Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

NOTE: applicable for test sytems, otherwise consider security implications

https://github.com/kubernetes/dashboard


Installation

On a node with kubectl:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-rc1/aio/deploy/recommended.yaml
# verifiy
ubuntu@sb4-rancher:~/rke$ kubectl get pods -n kubernetes-dashboard
NAME                                         READY     STATUS    RESTARTS   AGE
dashboard-metrics-scraper-769d6ffc98-c7kjg   1/1       Running   0          78m
kubernetes-dashboard-67659748c4-h7nnp        1/1       Running   0          7m58s

Enhance the service for external access

cat > k8s-dashboard-service << EOF
---
# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 31115
  selector:
    k8s-app: kubernetes-dashboard

EOF
kubectl apply -f k8s-dashboard-service

Create user token

kubectl create serviceaccount dashboard-admin-sa
kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa
kubectl get secrets
NAME                             TYPE                                  DATA      AGE
dashboard-admin-sa-token-s4fcf   kubernetes.io/service-account-token   3         46m
kubectl describe secret dashboard-admin-sa-token-s4fcf
Name:         dashboard-admin-sa-token-s4fcf
Namespace:    default
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=dashboard-admin-sa
              kubernetes.io/service-account.uid=4335b434-32f9-11ea-9983-fa163e3fac12

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1017 bytes
namespace:  7 bytes
token:      eyJhbGci......


open browser and insert token

https://<node>:31115



In case of invalid cert error

#create new certs
mkdir certs
openssl req -nodes -newkey rsa:2048 -keyout certs/dashboard.key -out certs/dashboard.csr -subj "/C=/ST=/L=/O=/OU=/CN=kubernetes-dashboard"
openssl x509 -req -sha256 -days 365 -in certs/dashboard.csr -signkey certs/dashboard.key -out certs/dashboard.crt
#update certs
kubectl delete secret kubernetes-dashboard-certs  -n kubernetes-dashboard
kubectl create secret generic kubernetes-dashboard-certs --from-file=certs -n kubernetes-dashboard
# recreate pde
kubectl get pods -n kubernetes-dashboard
NAME                                         READY     STATUS    RESTARTS   AGE
dashboard-metrics-scraper-769d6ffc98-c7kjg   1/1       Running   0          89m
kubernetes-dashboard-67659748c4-h7nnp        1/1       Running   0          19m
kubectl delete pod/kubernetes-dashboard-67659748c4-ssv9d -n kubernetes-dashboard
  • No labels