Kubernetes Dashboard setup for a multi-node cluster
In the previous demo, I have created a multi-node Kubernetes setup in AWS. In this example, we will add a Dashboard to monitor the service offered by Kubernetes.
Kubernetes Dashboard is a feature provided by Kubernetes ref. GitHubURL:
https://github.com/kubernetes/dashboard
In this demo, we will explore how to set the dashboard so that we can use the functionality.
To begin, we will ssh into the ‘master’ node.
We need to create a self-signed SSL certificate first which will use later.
$ mkdir $HOME/certs
$ cd ~/certs
Generate a certificate,
$ openssl genrsa -out dashboard.key 2048
$ openssl rsa -in dashboard.key -out dashboard.key
$ openssl req -sha256 -new -key dashboard.key -out dashboard.csr
$ openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crt
After generating the SSL certificate we will run the kubectl
apply command, which will create the necessary services for the dashboard.
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yaml
After the required service got created by running the above command, we need to edit the service in order to access the Dashboard over the internet.
$ kubectl get svc -n kubernetes-dashboard
$ kubectl describe service kubernetes-dashboard -n kubernetes-dashboard
$ kubectl edit service kubernetes-dashboard -n kubernetes-dashboard
Goto line no. 28, and change the type
to NodePort
. Save and exit.
Go to the home directory.
$ cd ~
Create a directory named dashboard
.
$ mkdir dashboard
Create a file named dashaboard.yaml
.
Put the below content,
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
—--
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
Apply the above YAML file. It will create a user and a service account.
$ kubectl apply -f dashboard.yaml
$ kubectl -n kubernetes-dashboard get secret
$ kubectl -n kubernetes-dashboard describe secret admin-user-token-npq
$ kubectl get svc -o wide -n kubernetes-dashboard
Copt the secret
token and keep that in a text file for later use.
Copy the port no. from the service output.
From AWS console copy the Master Public IP, go to the Firefox Browser and put the IP.
https://<private-ip>:<nodeport>
Accept the risk and continue.
Choose ‘Security token’ and paste the secret copied from the master earlier.
N.B:- The dashboard service is designed in such a way that it can only run on themaster
node. So we need to check on which node it’s running,
$ kubectl get pods -n kubernetes-dashboard -o wide
If it’s running in any node other than master
then we need to to bring that to the master
node. To do so, we need to drain the node until it comes to master node.
$ kubectl drain node-1 --ignore-daemonsets --delete-local-data --force
$ kubectl drain node-2 --ignore-daemonsets --delete-local-data --force
The reason we need to use the Firefox browser is that nowadays only Firefox supports Self-signed SSL page to view the URL.