Page History

...

## metallb
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.15.2/config/manifests/metallb-native.yaml
kubectl apply -f metallb_config.yaml

2 Install  local_path storage class

1. 🛠️ Apply the official manifests

Use this command to install the default local-path-provisioner:

kubectl apply -f https://raw.githubusercontent.com/rancher/local-path-provisioner/master/deploy/local-path-storage.yaml

This deploys:

• A StorageClass named local-path

• A local-path-provisioner DaemonSet

• The necessary RBAC and helper scripts

...

2. ☑️ Set it as the default (optional)

To make local-path the default StorageClass (so you don’t need to specify it in every PVC):

 kubectl patch storageclass local-path -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'

You can verify it with:

 kubectl get storageclass

Look for (default) in the local-path row.

 3 Install cert-manager

Install cert-manager using the official manifests:

kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.15.0/cert-manager.yaml

 📄 Create a ClusterIssuer for Let's Encrypt

Create a file named cluster-issuer.yaml:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: letsencrypt-prod
spec:
  acme:
    email: andrea.michelotti@infn.it  # 📧 Required
    server: https://acme-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
      name: letsencrypt-prod-key
    solvers:
    - http01:
        ingress:
          class: "nginx"

Install the Kubernetes Dashboard

Apply the official dashboard manifest:

 kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

This will install the dashboard into the kubernetes-dashboard namespace.

...

1. 🌍 Expose the Dashboard with an Ingress

Option  for NGINX 

Create a file dashboard-ingress.yaml:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  annotations:
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    nginxcert-manager.io/cluster-issuer: letsencrypt-prod
    #nginx.ingress.kubernetes.io/ssl-redirect: "true"
    nginx.ingress.kubernetes.io/rewrite-target: /
    # Traefik examples:
    # traefik.ingress.kubernetes.io/router.entrypoints: websecure
    # traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  rules:
  - host: dashboard.da  # 🔁 Change to your domain
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443
  tls:
  - hosts:
    - dashboard.example.comda
    secretName: dashboard-tls  # Must match a created TLS secretcert

Apply it:

 kubectl apply -f dashboard-ingress.yaml

🧠 You must configure a DNS entry or /etc/hosts pointing dashboard.da to your ingress controller IP.

...

2. 🔐 Create a ServiceAccount + ClusterRoleBinding

Create an admin user:

# dashboard-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

Apply it:

...

 kubectl apply -f 

...

dashboard-admin.yaml

...

3. 🔑 Get the Login Token

...

Code Block
language shell title Shell Command
kubectl -n kubernetes-dashboard create token admin-user

Copy the token and use it to log in at https://dashboard.

...

da

54 🔒 Create a TLS Secret

If you're not using a wildcard or auto TLS (e.g. via cert-manager), you can create your own TLS secret:

kubectl -n kubernetes-dashboard create secret tls dashboard-tls \ --cert=/path/to/cert.crt \ --key=/path/to/cert.key

Install  ARGOCD

prepare argocd_ingress.yaml

...