Skip to content

Instantly share code, notes, and snippets.

@jannegpriv

jannegpriv/installation_steps_k3s_dashboard.md

Last active November 1, 2024 13:51
Show Gist options
  • Save jannegpriv/06427e4ecc2a17f317a4bebc32b6445c to your computer and use it in GitHub Desktop.
Save jannegpriv/06427e4ecc2a17f317a4bebc32b6445c to your computer and use it in GitHub Desktop.
Download ZIP
Installation steps for K3s dashboard.
Raw
installation_steps_k3s_dashboard.md

Installation steps for K3s dashboard

The steps below requires that you have followed the installation steps for installing K3s on RPIs.

NOTE: The following files can be found in the following repository.

Installation steps for K3s dashboard. On master node, create a folder called dashboard:

mkdir ~/k3s-dashboard
cd ~/k3s-dashboard
GITHUB_URL=https://github.com/kubernetes/dashboard/releases
VERSION_KUBE_DASHBOARD=$(curl -w '%{url_effective}' -I -L -s -S ${GITHUB_URL}/latest -o /dev/null | sed -e 's|.*/||')
sudo k3s kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/${VERSION_KUBE_DASHBOARD}/aio/deploy/recommended.yaml

Then create a file named service-account.yaml with the following content:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

Then create a file named cluster-role.yaml with the following content:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

Then apply the 2 yaml-files:

k apply -f service-account.yaml
k apply -f cluster-role-binding.yaml

Access the Kubernetes Dashboard using ingress controller Traefik

The easiest way to access the dashboard is by creating an ingress controller using the Traefik load balancer.

Create a file named dashboard-trafik.yaml:

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  labels:
    app: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: "traefik"
spec:
  rules:
  - host: k3s-dashboard.example.org
    http:
      paths:
      - path: /
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

Then apply the yaml-file:

k apply -f dashboard-trafik.yaml

If you run without certificates, e.g. in a test environment, you then need to configure traefik to skip certificate checks by adding the following line to the config map for traefik, first launch the config map editor:

kubectl -n kube-system edit cm traefik

Then add the following line to the top of the toml part:

insecureSkipVerify = true

like this:

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
data:
  traefik.toml: |
    # traefik.toml
    logLevel = "debug"
    insecureSkipVerify = true
    defaultEntryPoints = ["http","https"]

Then relaunch the traefik pod by scaling down/up:

kubectl -n kube-system scale deploy traefik --replicas 0
kubectl -n kube-system scale deploy traefik --replicas 1

Then surf to:

https://k3s-dashboard.example.org/#/login

Access the Kubernetes Dashboard using Kube Proxy

Start kube proxy to export port 8001 to dashboard. NOTE: The prompt will hang!:

sudo k3s kubectl proxy
Starting to serve on 127.0.0.1:8001

Then depending on your local computer's OS, create a SSH tunnel to k3s-master-1 using either ssh (Linux/MacOS) or e.g. MobaXterm using Windows, below shows Linux/MacOS configuration. NOTE: If you have not configured k3s-master-1n /etc/hosts on your local computer, you will need to use the IP address of the master node:

ssh -N -L localhost:8001:localhost:8001 pi@k3s-master-1

Using your favourite browser on tour local computer, surf to the following URL: http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login

Login to the Kubernetes Dashboard

To login you will need a Token, use the following command to find it:

sudo k3s kubectl -n kubernetes-dashboard describe secret admin-user-token | grep ^token

Copy&paste the token listed above and log in to the dashboard.

If you have problems with dashboard complaining about user rights, then issue the following command on the master node:

kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard

Delete the Dashboard

To delete the dashboard:

sudo k3s kubectl delete -n kubernetes-dashboard
@rodrigofvale
Copy link

error: resource mapping not found for name: "selfsigned" namespace: "kubernetes-dashboard" from "https://raw.githubusercontent.com/kubernetes/dashboard/v3.0.0-alpha0/charts/kubernetes-dashboard.yaml": no matches for kind "Issuer" in version "cert-manager.io/v1"
ensure CRDs are installed first

@eliandoran
Copy link

eliandoran commented Feb 3, 2024
edited
Loading

@rodrigofvale ,

error: resource mapping not found for name: "selfsigned" namespace: "kubernetes-dashboard" from "https://raw.githubusercontent.com/kubernetes/dashboard/v3.0.0-alpha0/charts/kubernetes-dashboard.yaml": no matches for kind "Issuer" in version "cert-manager.io/v1" ensure CRDs are installed first

On my side I noticed 3.0.0-alpha0 introduces breaking changes so I skipped it:

Starting from the release v3 of the Kubernetes Dashboard, the underlying architecture has changed, and it requires a clean installation. Please remove the previous installation first.

Kubernetes Dashboard now uses cert-manager and nginx-ingress-controller by default to work properly. Please make sure you have them installed in your cluster if you want to use a manifest-based installation path. The helm-based approach can install all required dependencies automatically for you if needed.

I used the stable version:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

@dprothero
Copy link

dprothero commented Mar 24, 2024
edited
Loading

When I try to run:

kubectl -n kubernetes-dashboard describe secret admin-user-token | grep ^token

I get:

Error from server (NotFound): secrets "admin-user-token" not found

I had to use:

kubectl create token admin-user -n kubernetes-dashboard

@tadghh
Copy link

tadghh commented Jul 9, 2024 

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  labels:
    app: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: "traefik"
spec:
  rules:
  - host: k3s-dashboard.example.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443

@apuatcfbd
Copy link

I think the gist is not good, In my case, my Kubernetes version is 1.30 (k3s). For the v1.30 dashboard v7.7.0 is the most supported version. but this gist trying to install the 7.10.0 (which is the current latest) version & that is not compatible. The URL format is also invalid now (for newer packages).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment