Versions Compared

Old Version 3

changes.mady.by.user Francesco Sinisi

Saved on

compared with

New Version 4

changes.mady.by.user Francesco Sinisi

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
titleGet the service
$ kubectl -n kubernetes-dashboard get services
NAME                        TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)         AGE
dashboard-metrics-scraper   ClusterIP   10.106.152.1   <none>        8000/TCP        3d
kubernetes-dashboard        NodePort    10.107101.6535.5423   <none>        443:30000/TCP   27h3d

Note the value of the TYPE field, now equal to NodePort, and the port 30000.

Account and token

By connecting to the browser at https://<master_FIP>:<port>, in our case https://131.154.97.163:30000 (note the adoption of the protocol for secure communication with https), we could access the dashboard. There is no need to activate the VPN. The credentials entry screen will appear. As you can see, there are two ways of accessing: via token or via a configuration file. Here we deal with the first mode. However, it is advisable to try the connection to the dashboard, to make sure that the procedure carried out so far is correct.

Let's find out now how to create a new user using the Kubernetes service account mechanism, which grants the created user the administrator permissions and access to the Dashboard, using the associated bearer token. We create the dashboard-adminuser.yaml file, which we will then launch with the command

Code Block
languagebash
titleAccount
$ kubectl apply -f dashboard-adminuser.yaml

The contents of the file are as follows

No Format
apiVersion: v1
kind: ServiceAccount
  metadata: 
     name: admin-user
   namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
  metadata:
   name: admin-user
  roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
   name: cluster-admin
subjects:
   - kind: ServiceAccount
     name: admin-user
   namespace: kubernetes-dashboard

Finally, we obtain the token (present in the last line), which will be pasted on the Dashboard login screen, by launching the command

Code Block
languagebash
titleToken
$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Name:         admin-user-token-g7c2g
Namespace:    kubernetes-dashboard
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: admin-user
              kubernetes.io/service-account.uid: d485be64-eb17-40fc-b11e-6c35112d107aType:  kubernetes.io/service-account-tokenData
====
ca.crt:     1025 bytes
namespace:  20 bytes
token:     	<token>

Once pasted the token you enter the dashbord. The token is static, so it is recommended to save it somewhere, avoiding recovering it in the future. Below is an example screenshot of the interface. You will notice some familiarity with that of Minikube.

Kubernetes DashboardImage Added