 d6a9a0924b
			
		
	
	d6a9a0924b
	
	
	
		
			
			Changed Kubernetes dashboard port from 30000 > 32000. Added Dashboard and VIM ports to Dist. Cloud port list. Additional ports for VIM and vim-webserver. Patchset 3 review updates. Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: I1ea1cf26ea3562bd38917207576ff207e6a7d092 Signed-off-by: Ron Stone <ronald.stone@windriver.com>
		
			
				
	
	
		
			131 lines
		
	
	
		
			3.9 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
			
		
		
	
	
			131 lines
		
	
	
		
			3.9 KiB
		
	
	
	
		
			ReStructuredText
		
	
	
	
	
	
| 
 | |
| .. uxg1581955143110
 | |
| .. _install-the-kubernetes-dashboard:
 | |
| 
 | |
| ================================
 | |
| Install the Kubernetes Dashboard
 | |
| ================================
 | |
| 
 | |
| You can optionally use the Kubernetes Dashboard web interface to perform
 | |
| cluster management tasks.
 | |
| 
 | |
| .. rubric:: |context|
 | |
| 
 | |
| Kubernetes Dashboard allows you to perform common cluster management tasks
 | |
| such as deployment, resource allocation, real-time and historic status
 | |
| review, and troubleshooting.
 | |
| 
 | |
| .. rubric:: |prereq|
 | |
| 
 | |
| You must have **cluster-admin** |RBAC| privileges to install Kubernetes
 | |
| Dashboard.
 | |
| 
 | |
| .. rubric:: |proc|
 | |
| 
 | |
| 
 | |
| .. _install-the-kubernetes-dashboard-steps-azn-yyd-tkb:
 | |
| 
 | |
| #.  Create a namespace for the Kubernetes Dashboard.
 | |
| 
 | |
|     .. code-block:: none
 | |
| 
 | |
|         ~(keystone_admin)]$ kubectl create namespace kubernetes-dashboard
 | |
| 
 | |
| #.  Create a certificate for use by the Kubernetes Dashboard.
 | |
| 
 | |
|     .. note::
 | |
|         This example uses a self-signed certificate. In a production
 | |
|         deployment, the use of a using a certificate signed by a trusted
 | |
|         Certificate Authority is strongly recommended.
 | |
| 
 | |
| 
 | |
|     #.  Create a location to store the certificate.
 | |
| 
 | |
|         .. code-block:: none
 | |
| 
 | |
|             ~(keystone_admin)]$ cd /home/sysadmin
 | |
|             ~(keystone_admin)]$ mkdir -p /home/sysadmin/kube/dashboard/certs
 | |
| 
 | |
| 
 | |
|     #.  Create the certificate.
 | |
| 
 | |
|         .. code-block:: none
 | |
| 
 | |
|             ~(keystone_admin)]$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/sysadmin/kube/dashboard/certs/dashboard.key -out /home/sysadmin/kube/dashboard/certs/dashboard.crt -subj "/CN=<FQDN>"
 | |
| 
 | |
|         where:
 | |
|         **<FQDN>**
 | |
| 
 | |
|         The fully qualified domain name for the |prod| cluster's |OAM| floating IP.
 | |
| 
 | |
|     #.  Create a kubernetes secret for holding the certificate and private key.
 | |
| 
 | |
|         .. code-block:: none
 | |
| 
 | |
|             ~(keystone)admin)]$ kubectl -n kubernetes-dashboard create secret generic kubernetes-dashboard-certs --from-file=tls.crt=/home/sysadmin/kube/dashboard/certs/dashboard.crt --from-file=tls.key=/home/sysadmin/kube/dashboard/certs/dashboard.key
 | |
| 
 | |
| 
 | |
| 
 | |
| #.  Configure the kubernetes-dashboard manifest:
 | |
| 
 | |
| 
 | |
|     #.  Download the recommended.yaml file.
 | |
| 
 | |
|         .. code-block:: none
 | |
| 
 | |
|             ~(keystone_admin)]$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
 | |
| 
 | |
|     #.  Edit the file.
 | |
| 
 | |
|         Comment out the auto-generate-certificates argument and add the
 | |
|         tls-cert-file and tls-key-file arguments.
 | |
| 
 | |
|         The updates should look like:
 | |
| 
 | |
|         .. code-block:: none
 | |
| 
 | |
|             ...
 | |
|             args:
 | |
|                 # - --auto-generate-certificates
 | |
|                 - --namespace=kubernetes-dashboard
 | |
|                 - --tls-cert-file=/tls.crt
 | |
|                 - --tls-key-file=/tls.key
 | |
|             ...
 | |
| 
 | |
| 
 | |
| 
 | |
| #.  Apply the kubernetes dashboard recommended.yaml manifest.
 | |
| 
 | |
|     .. code-block:: none
 | |
| 
 | |
|         ~(keystone_admin)]$ kubectl apply -f recommended.yaml
 | |
| 
 | |
| #.  Patch the kubernetes dashboard service to type=NodePort and port=32000.
 | |
| 
 | |
|     .. code-block:: none
 | |
| 
 | |
|         ~(keystone_admin)]$ kubectl patch service kubernetes-dashboard -n kubernetes-dashboard -p '{"spec":{"type":"NodePort","ports":[{"port":443, "nodePort":32000}]}}'
 | |
| 
 | |
| #.  Test the Kubernetes Dashboard deployment.
 | |
| 
 | |
|     The Kubernetes Dashboard is listening at port 32000 on the machine
 | |
|     defined above for |prod| cluster's |OAM| floating IP.
 | |
| 
 | |
| 
 | |
|     #.  Access the dashboard at https://<fqdn>:32000
 | |
| 
 | |
|         Because the certificate created earlier in this procedure was not
 | |
|         signed by a trusted |CA|, you will need to acknowledge an insecure
 | |
|         connection from the browser.
 | |
| 
 | |
|     #.  Select the **Kubeconfig** option for signing in to the Kubernetes
 | |
|         Dashboard. Note that typically your kubeconfig file on a remote host is
 | |
|         located at $HOME/.kube/config . You may have to copy it to somewhere
 | |
|         more accessible.
 | |
| 
 | |
| 
 | |
|     You are presented with the Kubernetes Dashboard for the current context
 | |
|     \(cluster, user and credentials\) specified in the kubeconfig file.
 | |
| 
 | |
| 
 |