Kubernetes Dashboard UI

When you install Kubeadm, you have a cli interface with kubecli. However for some people it is not enough to have a cli. For some people it is useful to have a dashboard that shows how the cluster runs. Kubernetes has such an application though, it is not deployed by default. So here is how to add it to your setup. The below follows the installation guide from Kubernetes itself. You can find that here if you prefer that. For the configuration part there is information about that here.

There is one thing I want to mention here. I am demonstrating this in minikube. You could just run “minikube dashboard” to achieve the steps I am doing below. However I wanted to show how you set it up and what you get. Using the Minikube Dashboard command will get you past the login token I mention further down on the page.

In order to deploy the dashboard run the following command from the cluster:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

I chose to run this first on my minikube windows environment. The main reason for this is that I can run the kubectl proxy to host the dashboard as a local app.

Minikube with dashboard app

So after starting minikube on Windows in this case, I first verified that there is no dashboard running. Then I ran the kubectl apply command above and the app was pulled down and started. I verified that it was started and then ran the kubectl proxy to create a local port on my machine to connect to the dashboard.

minikube-dashboard

Now, opening a webbrowser of choice and jumping to the following address:

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login

You should get a screen like this:

dashboard-first-screen

Signing in to the ui dashboard

The next step is to configure a way to connect. As you can see there are two options kubeconfig and token. As I read it only one is actually supported, which is the token.

One thing that is important also is that no external identity source is supposed and also no x509 cert based authentication.

So lets try to create a service account and token so that we can log into the dashboard.

Running the following command should create the user in the namespace (You can name the user as you like, I went with dashboard-admin):

kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard

Secondly, in powershell run the following command (one line, and substituting the username in case you modified it from my example):

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | sls admin-user | ForEach-Object { $_ -Split '\s+' } | Select -First 1)

That should generate an output similar to this:

user-token

Copying that token and putting it in the token field like here:

login-with-token.PNG

Should allow you to actually log in:

first-login-with-token

As you can see by default there is not much to see here. You can either deploy an app or you can take the tour. So lets go and create an app to see if it gets us a bit more information.

With this role you can not create a pod though. You need to also create a cluster role binding. Above we used general cli to create the user and the token. Now lets advance a bit and use a yaml file to create the Cluster role binding:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kubernetes-dashboard

Take this file and save it as a yaml file, for example crb.yaml

Next you need to run the file and this you do by executing the following command from the folder where the yaml file is located. The output will look like this:

crb-creation

Now reload the app and you should be able to see a great deal of more roles and options.

For example you can now create an app. Without the cluster role binding you have no rights to deploy.

Creating an app

So now that we are inside the app we can create a new app, you do this by clicking the blue plus in the top right corner. You can then either create from input or from a file or a form.

Just to show each screen here to give you an idea:

create-resource

create-from-file

create-from-form

Probably the easiest way if you have little idea yet about creating images is to go via the forms.

I just filled in something very simple:

first-app-deploy-example

Hitting deploy I got this (Actually during deployment it was orange but it soon turned green):

first-app-example-deployed

And you can see it in the cli also by doing a kubectl get pods -A

first-app-example-deployed-cli

That was generally what I wanted to show here, you can install a dashboard app and this gives users who are not used to the cli and option of creating their apps fairly simple and easy.

Kubeadm with dashboard app

Mostly the same order applies to Kubeadm as for the above. I will try to add a bit more on it later. The one major difference I found so far is that the powershell command I ran for minikube is of course a bit different for bash.

So on Linux based version you need something like this:

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

The rest of the steps should be the same.

 

 

%d bloggers like this: