Skip to content

Instantly share code, notes, and snippets.

@johnrkriter
Forked from superseb/README.md
Created October 4, 2018 15:54
Show Gist options
  • Save johnrkriter/e33c8c71a735fec10faf80f5222a2d76 to your computer and use it in GitHub Desktop.
Save johnrkriter/e33c8c71a735fec10faf80f5222a2d76 to your computer and use it in GitHub Desktop.
Deploy kubernetes-dashboard on Rancher 2.0 cluster exposed using NodePort

Deploy kubernetes-dashboard on Rancher 2.0 cluster exposed using NodePort

Requirements

Step 1: Generate kubeconfig from the UI

Generate the kubeconfig file for your cluster using the Kubeconfig File button in the Cluster view of your cluster. Save the generated file as $HOME/.kube/config and run kubectl get nodes to verify it works.

Step 2: Deploy kubernetes dashboard

Deploy the kubernetes dashboard by using the recommended deployment definition.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl rollout status deploy/kubernetes-dashboard -n kube-system

Reference: https://github.com/kubernetes/dashboard/blob/master/README.md

Step 3: Change Service Type to NodePort

For this guide, we are using a NodePort to access the kubernetes dashboard. By default, the Service gets created as ClusterIP. You can change that by using the following command:

kubectl get svc/kubernetes-dashboard  -n kube-system  -o yaml | sed 's/ClusterIP/NodePort/g' | kubectl apply -f -
service "kubernetes-dashboard" configured

Step 4: Create ServiceAccount and token to login

Copy the following YAML content and save it as dashboard.yml:

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

Run the following command to create the needed resources:

kubectl create -f dashboard.yml

Retrieve the token which can be used to login:

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

Save the string after token: so you can login into the dashboard.

Example output:

Name:         admin-user-token-6gl6l
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=admin-user
              kubernetes.io/service-account.uid=b16afba9-dfec-11e7-bbb9-901b0e532516

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTZnbDZsIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJiMTZhZmJhOS1kZmVjLTExZTctYmJiOS05MDFiMGU1MzI1MTYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.M70CU3lbu3PP4OjhFms8PVL5pQKj-jj4RNSLA4YmQfTXpPUuxqXjiTf094_Rzr0fgN_IVX6gC4fiNUL5ynx9KU-lkPfk0HnX8scxfJNzypL039mpGt0bbe1IXKSIRaq_9VW59Xz-yBUhycYcKPO9RM2Qa1Ax29nqNVko4vLn1_1wPqJ6XSq3GYI8anTzV8Fku4jasUwjrws6Cn6_sPEGmL54sq5R4Z5afUtv-mItTmqZZdxnkRqcJLlg2Y8WbCPogErbsaCDJoABQ7ppaqHetwfM_0yMun6ABOQbIwwl8pspJhpplKwyo700OSpvTT9zlBsu-b35lzXGBRHzv5g_RA

Reference: https://github.com/kubernetes/dashboard/wiki/Creating-sample-user

Step 5: Login to the dashboard

We need to access the IP of one of the nodes added to your cluster, on the randomly chosen NodePort we configured earlier. Below are two command to automatically find these parameters:

NODEPORT=`kubectl get services/kubernetes-dashboard -n kube-system  -o jsonpath="{.spec.ports[0].nodePort}"`
for NODE in `kubectl get no -o jsonpath='{range.items[*].status.addresses[?(@.type=="InternalIP")]}{"https://"}{.address}{"\n"}{end}'`; do echo $NODE:$NODEPORT; done

Use one of the printed URLs to visit the kubernetes dashboard in your browser.

When prompted to sign in, choose Token and use the token you saved in step 4.

Extra: kubectl proxy

kubectl proxy

Access dashboard this URL, replacing CLUSTERID with your clusterid (shown in the address bar of your browser):

http://localhost:8001/k8s/clusters/CLUSTERID/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment