.. uxg1581955143110 .. _install-the-kubernetes-dashboard: ================================ Install the Kubernetes Dashboard ================================ You can optionally use the Kubernetes Dashboard web interface to perform cluster management tasks. .. rubric:: |context| Kubernetes Dashboard allows you to perform common cluster management tasks such as deployment, resource allocation, real-time and historic status review, and troubleshooting. .. rubric:: |prereq| You must have **cluster-admin** |RBAC| privileges to install Kubernetes Dashboard. .. rubric:: |proc| .. _install-the-kubernetes-dashboard-steps-azn-yyd-tkb: #. Create a namespace for the Kubernetes Dashboard. .. code-block:: none ~(keystone_admin)]$ kubectl create namespace kubernetes-dashboard #. Create a certificate for use by the Kubernetes Dashboard. .. note:: This example uses a self-signed certificate. In a production deployment, the use of a using a certificate signed by a trusted Certificate Authority is strongly recommended. #. Create a location to store the certificate. .. code-block:: none ~(keystone_admin)]$ cd /home/sysadmin ~(keystone_admin)]$ mkdir -p /home/sysadmin/kube/dashboard/certs #. Create the certificate. .. code-block:: none ~(keystone_admin)]$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/sysadmin/kube/dashboard/certs/dashboard.key -out /home/sysadmin/kube/dashboard/certs/dashboard.crt -subj "/CN=" where: **** The fully qualified domain name for the |prod| cluster's |OAM| floating IP. #. Create a kubernetes secret for holding the certificate and private key. .. code-block:: none ~(keystone)admin)]$ kubectl -n kubernetes-dashboard create secret generic kubernetes-dashboard-certs --from-file=tls.crt=/home/sysadmin/kube/dashboard/certs/dashboard.crt --from-file=tls.key=/home/sysadmin/kube/dashboard/certs/dashboard.key #. Configure the kubernetes-dashboard manifest: #. Download the recommended.yaml file. .. code-block:: none ~(keystone_admin)]$ wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml #. Edit the file. Comment out the auto-generate-certificates argument and add the tls-cert-file and tls-key-file arguments. The updates should look like: .. code-block:: none ... args: # - --auto-generate-certificates - --namespace=kubernetes-dashboard - --tls-cert-file=/tls.crt - --tls-key-file=/tls.key ... #. Apply the kubernetes dashboard recommended.yaml manifest. .. code-block:: none ~(keystone_admin)]$ kubectl apply -f recommended.yaml #. Patch the kubernetes dashboard service to type=NodePort and port=32000. .. code-block:: none ~(keystone_admin)]$ kubectl patch service kubernetes-dashboard -n kubernetes-dashboard -p '{"spec":{"type":"NodePort","ports":[{"port":443, "nodePort":32000}]}}' #. Test the Kubernetes Dashboard deployment. The Kubernetes Dashboard is listening at port 32000 on the machine defined above for |prod| cluster's |OAM| floating IP. #. Access the dashboard at `https://:32000` Because the certificate created earlier in this procedure was not signed by a trusted |CA|, you will need to acknowledge an insecure connection from the browser. #. Select the **Kubeconfig** option for signing in to the Kubernetes Dashboard. Note that typically your kubeconfig file on a remote host is located at $HOME/.kube/config . You may have to copy it to somewhere more accessible. You are presented with the Kubernetes Dashboard for the current context (cluster, user and credentials) specified in the kubeconfig file.