Welcome back to the short series about getting started with Kubernetes, the practical way! If you haven't read the first post on provisioning a cluster and haven't set up your first cluster yet, please do that first and come back here. If you're running your cluster on Google's Kubernetes Engine, chances are that integrated metrics and services like Stackdriver are already great for monitoring your Kubernetes cluster, in that case, you might not actually need to deploy the following application.
Kubernetes Dashboard is an officially-supported project that offers simple workload metrics of your running clusters, including resource usage, details to deployed applications, settings, etc. Starting off with our barebones cluster and a configured kubectl, we can simply execute
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
ploy/recommended/kubernetes-dashboard.yaml
secret/kubernetes-dashboard-certs created
serviceaccount/kubernetes-dashboard created
role.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard-minimal created
deployment.apps/kubernetes-dashboard created
service/kubernetes-dashboard created
This will deploy the Kubernetes Dashboard, no more steps included to get it up and running. Since it's only exposed cluster-internally, we can use kubectl's proxying feature to access the dashboard from our local machine. To do that, simply run
$ kubectl proxy
Starting to serve on 127.0.0.1:8001
You should now be able to navigate to this page in your browser, which will then display a login form similar to the following image. We'll cover dashboard authentication in a second.
For authentication, you can either continue following this guide or head over to the documentation, which explains basically the same thing. Let's create a new Kubernetes resource definition file in yaml format and add the following
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kube-system
If we now continue by uploading and adding this user to our dashboard cluster using kubectl apply -f [path-to-your-file],
we are able to retrieve the generated token using the following command:
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
Name: admin-user-token-4fjrh
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: admin-user
kubernetes.io/service-account.uid: d604ae10-3c56-11e9-ab8a-0242c366a63f
Type: kubernetes.io/service-account-token
Data
====
namespace: 11 bytes
token: [TOKEN CONTENT]
ca.crt: 1025 bytes
Simply copy and paste the generated token into the dashboard login page, and you'll be able to view the dashboard's overview page which should look similar to this
And we're done already! You can now explore your dashboard in full length without me interrupting 🙌