by Anish
Posted on Thursday July 12, 2018
This sample chapter extracted from the book, Kubernetes for DevOps .
Get this book on Just $9 or Ask Author for Discount
Dashboard is a web-based Kubernetes user interface. You can use Dashboard to deploy containerized applications to a Kubernetes cluster, troubleshoot your containerized application, and manage the cluster itself along with its attendant resources. These are the required steps to to bring up the kubernetes Dashboard
If you have a $HOME/.kube/config file, and it's not listed in your KUBECONFIG environment variable, then do the following.
export KUBECONFIG=/etc/kubernetes/admin.conf
To deploy run the following command:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended/kubernetes-dashboard.yaml
The output
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
Once the Dashboard is created verify the svc/deployments are up and running
kubectl get services -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP 1m
kubernetes-dashboard ClusterIP 10.101.22.21 <none> 443/TCP 8s
RUn the following command to view the svc info
kubectl describe svc/kubernetes-dashboard -n kube-system
kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system kubernetes-dashboard-6948bdb78-76686 1/1 Running 0 7m
You can grant full admin privileges to Dashboard's Service Account by creating below ClusterRoleBinding. Copy the YAML file based on chosen installation method and save as, i.e. dashboard-admin.yaml. Use
kubectl create -f dashboard-admin.yaml
cat dashboard-admin.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard
labels:
k8s-app: kubernetes-dashboard
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kube-system
root@kube-master:/home/ansible# kubectl create -f dashboard-admin.yaml
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
Using Skip option will make Dashboard use privileges of Service Account used by Dashboard.
Set the proxy
kubectl proxy --address 0.0.0.0 --accept-hosts '.*'
Starting to serve on [::]:8001
Access the Kubernetes dashboard
http://<IP>:<PORT>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
Create a new ServiceAccount
kubectl create serviceaccount k8sadmin -n kube-system
serviceaccount/k8sadmin created
Create a ClusterRoleBinding with Cluster Admin Privileges
kubectl create clusterrolebinding k8sadmin --clusterrole=cluster-admin --serviceaccount=kube-system:k8sadmin
clusterrolebinding.rbac.authorization.k8s.io/k8sadmin created
Get the token
kubectl get secret -n kube-system | grep k8sadmin | cut -d " " -f1 | xargs -n 1 | xargs kubectl get secret -o 'jsonpath={.data.token}' -n kube-system | base64 --decode
The outout will be base64 decoded Token
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9
Use this token to login to kubernetes dashbaord
check from where the service needs to be deleted daemonsets,replicasets,services,deployments,pods,rc --all
kubectl delete replicasets/kubernetes-dashboard -n kube-system
kubectl delete svc/kubernetes-dashboard -n kube-system
kubectl delete deployments/kubernetes-dashboard -n kube-system
kubectl -n kube-system delete $(kubectl -n kube-system get pod -o name | grep dashboard)
kubectl edit svc/kubernetes-dashboard -n kube-system
Thanku for reading !!! Give a Share for Support
Instead of directly asking for donations, I'm thrilled to offer you all nine of my books for just $9 on leanpub By grabbing this bundle you not only help cover my coffee, beer, and Amazon bills but also play a crucial role in advancing and refining this project. Your contribution is indispensable, and I'm genuinely grateful for your involvement in this journey!
Any private key value that you enter or we generate is not stored on this site, this tool is provided via an HTTPS URL to ensure that private keys cannot be stolen, for extra security run this software on your network, no cloud dependency