Versions Compared

Old Version 2

changes.mady.by.user Mohammadreza Pasandideh

Saved on

compared with

New Version 3

changes.mady.by.user Mohammadreza Pasandideh

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Execute the following steps on master node

...

Code Block
ubuntu@k8s-s5-master:~/certs$ kubectl -n kube-system get service kubernetes-dashboard
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
kubernetes-dashboard   ClusterIP   10.108.52.94    <none>        80/TCP    57s
ubuntu@k8s-s5-master:~/certs$ 

ubuntu@k8s-s1-master:~$ kubectl -n kube-system edit service kubernetes-dashboard
#Change spec.type from ClusterIP to NodePort  and save.


4) Check port on which Dashboard was exposed

Code Block
ubuntu@k8s-s1-master:~$ kubectl -n kube-system get service kubernetes-dashboard
NAME                   TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
kubernetes-dashboard   NodePort   10.108.52.94   <none>        80:30830/TCP   2h
ubuntu@k8s-s1-master:~$


#here it is 30830


5) Navigate to UI via a browser

Use the master node ip address and the exposed port :http://<master-node-ip-address>:<exposed-port>


6) Fix access privilage issueGrant full admin privilages to Dashboard Service Account

The browser does not ask for credentials to login. The default user is "system:serviceaccount:kube-system:kubernetes-dashboard" , which does not have access to the default namespace.

TODO:

1) Manually add credentials (username/password = admin/admin) to ~/.kube/config on the master nodeTo fix this, create a new "ClusterRoleBinding" and provide privilages to Dashboard Service Account.

Create the following yaml file and deploy it

Code Block
title
ubuntu@k8s-s1-master:~$ kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: REDACTED
server: https://10.147.112.156:6443
name: kubernetes-s1
contexts:
- context:
cluster: kubernetes-s1
user: kubernetes-admin-s1
name: kubernetes-admins1
current-context: kubernetes-admins1
kind: Config
preferences: {}
users:
- name: kubernetes-admin-s1
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
password: admin
username: admin
ubuntu@k8s-s1-master:~$

...

dashboard-admin.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system




~$ kubectl create -f dashboard-admin.yaml
clusterrolebinding "kubernetes-dashboard" created
~$


7) Navigate to UI via a browser

You can access the browser , without any credentials. 

Image Added