Skip to content

Revise Kubernetes dashboard access instructions #122

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
coenarrow wants to merge 1 commit into
base: master
Choose a base branch
from
+34 −15
Open

Revise Kubernetes dashboard access instructions #122

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
49 changes: 34 additions & 15 deletions _kubernetes/03-administer-cluster.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -63,32 +63,51 @@ includes credentials to authenticate us to Kubernetes.

## Using the web interface

Magnum also sets up the Kubernetes [Web
UI](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/)
by default. Follow these steps to access it.
Magnum used to ship its own [Web UI Dashboard](https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/), with Magnum installing it by default. This is now deprecated and no-longer maintained, but `headlamp` is now the recommended default for this.

1. Create a clusterrolebinding for the `kubernetes-dashboard` service account
`Headlamp` gives you a browser-based view of your cluster's pods, deployments, services, logs and more. It's useful when you'd rather click around than memorise `kubectl` commands.

Follow these steps to access it.

1. Install Headlamp into your cluster. The Headlamp project provides a ready-to-use manifest.

```
kubectl apply -f https://raw.githubusercontent.com/kubernetes-sigs/headlamp/main/kubernetes-headlamp.yaml
```

2. Deploy it and wait for it to rollout.

```
kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard
kubectl rollout status deployment/headlamp -n kube-system --timeout=120s
```

1. Get the dashboard token. Run the following code, and copy the resulting
output to your clipboard
3. Create a service account that Headlamp will use to authenticate you.

```
kubectl create token kubernetes-dashboard -n kubernetes-dashboard
kubectl -n kube-system create serviceaccount headlamp-admin
```

4. Give it cluster-admin rights. (For a real production cluster you'd want to scope this down — see the [Headlamp RBAC docs](https://headlamp.dev/docs/latest/installation/) — but cluster-admin is fine for this tutorial.)

```
kubectl create clusterrolebinding headlamp-admin \
--clusterrole=cluster-admin \
--serviceaccount=kube-system:headlamp-admin
```

1. Use kubectl to create a web proxy
5. Get the dashboard token. Run the following code, and copy the resulting output to your clipboard

```
kubectl proxy
Starting to serve on 127.0.0.1:8001
kubectl create token headlamp-admin -n kube-system
```

1. Using a browser, visit the dashboard URL. The URL is
[http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:443/proxy/](http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:443/proxy/)
6. Forward the Headlamp service to the local machine.

```
kubectl port-forward -n kube-system service/headlamp 8080:80
Forwarding from 127.0.0.1:8080 -> 4466
Forwarding from [::1]:8080 -> 4466
```

1. Select the `token` option, and paste the token you copied into the field
provided. Click login and you should be taken to an overview of your cluster.
7. Using a browser, visit the dashboard URL, and login using the token from step 5. The URL is
[http://localhost:8080](http://localhost:8080)