starlingx/docs
Code Issues Proposed changes
3c5fa979a4
docs/doc/source/security/kubernetes/install-the-kubernetes-dashboard.rst
Keane Lim 3c5fa979a4 Security guide update 
Re-organized topic hierarchy

Tiny edit to restart review workflow.

Squashed with Resolved index.rst conflict commit

Change-Id: I13472792cb19d1e9975ac76c6954d38054d606c5
Signed-off-by: Keane Lim <keane.lim@windriver.com>
Signed-off-by: MCamp859 <maryx.camp@intel.com>
2021-03-12 15:10:40 -05:00

3.9 KiB
Raw Blame History

Install the Kubernetes Dashboard

You can optionally use the Kubernetes Dashboard web interface to perform cluster management tasks.

Kubernetes Dashboard allows you to perform common cluster management tasks such as deployment, resource allocation, real-time and historic status review, and troubleshooting.

You must have cluster-admin privileges to install Kubernetes Dashboard.

  1. Create a namespace for the Kubernetes Dashboard.

    ~(keystone_admin)$ kubectl create namespace kubernetes-dashboard

  2. Create a certificate for use by the Kubernetes Dashboard.

    Note

    This example uses a self-signed certificate. In a production deployment, the use of a using a certificate signed by a trusted Certificate Authority is strongly recommended.

    1. Create a location to store the certificate.

      ~(keystone_admin)$ cd /home/sysadmin
~(keystone_admin)$ mkdir -p /home/sysadmin/kube/dashboard/certs

    2. Create the certificate.

      ~(keystone_admin)$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/sysadmin/kube/dashboard/certs/dashboard.key -out /home/sysadmin/kube/dashboard/certs/dashboard.crt -subj "/CN=<FQDN>"

      where: <FQDN>

      The fully qualified domain name for the cluster's OAM floating IP.

    3. Create a kubernetes secret for holding the certificate and private key.

      ~(keystone)admin)]$ kubectl -n kubernetes-dashboard create secret generic kubernetes-dashboard-certs --from-file=tls.crt=/home/sysadmin/kube/dashboard/certs/dashboard.crt --from-file=tls.key=/home/sysadmin/kube/dashboard/certs/dashboard.key

  3. Configure the kubernetes-dashboard manifest:

    1. Download the recommended.yaml file.

      ~(keystone_admin)$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

    2. Edit the file.

      Comment out the auto-generate-certificates argument and add the tls-cert-file and tls-key-file arguments.

      The updates should look like:

      ...
args:
    # - --auto-generate-certificates
    - --namespace=kubernetes-dashboard
    - --tls-cert-file=/tls.crt
    - --tls-key-file=/tls.key
...

  4. Apply the kubernetes dashboard recommended.yaml manifest.

    ~(keystone_admin)$ kubectl apply -f recommended.yaml

  5. Patch the kubernetes dashboard service to type=NodePort and port=30000.

    ~(keystone_admin)$ kubectl patch service kubernetes-dashboard -n kubernetes-dashboard -p '{"spec":{"type":"NodePort","ports":[{"port":443, "nodePort":30000}]}}'

  6. Test the Kubernetes Dashboard deployment.

    The Kubernetes Dashboard is listening at port 30000 on the machine defined above for cluster's OAM floating IP.

    1. Access the dashboard at https://<fqdn>:30000

      Because the certificate created earlier in this procedure was not signed by a trusted , you will need to acknowledge an insecure connection from the browser.

    2. Select the Kubeconfig option for signing in to the Kubernetes Dashboard. Note that typically your kubeconfig file on a remote host is located at $HOME/.kube/config . You may have to copy it to somewhere more accessible.

    You are presented with the Kubernetes Dashboard for the current context (cluster, user and credentials) specified in the kubeconfig file.