Docker for Mac Kubernetes Dashboard

Hi there,

Just a quick one Minikube comes with the Kubernetes dashboard baked into it, just wondering if D4MK also has this?

1 Like

no it does not have it baked in but the install is very easy
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

and then you can access to it
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
[modified] : I think you need to launch kubectl proxy before accessing the dashboard.

2 Likes

@sgandon the install is easy but the dashboard requires an auth token. How do we get that token for the docker-for-mac cluster?

http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

If I rember well you can skip the token authentication part. This is not required.

Authentication is required. Each URL I navigate to redirects me to auth:

http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

I will search on the VM to see if the token is available.

Hey guys,
For development purpose only on your Mac, you can use the following solution (using unsecured Kubernetes dashboard) :

kevin@mbp-de-kevin ~> kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml

Then, find the k8s dashboard pod name:

kevin@mbp-de-kevin ~> kubectl get pod --namespace=kube-system | grep dashboard
kubernetes-dashboard-57b79cdfb5-5bj6m        1/1       Running   0          19m

And add a local port forwarding:

kevin@mbp-de-kevin ~> kubectl port-forward kubernetes-dashboard-57b79cdfb5-5bj6m 9090:9090 --namespace=kube-system
Forwarding from 127.0.0.1:9090 -> 9090

Then, open your browser on http://127.0.0.1:9090 and the dashboard should work without any authentification!


Another solution, you can use a Kubernetes ingress controller in case you will have multiple services with frontend access.

So first, deploy a Kubernetes ingress controller (Traefik here):

kevin@mbp-de-kevin ~> kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-rbac.yaml
clusterrole "traefik-ingress-controller" created
clusterrolebinding "traefik-ingress-controller" created

Then:

kevin@mbp-de-kevin ~> kubectl apply -f https://raw.githubusercontent.com/containous/traefik/master/examples/k8s/traefik-deployment.yaml
serviceaccount "traefik-ingress-controller" created
deployment "traefik-ingress-controller" created
service "traefik-ingress-service" created

Once traefik is deployed, you can already access to the admin GUI, to retreive the port, run the following command:

kevin@mbp-de-kevin ~> kubectl describe svc -n kube-system traefik-ingress-service
Name:                     traefik-ingress-service
Namespace:                kube-system
Labels:                   <none>
Annotations:              kubectl.kubernetes.io/last-applied-configuration={"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"traefik-ingress-service","namespace":"kube-system"},"spec":{"ports":[{"name":"...
Selector:                 k8s-app=traefik-ingress-lb
Type:                     NodePort
IP:                       10.98.8.245
Port:                     web  80/TCP
TargetPort:               80/TCP
NodePort:                 web  32277/TCP
Endpoints:                10.1.0.10:80
Port:                     admin  8080/TCP
TargetPort:               8080/TCP
NodePort:                 admin  31000/TCP
Endpoints:                10.1.0.10:8080
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

You have to note two differents ports here:

  • The first one, the GUI admin port NodePort: admin 31000/TCP. Open your browser and reach http://localhost:31000 it’s empty for now, but keep your browser tab open for later.
  • The second one, the port for your services : NodePort: web 32277/TCP means you will access your services GUI through the port 32277

Now, we still use the unsecured version of the dashboard:

kevin@mbp-de-kevin ~> kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml

Finally, we need to create an entry in our ingress controller, so create the following file: dashboard.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  annotations:
   kubernetes.io/ingress.class: traefik
   traefik.frontend.rule.type: PathPrefixStrip
spec:
  rules:
  - host: localhost
    http:
      paths:
      - path: /dashboard
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 80

Then execute:

kevin@mbp-de-kevin ~> kubectl create -f dashboard.yaml
ingress "kubernetes-dashboard" created

Now, try to reach the following URL: http://localhost:32277/dashboard/ you should see the K8S dasboard (final / in mandatory due to a K8S issue)

If you go back to previous tab, you should see the entry in the Traefik admin UI.
With this solution, you can create multiple entries in your ingress controller to have url path routing!

Don’t hesitate to reply if you have any issue with it :slight_smile:

2 Likes

I had the same problem:

 kubectl describe secret kubernetes-dashboard --namespace=kube-system

Will give you the token to login.

4 Likes

This no longer works it seems:
https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

404 not found

The URL has been updated on the formal kubernetes dashboard github page.

Just confirmed this link works:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

I installed the dashboard using the Helm chart, which provides convenient configuration options for a local cluster like skipping login and whether or not the service account created for dashboard gets broad cluster admin privileges:

$ helm install stable/kubernetes-dashboard --name dashboard \
    --set=enableSkipLogin=true,rbac.clusterAdminRole=true

Disclaimer: these settings are obviously a bad idea for a non-local installation!

The installation outputs steps at the end for enabling a port forward just as @kevinpz showed above, and again as Kevin described an Ingress Controller can be set up for a more semi-permanent means of accessing the UI.

Installing Helm should be as simple as this if you don’t have it already, assuming you have Homebrew:

$ brew install kubernetes-helm
$ helm init --history-max 200

Now that Helm 3 is recommended, I used the following procedure and got Docker for Mac with k8s 1.14.8 to work with the Kubernetes Dashboard installed with helm 3.

Preqs: Docker for Mac, kubectl, helm 3 installed with kubernetes cluster running and kubectl context set.

I added the helm charts as a repo to my helm configuration with:
helm repo add stable https://kubernetes-charts.storage.googleapis.com/

Then I was able to install the k8s Dashboard with:
helm install dashboard stable/kubernetes-dashboard --set=enableSkipLogin=true,rbac.clusterAdminRole=true

Then I was able to access the dashboard by issuing the following commands:

export POD_NAME=$(kubectl get pods -n default -l "app=kubernetes-dashboard,release=dashboard" -o jsonpath="{.items[0].metadata.name}")

kubectl -n default port-forward $POD_NAME 8443:8443

Then open https://localhost:8443 with a browser and I was able to use the “Skip” authentication button.