-
Notifications
You must be signed in to change notification settings - Fork 30
Kubernetes Dashboard
- Getting Started
- Accessing the dashboard
- Opening the dashboard
- Authenticating dashboard
- Generating bearer token
Run the following command to deploy the dashboard:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yamlNote: The K8s Dashboard URL may change in the future. If the following command doesn’t work, please make sure to visit the Kubernetes Dashboard repo and confirm the new URL.
Check if your dashboard is running by executing the following command.
kubectl -n kube-system get pod | grep dashboard --colorYou should see a kubernetes-dashboard pod with the status running.
kubernetes-dashboard-5f7b999d65-pkkrt 1/1 Running 0 16m
By default, the Dashboard isn’t accessible outside the cluster. To access Dashboard from your PC you must create a secure channel to your Kubernetes cluster. Run the following command from your Mac:
kubectl proxy &It will proxy the server between your PC and Kubernetes API server.
Now, to view the dashboard in the browser, navigate to the following address in the browser of your Master VM:
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
You’ll be taken to the Kubernetes Dashboard authentication page, we will need to create a service account for the dashboard.
Copy following code snippets to dashboard.yaml file
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
Now, run the following command to create a service account for a dashboard:
kubectl apply -f dashboard.yaml
Copy the secret token required for your dashboard login using the below command:
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
It should print something like:
Name: admin-user-token-6gl6l
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=admin-user
kubernetes.io/service-account.uid=b16afba9-dfec-11e7-bbb9-901b0e532516
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY
Now copy the token and paste it into Enter token field on log in screen and Click Sign in button
Note: If you receive any expired token errors, you can always run the following from your local machine to get a new token from the k8s-master:
ssh core@$MASTER_IP sudo kubeadm token create
The default Token expiration time is 900 seconds, which is 15 minutes, which means you have to get a new token every 15 minutes.
You can change default time by adding token-ttl parameter, run the following command to modify the yaml file that creates the Dashboard and recreate it.
kubectl edit deployment kubernetes-dashboard -n kube-system
ports:
- containerPort: 8443
protocol: TCP
args:
- --auto-generate-certificates
- --token-ttl=43200