Dashboard is a web-based Kubernetes user interface. You can use Dashboard to deploy containerized applications to a Kubernetes cluster, troubleshoot your containerized application, and manage the cluster resources. You can use Dashboard to get an overview of applications running on your cluster, as well as for creating or modifying individual Kubernetes resources (such as Deployments, Jobs, DaemonSets, etc). For example, you can scale a Deployment, initiate a rolling update, restart a pod or deploy new applications using a deploy wizard.
A configuration directory layout used in this page is shown as follows:
> kubernetes
> config <- configurations
> dashboard <- dashboard repository
> patches <- patchesInstalling Dashboard
Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself.
To deploy Kubernetes Dashboard, follow this steps:
-
Deploy Metrics Server
wget -O config/metrics-server.yaml https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml kubectl apply -f config/metrics-server.yamlserviceaccount/metrics-server created clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created clusterrole.rbac.authorization.k8s.io/system:metrics-server created rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created service/metrics-server created deployment.apps/metrics-server created apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created -
Clone Kubernetes Dashboard repository
git clone https://github.com/kubernetes/dashboard.git -
Apply dashboard patch
Kubernetes Dashboard needs to be patched to remove TLS certificate, so it will use wilcard TLS provided by Nginx Ingress Controller. Also Kubernetes Dashboard host will be changed from
localhosttodashboard.kubernetes.localand then it will be exposed using reverse proxy.vi patches/kubernetes-dashboard.patchdiff --git a/charts/kubernetes-dashboard.yaml b/charts/kubernetes-dashboard.yaml index cf730f70e..784617929 100644 --- a/charts/kubernetes-dashboard.yaml +++ b/charts/kubernetes-dashboard.yaml @@ -25,23 +25,6 @@ metadata: --- -################################ -### cert-manager -################################ - -apiVersion: cert-manager.io/v1 -kind: Issuer -metadata: - name: selfsigned - namespace: kubernetes-dashboard - labels: - app.kubernetes.io/name: certmanager - app.kubernetes.io/part-of: kubernetes-dashboard -spec: - selfSigned: {} - ---- - ################################ ### Service Accounts ################################ @@ -247,15 +230,13 @@ metadata: app.kubernetes.io/part-of: kubernetes-dashboard annotations: nginx.ingress.kubernetes.io/ssl-redirect: "true" - cert-manager.io/issuer: selfsigned spec: ingressClassName: nginx tls: - hosts: - - localhost - secretName: kubernetes-dashboard-certs + - dashboard.kubernetes.local rules: - - host: localhost + - host: dashboard.kubernetes.local http: paths: - path: /cd dashboard && git apply ../patches/kubernetes-dashboard.patch -
Deploy dashboard
kubectl apply -f dashboard/charts/kubernetes-dashboard.yamlnamespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created secret/kubernetes-dashboard-certs created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created service/kubernetes-dashboard-web created service/kubernetes-dashboard-api created service/kubernetes-dashboard-metrics-scraper created ingress.networking.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard-api created deployment.apps/kubernetes-dashboard-web created deployment.apps/kubernetes-dashboard-metrics-scraper created -
Create a user to authenticate with dashboard
vi config/dashboard-adminuser.yamlapiVersion: v1 kind: ServiceAccount metadata: name: admin-user namespace: kubernetes-dashboard --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: admin-user roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: admin-user namespace: kubernetes-dashboardkubectl apply -f config/dashboard-adminuser.yamlserviceaccount/admin-user created clusterrolebinding.rbac.authorization.k8s.io/admin-user created -
Get token to sign in to dashboard
cat config/create-admin-user-token.sh#!/bin/bash NS=kubernetes-dashboard USER=admin-user kubectl -n $NS create token $USER --duration 526500m./config/create-admin-user-token.shYOUR_TOKEN_HEREThis token valid for a year.
Exposing Dashboard using Reverse Proxy
Here is an example of Nginx configuration to serve Kubernetes Dashboard at https://example.com/k8s/.
server {
listen 443 ssl;
server_name example.com;
location / {
...
}
location /k8s/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host dashboard.kubernetes.local;
proxy_http_version 1.1;
proxy_pass https://10.0.0.21/;
}
}What's Next
ā Operator and provisioner deployment
ā Load balancer and ingress