Deploy and Access the Kubernetes Dashboard on MicroShift

Recently, as working for my project, I have chance to play with Red Hat MicroShift.

MicroShift, a Kubernetes distribution derived from OpenShift Container Platform, has the simplicity of single-node deployment with the functions and services you need for computing in resource-constrained locations.

https://access.redhat.com/documentation/en-us/red_hat_build_of_microshift/4.15/html-single/getting_started/index#microshift-understanding

By default, MicroShift does not have Kubernetes Dashboard installed. I am using this blog to share steps to deploy Kubernetes Dashboard on MicroShift cluster, so end user can access, monitor, and manage cluster remotely.

Before running following steps, assume MicroShift cluster is installed, so is helm.

1. Deploy Kubernetes Dashboard

Add kubernetes dashboard repository

Run following helm command to add kubernetes dashboard helm repo:

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/

Deploy kubernetes dashboard helm chart

helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --namespace default

Note: Due to enfirced security of MicroShift, by default, kubernetes dashboard only work with MicroShift “default” namespace.

2. Deploy Kubernetes dashboard proxy

Create a kube-dashboard-svc.yaml file with following content to define an dashboard service proxy:

apiVersion: v1
kind: Service
metadata:
  name: kube-dashboard-lb
  namespace: default
spec:
  type: LoadBalancer
  ports:
    - port: 443
      protocol: TCP
      targetPort: 8443
      nodePort: 30443
  selector:
    app.kubernetes.io/instance: "kubernetes-dashboard"
    app.kubernetes.io/name: "kong"

Run kubectl command to create this proxy:

kubectl apply -f kube-dashboard-svc.yaml

3. Create admin-user to access dashboard

Create a admin-user.yaml file with following content to define an admin-user ServiceAccount, ClusterRoleBinding and Secret:

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: default
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: default
---
apiVersion: v1
kind: Secret
metadata:
  name: admin-user
  namespace: default
  annotations:
    kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token

Run following command to create admin-user:

kubectl apply -f admin-user.yaml

And generate token for admin-user by running following command. Save the token.

kubectl get secret admin-user -n default -o jsonpath={".data.token"} | base64 -d

4. Access dashboard

Access dashboard need the cluster external-ip and admin-user token.

You can find the cluster external ip and the kubernetes dashboard proxy bind port by running following kubectl command and looking for service kube-dashboard-lb.

kubectl get service -n default

Login URL is: https://(external-ip):30443/#/login,

Following is an example of “kubectl get service” result and dashboard login:

# kubectl get service -n default
NAME                                   TYPE           CLUSTER-IP      EXTERNAL-IP   PORT(S)                         AGE
kube-dashboard-lb                      LoadBalancer   10.43.57.2      9.46.74.199   443:30443/TCP                   4d12h