgXbd9u8CipopMOZ5-Ux_6YGSpL2ciHA7gIwTHVltisOdZl6atNAHYJWx_yQadETcGY_l2j1ZKkdxZJvo9t6j6v1ZZaXDrlxYW99DuvSZwHF0qfCrpN0J4eudenPUt0ED_6ypK7CMrKbvKbKeug
At this point, we have two way’s of accessing the dashboard. The first is by proxying and the other is by exposing the service to outside the cluster.
-
Proxy:
In order to be able to do this, you’d need to have copied the config file from /etc/rancher/k3s/k3s.yaml into your local computer’s ~/.kube/config. If you haven’t done this, go to http://192.168.122.157:8080/kubernetes/learn_by_doing/install_k3s_agent/ and follow the instructions outlined in Step 3.2
Once you’ve done this, run the following command:
$ kubectl proxyTo be able to access the dashboard, we’ll now want to go to our browswer and type in the following: https://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
For authentication Method, we’ll chose Token and use the bearer token we got from above
-
Create A Service:
Going this route, we’ll expose the app on port 443. First let’s create a yaml file in the
~/k3s/dashboarddirectory. I’ve named this file dashboardsvc.yaml and inputted the code below:kind: Service apiVersion: v1 metadata: labels: k8s-app: kubernetes-dashboard name: kubernetes-dashboard-external namespace: kubernetes-dashboard spec: ports: - port: 443 protocol: TCP targetPort: 8443 type: LoadBalancer selector: k8s-app: kubernetes-dashboardnext we’ll want to apply this yaml file:
$ kubectl apply -f dashboardsvc.yamlWe can confirm the dashboard app has been exposed by running the following command:
$ kubectl get svc -n kubernetes-dashboard -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.43.147.43 <none> 8000/TCP 92m kubernetes-dashboard ClusterIP 10.43.195.218 <none> 443/TCP 92m kubernetes-dashboard-external LoadBalancer 10.43.154.145 192.168.122.200 443:31855/TCP 7m20sIn the above, we can see the application is exposed on port 443 at IP 192.168.122.200. We can login to the dashboard at the specified IP Address and Port. Keep in mind, that port 443 is the default port for https traffic, so we only need to specify https in the url and not the port(though we could!). In this example, we’ll simply go to https://192.168.122.200/#/login and login with Token method using the bearer token we got above