Install Kubernetes Dashboard

https://github.com/kubernetes/dashboard/releases

apply dashboard (now v.2.4.0)

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml
...

namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
Warning: spec.template.spec.nodeSelector[beta.kubernetes.io/os]: deprecated since v1.14; use "kubernetes.io/os" instead
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
Warning: spec.template.metadata.annotations[seccomp.security.alpha.kubernetes.io/pod]: deprecated since v1.19, non-functional in v1.25+; use the "seccompProfile" field instead
deployment.apps/dashboard-metrics-scraper created

create user for access dashboard

# dashboard.yml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

$ kubectl apply -f ./dashboard.yml
...
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

check token user for login dashboard

$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernet es-dashboard get secret | grep admin-user | awk '{print $1}')

...
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernet es-dashboard get secret | grep admin-user | awk '{print $1}')
Error: flags cannot be placed before plugin name: -n
Name:         admin-user-token-t55m7
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: 01c107a7-7fa9-48ba-8b1a-998b3340f6ed

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1099 bytes
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IkdBT2ZmWE0zSVJGTGY2bkUwRTFnamZQZmQxTnU0cHliWU5hLTBSZF9CVmcifQ....

expose dashboard service

$ kubectl proxy 
...
Starting to serve on 127.0.0.1:8001

localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

Access Dashboard from External Network

edit Kubernetes Dashboard Service

$ kubectl -n kubernetes-dashboard get service kubernetes-dashboard
...
NAME                   TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
kubernetes-dashboard   ClusterIP   10.96.231.26   <none>        443/TCP   12m

kubernetes-dashboard is type: ClusterIP

$ kubectl -n kubernetes-dashboard edit service kubernetes-dashboard

...
apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
  creationTimestamp: "2022-01-09T03:46:26Z"
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  resourceVersion: "1705"
  uid: fe0448ca-b52f-422a-81eb-30f6d75c31b6
spec:
  clusterIP: 10.96.231.26
  clusterIPs:
  - 10.96.231.26
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

change type: ClusterIP to type: NodePort

apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
  creationTimestamp: "2022-01-09T03:46:26Z"
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  resourceVersion: "1705"
  uid: fe0448ca-b52f-422a-81eb-30f6d75c31b6
spec:
  clusterIP: 10.96.231.26
  clusterIPs:
  - 10.96.231.26
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

Check Dashboard Service

$ kubectl -n kubernetes-dashboard get service kubernetes-dashboard
...
NAME                   TYPE       CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   10.96.231.26   <none>        443:30068/TCP   11m

url : MASTER_NODE_IP:30068

Install Kubernetes Dashboard

Access Dashboard from External Network

อื่นๆ