Kubernetes Dashboard

1. # install
2. kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
3.  
4. # jalankan perintah berikut, pastikan pod running
5. kubectl get pods -A
6.  
7. # Creating Admin user
8. mkdir ~/dashboard && cd ~/dashboard
9. nano dashboard-admin.yaml
10.  
11. # isi yaml
12. apiVersion: v1
13. kind: ServiceAccount
14. metadata:
15.   name: admin-user
16.   namespace: kubernetes-dashboard
17. ---
18. apiVersion: rbac.authorization.k8s.io/v1
19. kind: ClusterRoleBinding
20. metadata:
21.   name: admin-user
22. roleRef:
23.   apiGroup: rbac.authorization.k8s.io
24.   kind: ClusterRole
25.   name: cluster-admin
26. subjects:
27. - kind: ServiceAccount
28.   name: admin-user
29.   namespace: kubernetes-dashboard
30.  
31. # lanjut ketik
32. kubectl apply -f dashboard-admin.yaml
33.  
34. # Get the admin token using the command below.
35. kubectl get secret -n kubernetes-dashboard $(kubectl get serviceaccount admin-user -n kubernetes-dashboard -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode
36.  
37. # jalankan perintah berikut jika menggunakan proxy
38. kubectl proxy
39.  
40. # akses di browser
41. http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
42.  
43. # jika mau dijadikan nodeport agar bisa diakses dari luar, buat file yaml service
44. kind: Service
45. apiVersion: v1
46. metadata:
47.   labels:
48.     k8s-app: kubernetes-dashboard
49.   name: kubernetes-dashboard
50.   namespace: kubernetes-dashboard
51. spec:
52.   ports:
53.     - port: 443
54.       targetPort: 8443
55.       nodePort: 30069
56.   selector:
57.     k8s-app: kubernetes-dashboard
58.   type: NodePort
59.  
60. # kemudian apply
61. kubectl apply -f nodeportdashboard.yaml
62.  
63. # membuat token user read only
64. nano dashboard-read-only.yaml
65.  
66. # isi yaml
67. apiVersion: v1
68. kind: ServiceAccount
69. metadata:
70.   name: read-only-user
71.   namespace: kubernetes-dashboard
72. ---
73. apiVersion: rbac.authorization.k8s.io/v1
74. kind: ClusterRole
75. metadata:
76.   annotations:
77.     rbac.authorization.kubernetes.io/autoupdate: "true"
78.   labels:
79.   name: read-only-clusterrole
80.   namespace: default
81. rules:
82. - apiGroups:
83.   - ""
84.   resources: ["*"]
85.   verbs:
86.   - get
87.   - list
88.   - watch
89. - apiGroups:
90.   - extensions
91.   resources: ["*"]
92.   verbs:
93.   - get
94.   - list
95.   - watch
96. - apiGroups:
97.   - apps
98.   resources: ["*"]
99.   verbs:
100.   - get
101.   - list
102.   - watch
103. ---
104. apiVersion: rbac.authorization.k8s.io/v1
105. kind: ClusterRoleBinding
106. metadata:
107.   name: read-only-binding
108. roleRef:
109.   kind: ClusterRole
110.   name: read-only-clusterrole
111.   apiGroup: rbac.authorization.k8s.io
112. subjects:
113. - kind: ServiceAccount
114.   name: read-only-user
115.   namespace: kubernetes-dashboard  
116.  
117. # kemudian apply
118. kubectl apply -f dashboard-read-only.yaml
119.  
120. # get token read only
121. kubectl get secret -n kubernetes-dashboard $(kubectl get serviceaccount read-only-user -n kubernetes-dashboard -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode
122.  
123. # agar dashboard bisa diakses dari pc lain, tidak dari localhost saja, forward dengan tambahan --address 0.0.0.0
124. kubectl -n kubernetes-dashboard port-forward --address 0.0.0.0 $POD_NAME 8443:8443 &
125.  
126.  
127.  
128.