When you install Kubeadm, you have a cli interface with kubecli. However for some people it is not enough to have a cli. For some people it is useful to have a dashboard that shows how the cluster runs. Kubernetes has such an application though, it is not deployed by default. So here is how to add it to your setup. The below follows the installation guide from Kubernetes itself. You can find that here if you prefer that. For the configuration part there is information about that here.
There is one thing I want to mention here. I am demonstrating this in minikube. You could just run “minikube dashboard” to achieve the steps I am doing below. However I wanted to show how you set it up and what you get. Using the Minikube Dashboard command will get you past the login token I mention further down on the page.
In order to deploy the dashboard run the following command from the cluster:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
I chose to run this first on my minikube windows environment. The main reason for this is that I can run the kubectl proxy to host the dashboard as a local app.
Minikube with dashboard app
So after starting minikube on Windows in this case, I first verified that there is no dashboard running. Then I ran the kubectl apply command above and the app was pulled down and started. I verified that it was started and then ran the kubectl proxy to create a local port on my machine to connect to the dashboard.
Now, opening a webbrowser of choice and jumping to the following address:
You should get a screen like this:
Signing in to the ui dashboard
The next step is to configure a way to connect. As you can see there are two options kubeconfig and token. As I read it only one is actually supported, which is the token.
One thing that is important also is that no external identity source is supposed and also no x509 cert based authentication.
So lets try to create a service account and token so that we can log into the dashboard.
Running the following command should create the user in the namespace (You can name the user as you like, I went with dashboard-admin):
kubectl create serviceaccount dashboard-admin -n kubernetes-dashboard
Secondly, in powershell run the following command (one line, and substituting the username in case you modified it from my example):
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | sls admin-user | ForEach-Object { $_ -Split '\s+' } | Select -First 1)
That should generate an output similar to this:
Copying that token and putting it in the token field like here:
Should allow you to actually log in:
As you can see by default there is not much to see here. You can either deploy an app or you can take the tour. So lets go and create an app to see if it gets us a bit more information.
With this role you can not create a pod though. You need to also create a cluster role binding. Above we used general cli to create the user and the token. Now lets advance a bit and use a yaml file to create the Cluster role binding:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kubernetes-dashboard
Take this file and save it as a yaml file, for example crb.yaml
Next you need to run the file and this you do by executing the following command from the folder where the yaml file is located. The output will look like this:
Now reload the app and you should be able to see a great deal of more roles and options.
For example you can now create an app. Without the cluster role binding you have no rights to deploy.
Creating an app
So now that we are inside the app we can create a new app, you do this by clicking the blue plus in the top right corner. You can then either create from input or from a file or a form.
Just to show each screen here to give you an idea:
Probably the easiest way if you have little idea yet about creating images is to go via the forms.
I just filled in something very simple:
Hitting deploy I got this (Actually during deployment it was orange but it soon turned green):
And you can see it in the cli also by doing a kubectl get pods -A
That was generally what I wanted to show here, you can install a dashboard app and this gives users who are not used to the cli and option of creating their apps fairly simple and easy.
Kubeadm with dashboard app
Mostly the same order applies to Kubeadm as for the above. I will try to add a bit more on it later. The one major difference I found so far is that the powershell command I ran for minikube is of course a bit different for bash.
So on Linux based version you need something like this:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
The rest of the steps should be the same.