Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

...

...

...

...

...

...

Table of Contents
maxLevel1

Installation

Execute the following steps on master node

1) Create certificate

Code Block
ubuntu@k8s-s1-master:~$ mkdir certs
ubuntu@k8s-s1-master:~$ cd certs/
ubuntu@k8s-s1-master:~/certs$ openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
Generating RSA private key, 2048 bit long modulus
......+++
........................+++
e is 65537 (0x10001)
ubuntu@k8s-s1-master:~/certs$ ll
total 12
drwxrwxr-x 2 ubuntu ubuntu 4096 Feb  2 15:51 ./
drwxr-xr-x 8 ubuntu ubuntu 4096 Feb  2 15:48 ../
-rw-rw-r-- 1 ubuntu ubuntu 1751 Feb  2 15:51 dashboard.pass.key
ubuntu@k8s-s1-master:~/certs$ openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
writing RSA key
ubuntu@k8s-s1-master:~/certs$
ubuntu@k8s-s1-master:~/certs$
ubuntu@k8s-s1-master:~/certs$ ll
total 16
drwxrwxr-x 2 ubuntu ubuntu 4096 Feb  2 15:51 ./
drwxr-xr-x 8 ubuntu ubuntu 4096 Feb  2 15:48 ../
-rw-rw-r-- 1 ubuntu ubuntu 1679 Feb  2 15:51 dashboard.key
-rw-rw-r-- 1 ubuntu ubuntu 1751 Feb  2 15:51 dashboard.pass.key
ubuntu@k8s-s1-master:~/certs$ rm dashboard.pass.key
ubuntu@k8s-s1-master:~/certs$ openssl req -new -key dashboard.key -out dashboard.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:ONTARIO
Locality Name (eg, city) []:OTTAWA
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AMDOCS
Organizational Unit Name (eg, section) []:R&D
Common Name (e.g. server FQDN or YOUR name) []:REZA
Email Address []:myname@amdocs.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
ubuntu@k8s-s1-master:~/certs$ ll
total 16
drwxrwxr-x 2 ubuntu ubuntu 4096 Feb  2 15:53 ./
drwxr-xr-x 8 ubuntu ubuntu 4096 Feb  2 15:48 ../
-rw-rw-r-- 1 ubuntu ubuntu 1037 Feb  2 15:53 dashboard.csr
-rw-rw-r-- 1 ubuntu ubuntu 1679 Feb  2 15:51 dashboard.key
ubuntu@k8s-s1-master:~/certs$ openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
Signature ok
subject=/C=CA/ST=ONTARIO/L=OTTAWA/O=AMDOCS/OU=R&D/CN=REZA/emailAddress=myname@amdocs.com
Getting Private key
ubuntu@k8s-s1-master:~/certs$
ubuntu@k8s-s1-master:~/certs$ ll
total 20
drwxrwxr-x 2 ubuntu ubuntu 4096 Feb  2 15:53 ./
drwxr-xr-x 8 ubuntu ubuntu 4096 Feb  2 15:48 ../
-rw-rw-r-- 1 ubuntu ubuntu 1273 Feb  2 15:53 dashboard.crt
-rw-rw-r-- 1 ubuntu ubuntu 1037 Feb  2 15:53 dashboard.csr
-rw-rw-r-- 1 ubuntu ubuntu 1679 Feb  2 15:51 dashboard.key
ubuntu@k8s-s1-master:~/certs$


ubuntu@k8s-s5-master:~/certs$ kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system
secret "kubernetes-dashboard-certs" created
ubuntu@k8s-s5-master:~/certs$

...

Code Block
ubuntu@k8s-s5-master:~/certs$ kubectl -n kube-system get service kubernetes-dashboard
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
kubernetes-dashboard   ClusterIP   10.108.52.94    <none>        80/TCP    57s
ubuntu@k8s-s5-master:~/certs$ 

ubuntu@k8s-s1-master:~$ kubectl -n kube-system edit service kubernetes-dashboard
#Change value for spec.type from "ClusterIP" to "NodePort" . andThen save. the file (:wq)


4) Check port on which Dashboard was exposed

Code Block
ubuntu@k8s-s1-master:~$ kubectl -n kube-system get service kubernetes-dashboard
NAME                   TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
kubernetes-dashboard   NodePort   10.108.52.94   <none>        80:30830/TCP   2h
ubuntu@k8s-s1-master:~$


#here it is 30830

Web-based Interface

5) Navigate to UI via a browser

Use the master node ip address and the exposed port :http://<master-node-ip-address>:<exposed-port>


6) Grant full admin privilages to Dashboard Service Account

The browser does not ask for credentials to login. The default user is "system:serviceaccount:kube-system:kubernetes-dashboard" , which does not have access to the default namespace.

To fix this, create a new "ClusterRoleBinding" and provide privilages to Dashboard Service Account.

...

Code Block
titledashboard-admin.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind:
ClusterRoleBinding
metadata:~$ kubectl apply name: kubernetes-dashboardf   labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system




~$ kubectl create -f dashboard-admin.yaml
https://raw.githubusercontent.com/shdowofdeath/dashboard/master/rolebindingdashboard.yaml 
clusterrolebinding "kubernetes-dashboard" created
~$


7) Navigate to UI via a browser

You can access the browser , without any credentials. 

Monitoring SDN-C Site Health

The Kubernetes dashboard GUI can be used to monitor the health of components of the SDN-C site by changing the Namespace to 'onap-sdnc'the namespace SDN-C is created in.

In order to see the status of each pod in the site, select the 'Pods' pane (under the 'Workloads' heading). You can also use the following URL: http://server:31497/#!/pod?namespace=onap-sdnc.

When a pod fails, the GUI will show that fact.

e.g. An ODL outage:

e.g. A database outage:

Image Added

Selecting the 'Overview' pane will allow a less specific view of the failurefailures:

If an application inside a pod, such as the ODL, dies or is stopped, the pod itself will be recreated so the outage will be seen as with a pod outage.

The operator of the site can use this information to help determine when a manual failover to the remote site is required. Normally, a failover would be desired when there is a lack of redundancy available for a component, such as when only one database is available or when only one ODL is available. The operator would first want to determine whether the site that has experienced the outage(s) is the 'active' site by running the '/optdockerdata-nfs/sdnccluster/georscript/sdnc.cluster' script.

...