Docker Community Forums

Share and learn in the Docker community.

Docker for Mac Kubernetes Dashboard


(Brendanthompson) #1

Hi there,

Just a quick one Minikube comes with the Kubernetes dashboard baked into it, just wondering if D4MK also has this?


(Sgandon) #2

no it does not have it baked in but the install is very easy
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

and then you can access to it
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
[modified] : I think you need to launch kubectl proxy before accessing the dashboard.


(Bajohns) #3

@sgandon the install is easy but the dashboard requires an auth token. How do we get that token for the docker-for-mac cluster?

http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login


(Sgandon) #4

If I rember well you can skip the token authentication part. This is not required.


(Bajohns) #5

Authentication is required. Each URL I navigate to redirects me to auth:

http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

I will search on the VM to see if the token is available.


(Kevin Printz) #6

Hey guys,
For development purpose only on your Mac, you can use the following solution (using unsecured Kubernetes dashboard) :

kevin@mbp-de-kevin ~> kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml

Then, find the k8s dashboard pod name:

kevin@mbp-de-kevin ~> kubectl get pod --namespace=kube-system | grep dashboard
kubernetes-dashboard-57b79cdfb5-5bj6m        1/1       Running   0          19m

And add a local port forwarding:

kevin@mbp-de-kevin ~> kubectl port-forward kubernetes-dashboard-57b79cdfb5-5bj6m 9090:9090 --namespace=kube-system
Forwarding from 127.0.0.1:9090 -> 9090

Then, open your browser on http://127.0.0.1:9090 and the dashboard should work without any authentification!


Another solution, you can use a Kubernetes ingress controller in case you will have multiple services with frontend access.

So first, deploy a Kubernetes ingress controller (Traefik here):

kevin@mbp-de-kevin ~> kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml
clusterrole "traefik-ingress-controller" created
clusterrolebinding "traefik-ingress-controller" created

Then:

kevin@mbp-de-kevin ~> kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-deployment.yaml
serviceaccount "traefik-ingress-controller" created
deployment "traefik-ingress-controller" created
service "traefik-ingress-service" created

Once traefik is deployed, you can already access to the admin GUI, to retreive the port, run the following command:

kevin@mbp-de-kevin ~> kubectl describe svc -n kube-system traefik-ingress-service
Name:                     traefik-ingress-service
Namespace:                kube-system
Labels:                   <none>
Annotations:              kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"traefik-ingress-service","namespace":"kube-system"},"spec":{"ports":[{"name":"...
Selector:                 k8s-app=traefik-ingress-lb
Type:                     NodePort
IP:                       10.98.8.245
Port:                     web  80/TCP
TargetPort:               80/TCP
NodePort:                 web  32277/TCP
Endpoints:                10.1.0.10:80
Port:                     admin  8080/TCP
TargetPort:               8080/TCP
NodePort:                 admin  31000/TCP
Endpoints:                10.1.0.10:8080
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

You have to note two differents ports here:

  • The first one, the GUI admin port NodePort: admin 31000/TCP. Open your browser and reach http://localhost:31000 it’s empty for now, but keep your browser tab open for later.
  • The second one, the port for your services : NodePort: web 32277/TCP means you will access your services GUI through the port 32277

Now, we still use the unsecured version of the dashboard:

kevin@mbp-de-kevin ~> kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml

Finally, we need to create an entry in our ingress controller, so create the following file: dashboard.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  annotations:
   kubernetes.io/ingress.class: traefik
   traefik.frontend.rule.type: PathPrefixStrip
spec:
  rules:
  - host: localhost
    http:
      paths:
      - path: /dashboard
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 80

Then execute:

kevin@mbp-de-kevin ~> kubectl create -f dashboard.yaml
ingress "kubernetes-dashboard" created

Now, try to reach the following URL: http://localhost:32277/dashboard/ you should see the K8S dasboard (final / in mandatory due to a K8S issue)

If you go back to previous tab, you should see the entry in the Traefik admin UI.
With this solution, you can create multiple entries in your ingress controller to have url path routing!

Don’t hesitate to reply if you have any issue with it :slight_smile:


(B.) #7

I had the same problem:

 kubectl describe secret kubernetes-dashboard --namespace=kube-system

Will give you the token to login.