Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Installation

Execute the following steps on master node

1) Create certificate

ubuntu@k8s-s1-master:~$ mkdir certs
ubuntu@k8s-s1-master:~$ cd certs/
ubuntu@k8s-s1-master:~/certs$ openssl genrsa -des3 -passout pass:x -out dashboard.pass.key 2048
Generating RSA private key, 2048 bit long modulus
......+++
........................+++
e is 65537 (0x10001)
ubuntu@k8s-s1-master:~/certs$ ll
total 12
drwxrwxr-x 2 ubuntu ubuntu 4096 Feb  2 15:51 ./
drwxr-xr-x 8 ubuntu ubuntu 4096 Feb  2 15:48 ../
-rw-rw-r-- 1 ubuntu ubuntu 1751 Feb  2 15:51 dashboard.pass.key
ubuntu@k8s-s1-master:~/certs$ openssl rsa -passin pass:x -in dashboard.pass.key -out dashboard.key
writing RSA key
ubuntu@k8s-s1-master:~/certs$
ubuntu@k8s-s1-master:~/certs$
ubuntu@k8s-s1-master:~/certs$ ll
total 16
drwxrwxr-x 2 ubuntu ubuntu 4096 Feb  2 15:51 ./
drwxr-xr-x 8 ubuntu ubuntu 4096 Feb  2 15:48 ../
-rw-rw-r-- 1 ubuntu ubuntu 1679 Feb  2 15:51 dashboard.key
-rw-rw-r-- 1 ubuntu ubuntu 1751 Feb  2 15:51 dashboard.pass.key
ubuntu@k8s-s1-master:~/certs$ rm dashboard.pass.key
ubuntu@k8s-s1-master:~/certs$ openssl req -new -key dashboard.key -out dashboard.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:CA
State or Province Name (full name) [Some-State]:ONTARIO
Locality Name (eg, city) []:OTTAWA
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AMDOCS
Organizational Unit Name (eg, section) []:R&D
Common Name (e.g. server FQDN or YOUR name) []:REZA
Email Address []:myname@amdocs.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
ubuntu@k8s-s1-master:~/certs$ ll
total 16
drwxrwxr-x 2 ubuntu ubuntu 4096 Feb  2 15:53 ./
drwxr-xr-x 8 ubuntu ubuntu 4096 Feb  2 15:48 ../
-rw-rw-r-- 1 ubuntu ubuntu 1037 Feb  2 15:53 dashboard.csr
-rw-rw-r-- 1 ubuntu ubuntu 1679 Feb  2 15:51 dashboard.key
ubuntu@k8s-s1-master:~/certs$ openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
Signature ok
subject=/C=CA/ST=ONTARIO/L=OTTAWA/O=AMDOCS/OU=R&D/CN=REZA/emailAddress=myname@amdocs.com
Getting Private key
ubuntu@k8s-s1-master:~/certs$
ubuntu@k8s-s1-master:~/certs$ ll
total 20
drwxrwxr-x 2 ubuntu ubuntu 4096 Feb  2 15:53 ./
drwxr-xr-x 8 ubuntu ubuntu 4096 Feb  2 15:48 ../
-rw-rw-r-- 1 ubuntu ubuntu 1273 Feb  2 15:53 dashboard.crt
-rw-rw-r-- 1 ubuntu ubuntu 1037 Feb  2 15:53 dashboard.csr
-rw-rw-r-- 1 ubuntu ubuntu 1679 Feb  2 15:51 dashboard.key
ubuntu@k8s-s1-master:~/certs$


ubuntu@k8s-s5-master:~/certs$ kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system
secret "kubernetes-dashboard-certs" created
ubuntu@k8s-s5-master:~/certs$


2) Install kubernetes dashboard service

ubuntu@k8s-s1-master:~$ kubectl  apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml
serviceaccount "kubernetes-dashboard" created
role "kubernetes-dashboard-minimal" created
rolebinding "kubernetes-dashboard-minimal" created
deployment "kubernetes-dashboard" created
service "kubernetes-dashboard" created
ubuntu@k8s-s1-master:~


3) Modify kubernetes dashboard service

ubuntu@k8s-s5-master:~/certs$ kubectl -n kube-system get service kubernetes-dashboard
NAME                   TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
kubernetes-dashboard   ClusterIP   10.108.52.94    <none>        80/TCP    57s
ubuntu@k8s-s5-master:~/certs$ 

ubuntu@k8s-s1-master:~$ kubectl -n kube-system edit service kubernetes-dashboard
#Change spec.type from ClusterIP to NodePort  and save.


4) Check port on which Dashboard was exposed

ubuntu@k8s-s1-master:~$ kubectl -n kube-system get service kubernetes-dashboard
NAME                   TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)        AGE
kubernetes-dashboard   NodePort   10.108.52.94   <none>        80:30830/TCP   2h
ubuntu@k8s-s1-master:~$


#here it is 30830

Web-based Interface

5) Navigate to UI via a browser

Use the master node ip address and the exposed port :http://<master-node-ip-address>:<exposed-port>


6) Grant full admin privilages to Dashboard Service Account

The browser does not ask for credentials to login. The default user is "system:serviceaccount:kube-system:kubernetes-dashboard" , which does not have access to the default namespace.

To fix this, create a new "ClusterRoleBinding" and provide privilages to Dashboard Service Account.

Create the following yaml file and deploy it. 

dashboard-admin.yaml
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system




~$ kubectl create -f dashboard-admin.yaml
clusterrolebinding "kubernetes-dashboard" created
~$


7) Navigate to UI via a browser

You can access the browser , without any credentials. 

Monitoring SDN-C Site Health

The Kubernetes dashboard GUI can be used to monitor the health of components of the SDN-C site by changing the Namespace to 'onap-sdnc'.

In order to see the status of each pod in the site, select the 'Pods' pane (under the 'Workloads' heading). You can also use the following URL: http://server:31497/#!/pod?namespace=onap-sdnc

When a pod fails, the GUI will show that fact:

Selecting the 'Overview' pane will allow a less specific view of the failure:

The operator of the site can use this information to help determine when a manual failover to the remote site is required. Normally, a failover would be desired when there is a lack of redundancy available for a component, such as when only one database is available or when only one ODL is available. The operator would first want to determine whether the site that has experienced the outage(s) is the 'active' site by running the '/opt/sdnc/geor/sdnc.cluster' script.

Limitations


  • No labels