Getting started with k8s: kubernetes-dashboard installation

series of articles

---

Chapter 1: Getting Started with ✨k8s: Bare Metal Deployment of k8s Clusters Chapter 2 :
Getting Started with ✨K8s : Deploying Applications to K8s Clusters :✨Getting started with k8s: Storage (storage) Chapter 6: ✨K8S configuration storageclass Use nfs to dynamically claim local disk space Chapter 7: ✨K8s getting started: Configuring ConfigMap & Secret Chapter 8: ✨K8s getting started: K8s getting started: Helm construction MySQL Chapter 9: Getting Started with k8s: kubernetes-dashboard Installation Chapter 10: Getting Started with k8s: kube-prometheus-stack Family Bucket Construction (Grafana + Prometheus)

---

Reference: https://blog.csdn.net/u013068377/article/details/106673434/
k8s official website: https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

1. Introduction

Dashboard is a web-based user interface for Kubernetes. You can use Dashboard to deploy containerized applications to Kubernetes clusters, troubleshoot containerized applications, and manage cluster resources. You can use the Dashboard to get an overview of the applications running on the cluster, and to create or modify individual Kubernetes resources (such as Deployments, Jobs, DaemonSets, etc.). For example, you can use the deployment wizard to scale out a deployment, initiate a rolling update, restart a pod, or deploy a new application.

The dashboard also provides information about the status of the Kubernetes resources in the cluster and any errors that may have occurred.

2. Install kubernetes-dashboard

Use the deploy/recommended.yaml list provided by the official website to install kubernetes-dashboard, or use Helm to install, refer to the Artifact Hub address: https://artifacthub.io/packages/helm/k8s-dashboard/kubernetes-dashboard

1. Download the configuration file

You can use the following command to download recommended.yaml to modify the default configuration

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml

The default configuration installs kubernetes-dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml

2. Modify the default configuration

Modify the service of kubernetes-dashboard, and specify the nodePort port as 18443

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  type: NodePort
  ports:
    - port: 443
      targetPort: 8443
      nodePort: 18443
  selector:
    k8s-app: kubernetes-dashboard

3. Install kubernetes-dashboard

[root@master dashboard]# kubectl apply -f recommended.yaml 
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

4. Access the web

Access the specified port 18443, the IP of the master node is 192.168.25.100, then the access address: https://192.168.25.100:18443/

5. Get the token

K8S has two types of users: User and Service Account. User is used by people, and Service Account is used by processes, so that processes have relevant permissions. Dashboard is a process, so we can create a Service Account for it

kubectl get serviceaccount  -n kubernetes-dashboard
kubectl describe serviceaccount/kubernetes-dashboard -n kubernetes-dashboard
kubectl get secret -n kubernetes-dashboard
kubectl describe secret/kubernetes-dashboard-token-28jqz -n kubernetes-dashboard

As follows, the above command can be simplified to one command ( kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep kubernetes-dashboard | awk '{print $1}') )

6. Test login

Use the queried token to log in to the kubernetes dashboard, and the login is successful.

The reason for the above problem is that the kubernetes-dashboard account has insufficient role permissions.

7. Create a new user

To create dashboard-adminuser.yaml, please refer to: https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

cat > dashboard-adminuser.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard  
EOF

Create login user

[root@master dashboard]# kubectl apply -f dashboard-adminuser.yaml
serviceaccount/admin-user created

Description: A service account called admin-user is created above, placed in the kubernetes-dashboard namespace, and the cluster-admin role is bound to the admin-user account, so that the admin-user account has administrator privileges . By default, the cluster-admin role has been created when kubeadm creates a cluster, and we can bind it directly.

View the token of the admin-user account

[root@master dashboard]# kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-6wkxr
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: a90464fd-83bb-4435-90ee-c59493b81889

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InhGU29vbVM3TG90R1NzTzZfT2VlTUVWZTIySXlGbHZxUW5laVZ5T29lRTAifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTZ3a3hyIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJhOTA0NjRmZC04M2JiLTQ0MzUtOTBlZS1jNTk0OTNiODE4ODkiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.gaqvh1E1yH0SmKT-cDhzGOl_-g5aZmiH7SuRLXuAnIdBRAhC1dYFFqmkUenspepRb4zkMX0vojYjq0twGKAP3IAI4h0H24QVXhOBMiMWH1IyZdprZ32K3j2egdCuRkb3BEwm1M0zR8XZlLZRI-__Hl5QCntNwO6Lh21nmRx-f9rG1T-omGSWiZnRn4ZW0kS0N0sunAYFfsRWNKh6Pnd3WzfNqa3rBNaULOeDStlL1DfcO_fhqWbeuWWwnA66Q7fX7Xa3oP5qymt-C_lvM_hod8N3TVzVKY2ToiqMPmGAflQoHf4P-iYdH2sG38_hYM0LJvpmy8zdVvZSo9LNBHsEeQ

Log out and log in again using the token of the admin-user service account

8. Set the token expiration time

Use token to log in to kubernetes-dashboard. The default token authentication time is 900s/15 minutes. It is very troublesome to log in again if it fails. Add the following ( - --token-ttl=604800unit s) parameter to modify the token expiration time to 7 days. The kubernetes-dashboard platform can use the following methods, you can also choose to modify the recommended.yaml file and apply it again

step:

• Select kubernetes-dashboardNamespace
• edit deployment/kubernetes-dashboardconfiguration file
• Add - --token-ttl=604800(unit s) at the corresponding position
• Click to update to take effect