Monitor clusters easily via the OVH Kubernetes Dashboard with a little help from our experts. Our OVH Support team is here to help you with your questions and concerns.
Getting Started: OVH Kubernetes Dashboard Setup
The Kubernetes Dashboard is a web-based user interface that simplifies the management and monitoring of Kubernetes clusters. It offers a graphical representation of the state of our Kubernetes resources.
In other words, it lets us visualize and interact with the cluster. Today we will take a quick look at deploying the Kubernetes Dashboard, creating an authentication token, and accessing the Dashboard.
- Deploy the Dashboard in a Cluster
- Create an Authentication Token (RBAC)
- Retrieve the Bearer Token
- Access the Dashboard
- Delete All Kubernetes Dashboard Resources
How to Deploy the Dashboard in a Cluster
To deploy the Dashboard, we have to choose the version that matches the Kubernetes version to avoid incompatibilities. Here’s how we can deploy the Dashboard:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
After that, we will see an output similar to the following:
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created
How to Create an Authentication Token (RBAC)
To access the Dashboard, we need to create a new user with the service account mechanism in Kubernetes. This user must have admin permissions and use a bearer token for login.
- First, create a service account named `admin-user` in the `kubernetes-dashboard` namespace.
- Then, save the following YAML to a file named `dashboard-service-account.yml`:
- Next, apply the file to the cluster:
kubectl apply -f dashboard-service-account.yml
As a result, we will see the following message:
serviceaccount/admin-user created
- Then, create a RoleBinding using the `cluster-admin` role to bind the cluster to your service account. We need to save the following YAML to a file named `dashboard-cluster-role-binding.yml`:
- Next, apply the file to the cluster:
kubectl apply -f dashboard-cluster-role-binding.yml
As a result, we will see the following message:
clusterrolebinding.rbac.authorization.k8s.io/admin-user created
- Since Kubernetes v1.24.0, Secret API objects containing service account tokens are not auto-generated. So, we have to create it manually. Hence, save the following YAML to a file named `service-account-token.yml`:
- Then, apply the file to the cluster:
kubectl apply -f service-account-token.yml
As a result, we will see the following message:
secret/admin-user-token created
How to Retrieve the Bearer Token
To log into the Dashboard, we have to retrieve the bearer token with this command:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user-token | awk '{print $1}')
Then, we will see output like this:
Now, copy and securely store the token. This is the key to accessing the Dashboard.
How to Access the Dashboard
To access the Dashboard from the local workstation we have to create a secure channel to the Kubernetes cluster using `kubectl proxy`:
kubectl proxy
Then we will see this message:
Starting to serve on 127.0.0.1:8001
We can open the Dashboard at:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
On the login page, select authentication by token and use the bearer token we saved earlier. This will take us directly to the Dashboard.
How to Delete All Kubernetes Dashboard Resources
We can easily remove all resources created by the Dashboard deployment with these commands:
kubectl delete ns kubernetes-dashboard
kubectl delete -f dashboard-cluster-role-binding.yml
[Need assistance with a different issue? Our team is available 24/7.]
Conclusion
In brief, our Support Experts demonstrated how to deploy the Kubernetes Dashboard, create an authentication token, and access the Dashboard.
0 Comments