Install K8S Dashboard Service

To ease the management, install the standard Kubernetes Dashboard.

Install

Option 1 - Enable minikube addons.

minikube addons enable dashboard
minikube addons list
kubectl get deploy --all-namespaces
kubectl get svc --all-namespaces
echo $(minikube service kubernetes-dashboard  -n kube-system --url)
minikube dashboard

Option 2 - Deploy a spec with Auth Header authentication.

kubectl create -f $DLAHOME/etc/k8s/dashboard/k8s-dashboard/1.10.1/recommended/kubernetes-dashboard.yaml
kubectl proxy --port=8001
open http://localhost:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/#!/login

Option 3 - Deploy a spec with HTTPS.

kubectl create -f $DLAHOME/etc/k8s/dashboard/k8s-dashboard/1.8.3/_dla/k8s-dashboard-ssl.yaml
kubectl proxy
open http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

Option 4 - Deploy a spec with HTTP and Authorization Header.

kubectl create -f $DLAHOME/etc/k8s/dashboard/k8s-dashboard-auth-header.yaml

Option 5 - Deploy via Helm.

helm install k8s-dashboard \
  --namespace kube-system \
  --set=httpPort=3000,resources.limits.cpu=200m,rbac.create=true \
  -n k8s-dashboard

Access Control

Option 1 - Get a Token to Authenticate.

kubectl get secret -n kube-system
kubectl describe secret default-token-lxh6p -n kube-system
openssl genrsa -out ca.key 2048
openssl req -x509 -new -nodes -key ca.key -subj "/CN=${COMMON_NAME}" -days 3650 -out ca.crt
kubectl create secret tls issuer-key --cert=ca.crt --key=ca.key --namespace default
kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system

Option 2 - Admin privileges - IMPORTANT: Make sure that you know what you are doing before proceeding. Granting admin privileges to Dashboard's Service Account might be a security risk. You can grant full admin privileges to Dashboard's Service Account by creating below ClusterRoleBinding. Copy the YAML file based on chosen installation method and save as, i.e. dashboard-admin.yaml. Use kubectl create -f dashboard-admin.yaml to deploy it. Afterwards you can use Skip option on login page to access Dashboard.

cat << EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system
EOF
cat << EOF | kubectl apply -f -
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
EOF
cat << EOF | kubectl apply -f -
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system
EOF
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
echo http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/.
kubectl proxy
# Copy the token and paste it into Enter token field on log in screen.

Option 3 - If you disabled insecure port and enabled kube_api_anonymous_auth: true and enabled webhooks. You can access dashboard with masterip:6443/ui.

kube_api_anonymous_auth: true
kubelet_authentication_token_webhook: true
kubelet_authorization_mode_webhook: true

Access Dashboard

Option 1 - Access via minikube service.

# IP=$(kubectl get svc -n kube-system kubernetes-dashboard -o jsonpath="{.spec.clusterIP}") # How to get the correct IP address?
# PORT=$(kubectl get svc -n kube-system kubernetes-dashboard -o jsonpath="{.spec.ports[0]['nodePort']}")
# open http://$IP:$PORT
open $(minikube service -n kube-system kubernetes-dashboard --url)

Option 2 - Access via kubectl proxy.

kubectl proxy --port=8001
open http://localhost:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/#!/login
open http://localhost:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/#!/overview?namespace=default

Option 3 - Access via port-forward.

export POD_NAME=$(kubectl get pods -n kube-system -l "app=kubernetes-dashboard,release=k8s-dashboard" -o jsonpath="{.items[0].metadata.name}")
echo http://127.0.0.1:9090
kubectl -n kube-system port-forward $POD_NAME 9090:9090

Develop

cd $DLAHOME/repos/k8s-dashboard
echo http://localhost:9090
gulp serve

Compile:

  • Stylesheets are implemented with SASS and compiled to CSS with libsass.
  • JavaScript is implemented in ES6. It is compiled with Babel for development and the Google-Closure-Compiler for production.
  • Go is used for the implementation of the backend. The source code gets compiled into the single binary dashboard.

Run:

  • Frontend is served by BrowserSync. It enables features like live reloading when HTML/CSS/JS change and even synchronize scrolls, clicks and form inputs across multiple devices.
  • Backend is served by the dashboard binary.
  • File watchers listen for source code changes (CSS, JS, GO) and automatically recompile. All changes are instantly reflected, e.g. by automatic process restarts or browser refreshes. The build artifacts are created in a hidden folder (.tmp).
  • After successful execution of gulp local-up-cluster and gulp serve, the following processes should be running (respective ports are given in parentheses):

BrowserSync (9090) ---> Dashboard backend (9091) ---> Kubernetes API server (8080)

# Run Parameters
[ '--heapster-host=',
  '--tls-cert-file=',
  '--tls-key-file=',
  '--auto-generate-certificates=false',
  '--insecure-port=9091',
  '--apiserver-host=http://localhost:8080'
]

Another way to connect to real cluster while developing dashboard is to override default values used by our build pipeline. In order to do that we have introduced two environment variables KUBE_DASHBOARD_APISERVER_HOST and KUBE_DASHBOARD_KUBECONFIG that will be used over default ones when defined.

export KUBE_DASHBOARD_APISERVER_HOST="http://<APISERVER_IP>:<APISERVER_PORT>"
# or
export KUBE_DASHBOARD_KUBECONFIG="<KUBECONFIG_FILE_PATH>"

NOTE: Environment variable KUBE_DASHBOARD_KUBECONFIG has higher priority than KUBE_DASHBOARD_APISERVER_HOST.

Delete

kubectl -n kube-system delete $(kubectl -n kube-system get pod -o name | grep dashboard)

results matching ""

    No results matching ""