Install Dashboard on Kubernetes 1.17

1. install dashboard (kubernetes v1.17)

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

 

2. generate admin user and apply role-binding (REMEMBER the token)

$ vi dashboard-adminuser.yaml
--- 
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

$ kubectl apply -f dashboard-adminuser.yaml
$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-wfd9f
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: e9e826a7-a24d-4517-a729-6a4533790a06

Type:  kubernetes.io/service-account-token

Data
====
namespace:  20 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IkZjUHlEaG9xWGZhX19tX2dvc2N5YzRtUXJDaUZvYlRCSC0zSmZCQjFHUmsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXdmZDlmIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJlOWU4MjZhNy1hMjRkLTQ1MTctYTcyOS02YTQ1MzM3OTBhMDYiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.S7lJraqj79ZA25D0q7l1JhQG3sBSPNS0_6helkN7lhx0INuRz-KECJn78fhUYyfTZfZwFTl6LlkWnRF-VHO0fjQ4ik1BQyoRFmymT2fzTnKp03vlS3B6A9EcMPuvFPBNUCXTjrwoFBLRTIm_i5wHQ4F38g-IqdI0g4gvo5isfi3jkr-L-2FvYLEmLYbmvp8unNgNGhzgwQZKeMpe4mtoItGAgdwMg-_Mm70xzkTGD-Qw1_BaHvFeQJzBIU_Foa1-_ddCdbB7VU18636lUZS0-xLo25MjOpts8rb8DnxRTGGw5geYhKv3UL2XvE-zptRp8IzKZCXGvYYHl56SZr-OgA
ca.crt:     1025 bytes

 

3. generate key

$ grep 'client-certificate-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.crt
$ grep 'client-key-data' ~/.kube/config | head -n 1 | awk '{print $2}' | base64 -d >> kubecfg.key
$ openssl pkcs12 -export -clcerts -inkey kubecfg.key -in kubecfg.crt -out ~/kubecfg.p12 -name "kubernetes-admin" 
(password)

 

4. copy 2 file to your browser host (in my case, ubuntu -> macOS)

1) /etc/kubernetes/pki/ca.crt
2) kubecfg.p12

$ scp -P 2022 nssadmin@10.0.100.61:/etc/kubernetes/pki/ca.crt .
$ scp -P 2022 nssadmin@10.0.100.61:/home/nssadmin/kubecfg.p12 .
$ security add-trusted-cert \
  -r trustRoot \
  -k "$HOME/Library/Keychains/login.keychain" \
  ~/ca.crt
$ security import \
  ~/kubecfg.p12 \
  -k "$HOME/Library/Keychains/login.keychain" \
  -P [PASSWD]

 

5. connect the browser and then select token to login

https://[master IP addr]:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy

Leave a Reply

Your email address will not be published. Required fields are marked *