.. uxg1581955143110
.. _install-the-kubernetes-dashboard:
================================
Install the Kubernetes Dashboard
================================
You can optionally use the Kubernetes Dashboard web interface to perform
cluster management tasks.
.. rubric:: |context|
Kubernetes Dashboard allows you to perform common cluster management tasks
such as deployment, resource allocation, real-time and historic status
review, and troubleshooting.
.. rubric:: |prereq|
You must have **cluster-admin** |RBAC| privileges to install Kubernetes
Dashboard.
.. rubric:: |proc|
.. _install-the-kubernetes-dashboard-steps-azn-yyd-tkb:
#. Create a namespace for the Kubernetes Dashboard.
.. code-block:: none
~(keystone_admin)]$ kubectl create namespace kubernetes-dashboard
#. Create a certificate for use by the Kubernetes Dashboard.
.. note::
This example uses a self-signed certificate. In a production
deployment, the use of a using a certificate signed by a trusted
Certificate Authority is strongly recommended.
#. Create a location to store the certificate.
.. code-block:: none
~(keystone_admin)]$ cd /home/sysadmin
~(keystone_admin)]$ mkdir -p /home/sysadmin/kube/dashboard/certs
#. Create the certificate.
.. code-block:: none
~(keystone_admin)]$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/sysadmin/kube/dashboard/certs/dashboard.key -out /home/sysadmin/kube/dashboard/certs/dashboard.crt -subj "/CN=<FQDN>"
where:
**<FQDN>**
The fully qualified domain name for the |prod| cluster's |OAM| floating IP.
#. Create a kubernetes secret for holding the certificate and private key.
.. code-block:: none
~(keystone)admin)]$ kubectl -n kubernetes-dashboard create secret generic kubernetes-dashboard-certs --from-file=tls.crt=/home/sysadmin/kube/dashboard/certs/dashboard.crt --from-file=tls.key=/home/sysadmin/kube/dashboard/certs/dashboard.key
#. Configure the kubernetes-dashboard manifest:
#. Download the recommended.yaml file.
.. code-block:: none
~(keystone_admin)]$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
#. Edit the file.
Comment out the auto-generate-certificates argument and add the
tls-cert-file and tls-key-file arguments.
The updates should look like:
.. code-block:: none
...
args:
# - --auto-generate-certificates
- --namespace=kubernetes-dashboard
- --tls-cert-file=/tls.crt
- --tls-key-file=/tls.key
...
#. Apply the kubernetes dashboard recommended.yaml manifest.
.. code-block:: none
~(keystone_admin)]$ kubectl apply -f recommended.yaml
#. Patch the kubernetes dashboard service to type=NodePort and port=32000.
.. code-block:: none
~(keystone_admin)]$ kubectl patch service kubernetes-dashboard -n kubernetes-dashboard -p '{"spec":{"type":"NodePort","ports":[{"port":443, "nodePort":32000}]}}'
#. Test the Kubernetes Dashboard deployment.
The Kubernetes Dashboard is listening at port 32000 on the machine
defined above for |prod| cluster's |OAM| floating IP.
#. Access the dashboard at `https://<fqdn>:32000`
Because the certificate created earlier in this procedure was not
signed by a trusted |CA|, you will need to acknowledge an insecure
connection from the browser.
#. Select the **Kubeconfig** option for signing in to the Kubernetes
Dashboard. Note that typically your kubeconfig file on a remote host is
located at $HOME/.kube/config . You may have to copy it to somewhere
more accessible.
You are presented with the Kubernetes Dashboard for the current context
(cluster, user and credentials) specified in the kubeconfig file.