Kubernetes Dashboard setup for a multi-node cluster
In the previous demo, I have created a multi-node Kubernetes setup in AWS. In this example, we will add a Dashboard to monitor the service offered by Kubernetes.
Kubernetes Dashboard is a feature provided by Kubernetes ref. GitHubURL:
https://github.com/kubernetes/dashboard
In this demo, we will explore how to set the dashboard so that we can use the functionality.
To begin, we will ssh into the ‘master’ node.
We need to create a self-signed SSL certificate first which will use later.
$ mkdir $HOME/certs
$ cd ~/certsGenerate a certificate,
$ openssl genrsa -out dashboard.key 2048
$ openssl rsa -in dashboard.key -out dashboard.key
$ openssl req -sha256 -new -key dashboard.key -out dashboard.csr
$ openssl x509 -req -sha256 -days 365 -in dashboard.csr -signkey dashboard.key -out dashboard.crtAfter generating the SSL certificate we will run the kubectl apply command, which will create the necessary services for the dashboard.
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.1/aio/deploy/recommended.yamlAfter the required service got created by running the above command, we need to edit the service in order to access the Dashboard over the internet.
$ kubectl get svc -n kubernetes-dashboard
$ kubectl describe service kubernetes-dashboard -n kubernetes-dashboard
$ kubectl edit service kubernetes-dashboard -n kubernetes-dashboardGoto line no. 28, and change the type to NodePort. Save and exit.
Go to the home directory.
$ cd ~Create a directory named dashboard.
$ mkdir dashboardCreate a file named dashaboard.yaml .
Put the below content,
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
—--
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboardApply the above YAML file. It will create a user and a service account.
$ kubectl apply -f dashboard.yaml
$ kubectl -n kubernetes-dashboard get secret
$ kubectl -n kubernetes-dashboard describe secret admin-user-token-npq
$ kubectl get svc -o wide -n kubernetes-dashboard
Copt the secret token and keep that in a text file for later use.
Copy the port no. from the service output.
From AWS console copy the Master Public IP, go to the Firefox Browser and put the IP.
https://<private-ip>:<nodeport>Accept the risk and continue.
Choose ‘Security token’ and paste the secret copied from the master earlier.
N.B:- The dashboard service is designed in such a way that it can only run on themaster node. So we need to check on which node it’s running,
$ kubectl get pods -n kubernetes-dashboard -o wideIf it’s running in any node other than master then we need to to bring that to the master node. To do so, we need to drain the node until it comes to master node.
$ kubectl drain node-1 --ignore-daemonsets --delete-local-data --force
$ kubectl drain node-2 --ignore-daemonsets --delete-local-data --forceThe reason we need to use the Firefox browser is that nowadays only Firefox supports Self-signed SSL page to view the URL.
