Kubernetes Dashboard with multi-node Kubernetes on a laptop.

The Kubernetes web based dashboard can make it easy to see the health and activity in your Kubernetes container environment. I'l show you how to run the Kubernetes monitoring dashboard on a local multi-node cluster using this guide. All this work was done on a local machine and not in a cloud environment.

The Kubernetes container orchestration environment is primarily command line and API based. They do have a graphical dashboard that can be used to surf through your Kubernetes cluster, the deployments and other information.  The dashboard is not difficult to install but it does have a few hidden corners.  

Topology

We're going to run a 3 worker node Kubernetes cluster.  We'll deploy 6 replicant copies of Nginx into the cluster along with the dashboard components.  Note that the dashboard installs agents into each of the nodes.

Video


Install Docker, Kubernetes, and Kind. Then deploy containers

You must have Docker and Kubernetes installed. You get more interesting information if you have at least one application deployed. This walk-through creates a Multi-node Kubernetes cluster on a single machine with Docker-in-Docker. You can do all of this with fewer steps using Docker Desktop and its Kubernetes integration.  That would give you a single-node Kubernetes cluster.

Install Docker
Windows users should run Docker Desktop with WSL2 integration enabled.
Install Kubernetes https://joe.blog.freemansoft.com/2020/07/multi-node-kubernetes-with-kind-and.html
Install Kind and run a 3-worker node cluster 
https://joe.blog.freemansoft.com/2020/07/multi-node-kubernetes-with-kind-and.html
$ kind create cluster --name dev --config ./3workers.yaml
$ kubectl get nodes
Run a 6-node nginx-deploymenthttps://joe.blog.freemansoft.com/2020/07/deploying-and-exposing-stateless-app.html
$ kubectl apply -f nginx-6-node-deployment.yaml
Verify
$ kubectl get deployments --namespace nginx-dev

  

    
Install and Run the Kubernetes Dashboard

    

      We're going to install the dashboard and enable it with the default
      service account. This section is lifted with minor changes from https://www.replex.io/blog/how-to-install-access-and-add-heapster-metrics-to-the-kubernetes-dashboard
    

    


    

      By default, the default Kubernetes Service Account does not
      have dashboard permissions.  You can add add roles to to the default service role or create a
      new account and attach the permissions to it.  This example creates a
      new account that is grated the necessary permissions.

    


      
        

        

          Install the dashboard
        

        

          
          Download and install
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.3/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

        

        

          
            Create an account with dashboard permissions and find the service
            account token
          
        

        

          
          Find the list of service accounts
$ kubectl get serviceaccounts
NAME      SECRETS   AGE
default   1         3m37s

            

          		
        

        

          
          Create a service account called dashboard-admin-sa 
$ kubectl create serviceaccount dashboard-admin-sa
serviceaccount/dashboard-admin-sa created

        

        

          
          Find the list of service accounts
$ kubectl get serviceaccounts
NAME                 SECRETS   AGE
dashboard-admin-sa   1         9s
default              1         4m3s

            

          		
        

        

          
          Bind the new service account the dashboard admin role
$ kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin \
--serviceaccount=default:dashboard-admin-sa
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin-sa created

        

        

          
          Find the secret name for the default service account role
~$ kubectl get serviceaccounts dashboard-admin-sa -o yaml
apiVersionv1
kindServiceAccount
metadata:
  creationTimestamp"2020-07-28T01:23:27Z"
  namedashboard-admin-sa
  namespacedefault
  resourceVersion"1439"
  selfLink/api/v1/namespaces/default/serviceaccounts/dashboard-admin-sa
  uid8dbabf40-eb70-43fc-8d3a-b42680690dad
secrets:
namedashboard-admin-sa-token-6fqwt

              

            

          		
        

        

          
          
$ kubectl describe secret dashboard-admin-sa-token-6fqwt
Name:         dashboard-admin-sa-token-6fqwt
Namespace:    default
Labels:       <none>
Annotations:  kubernetes.io/service-account.namedashboard-admin-sa
              kubernetes.io/service-account.uid8dbabf40-eb70-43fc-8d3a-b42680690dad

Type:  kubernetes.io/service-account-token

Data
====
token:      <a long string>
ca.crt:     1025 bytes
namespace:  7 bytes


          		
        

        

          
          Save the token

            Copy the value in the token: field value into the dashboard
            in the next section
          		
        

        

          
          
        

        

          Connect to the dashboard
        

        

          
          Expose API server / dashboard to host
$ kubectl proxy
Starting to serve on 127.0.0.1:8001

        

        

          
          Hit the endpoint. The URL has changed over time.  It is
            currently
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login


        

          Authenticate to the dashboard 

            Select Token based authentication.
Paste the token
            from the previous into the Kubernetes Dashboard token entry
            field.
          

        

      
    

    

    
Destroy cluster

    You can destroy the Kubernetes Cluster and all of the deployed applications and infrastructure with a single command.

    

      
$ kind delete cluster --name dev
Deleting cluster "dev" ...

    

    
kubectl command cheat sheet
  • kubectl version
  • kubectl get nodes
  • kubectl config get-contexts
  • kubectl get all --all-namespaces
  • kubectl get po --all-namespaces
  • kubectl config use-context docker-desktop
  • kubectl config use-context <context>
  • kubectl get serviceaccounts
  • kubectl get serviceaccounts dashboard-admin-sa -o yaml
  • kubectl create serviceaccount
  • kubectl create clusterrolebinding dashboard-admin-sa --clusterrole=cluster-admin --serviceaccount=default:dashboard-admin-sa
  • kubectl describe secret dashboard-admin-sa-token-t8xfs
  • kubectl proxy
References used in creating this

    
    
  
    

    

    KinD 
    


    
  

    

    

    

    

    

    

    

    








    

    

    

    


    

    

    

    


    Comments
    

    

    

    

    


    Post a Comment
    





    

    

    

    

    




    

    

    

    

    

    
Popular posts from this blog

    

    

    

    

    Installing the RNDIS driver on Windows 11 to use USB Raspberry Pi as network attached
    

    

    







    

    

    

    

Image


    

    

    
I do a lot of my development and configuration via ssh into my Raspberry Pi Zero over the RNDIS connection. Some models of the Raspberry PIs can be configured with  gadget drivers  that let the Raspberry pi emulate different devices when plugged into computers via USB. My favorite gadget  is the network profile that makes a Raspberry Pi look like an RNDIS-attached network device.  All types of network services travel over an RNDIS device without knowing it is a USB hardware connection. A Raspberry Pi shows up as a Remote NDIS (RNDIS) device when you plug the Pi into a PC or Mac via a USB cable. The gadget  in the Windows Device Manager picture shows this RNDIS Gadget connectivity between a Windows machine and a Raspberry Pi. The Problem Windows 11 and Windows 10 no longer auto-installs the RNDIS driver that makes magic happen. Windows recognizes that the Raspberry Pi is some type of generic USB COM device. Manually running W indows Update  or  Upd...

    


    

    

Read more


    

    

    

    

    Understanding your WSL2  RAM and swap - Changing the default 50%-25%
    

    

    







    

    

    

    

Image


    

    

    
The Windows Subsystem for Linux operates as a virtual machine that can dynamically grow the amount of RAM to a maximum set at startup time.  Microsoft sets a default maximum RAM available to 50% of the physical memory and a swap-space that is 1/4 of the maximum WSL RAM.  You can scale those numbers up  or down  to allocate more or less RAM to the Linux instance. The first drawing shows the default WSL memory and swap space sizing. The images below show a developer machine that is running a dev environment in WSL2 and Docker Desktop.  Docker Desktop has two of its own WSL modules that need to be accounted for.  You can see that the memory would actually be oversubscribed, 3 x 50% if every VM used its maximum memory.  The actual amount of memory used is significantly smaller allowing every piece to fit.                                                  Click to Enlarge           The second drawing shows the memory allocation on my 64GB laptop. WSL Linux defaul...

    


    

    

Read more


    

    

    

    

    Almost PaaS Document Parsing with Tika and AWS Elastic Beanstalk
    

    

    







    

    

    

    

Image


    

    

    
The Apache Tika project  provides a  library capable of parsing and extracting data and meta data from over 1000 file types.  Tika is available as a single jar file that can be included inside applications or as a deployable jar file that runs Tika as a standalone service.   This blog describes deploying the Tika jar as an auto-scale service in Amazon AWS Elastic Beanstalk.  I selected Elastic Beanstalk because it supports jar based deployments without any real Infrastructure configuration. Elastic Beanstalk auto-scale should take care of scaling up and down for for the number of requests you get.     Tika parses documents and extracts their text completely in memory. Tika was deployed for this blog using EC2 t2.micro instances available in the AWS free tier. t2.micro VMs are 1GB which means that you are restricted in document complexity and size. You would size your instances appropriately for your largest documents.     Preconditions    An AWS account.  AWS ac...

    


    

    

Read more