Using Dashboard To Access Kubernetes Cluster Post Deployment On ESA HPC OpenStack Magnum
After the Kubernetes cluster has been created, you can access it through command line tool, kubectl, or you can access it through a visual interface, called the Kubernetes dashboard. This article shows how to install it.
What We Are Going To Cover
How to install Kubernetes Dashboard
Prerequisites
No. 1 Hosting
You need a ESA HPC hosting account with Horizon interface https://horizon.eohpc.net/auth/login/?next=/.
No. 2 Cluster and kubectl should be already operational
To eventually set up a cluster and connect it to the kubectl tool, see this article How To Access Kubernetes Cluster Post Deployment Using Kubectl On ESA HPC OpenStack Magnum.
Dashboard is a visual interface to Kubernetes cluster. It can be used interchangeably with kubectl as the CLI tool.
Step 1 Deploying the Dashboard
Install it with the following command:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
The result is
Step 2 Creating a Sample User
Next, you create a bearer token which will serve as an authorization token for the Dashboard. To that end, you will create two local files and “send” them to the cloud using the kubectl command. The first file is called dashboard-adminuser.yaml and its contents are
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
Use a text editor of your choice to create that file, on MacOS or Linux you can use nano, like this:
nano dashboard-adminuser.yaml
Install that file on the Kubernetes cluster with this command:
kubectl apply -f dashboard-adminuser.yaml
The second file to create is
nano dashboard-clusterolebinding.yaml
and its contents should be:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
The command to send it to the cloud is
kubectl apply -f dashboard-clusterolebinding.yaml
Step 3 Get the bearer token for authentication to dashboard
The final step is to get the bearer token, which is a long string that will authenticate calls to Dashboard:
kubectl -n kubernetes-dashboard \
get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") \
-o go-template="{{.data.token | base64decode}}"
The bearer token string will be printed in terminal screen. Copy it to a text editor, it will be needed after you access the Dashboard UI through a HTTPS call.
Note
If the last character of the bearer token string is %, it may be a character that denotes the end of the string but is not a part of it. If you copy the bearer string and it is not recognized, try copying it without this ending character %.
Step 4 Create a separate terminal window
To enable the connection, start a separate terminal window and execute the following command in it:
kubectl proxy
The result will be something like this:
Step 5 See the dashboard in browser
Then enter this address into the browser:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
Enter the token, click on Sign In and get the Dashboard UI for the Kubernetes cluster.
The Kubernetes Dashboard organizes working with the cluster in a visual and interactive way. For instance, click on Nodes on the left sides to see the nodes that the k8s-cluster has.
What To Do Next
You can still use kubectl or alternate with using the Dashboard. Either way, you can
deploy apps on the cluster,
access multiple clusters,
create load balancers,
access applications in the cluster using port forwarding,
use Service to access application in a cluster,
list container images in the cluster
use Services, Deployments and all other resources in a Kubernetes cluster.