Over a million developers have joined DZone.
{{announcement.body}}
{{announcement.title}}

Deploying Kubernetes Dashboard to a kubeadm-Created Cluster

DZone's Guide to

Deploying Kubernetes Dashboard to a kubeadm-Created Cluster

Trying to get Kubernetes Dashboard up and running on a kubeadm cluster? Tricky, right? Well, here are the steps to get it working.

· Cloud Zone ·
Free Resource

Learn how to migrate and modernize stateless applications and run them in a Kubernetes cluster.

When deploying a Kubernetes dashboard, per installations steps here, we start with:

kubectl --kubeconfig ./admin.conf apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml


To start the local proxy:

./kubectl --kubeconfig ./admin.conf proxy


But accessing via http://localhost:8001/ui, gives this error:

{
    "kind": "Status",
    "apiVersion": "v1",
    "metadata": {

    },
    "status": "Failure",
    "message": "no endpoints available for service \"kubernetes-dashboard\"",
    "reason": "ServiceUnavailable",
    "code": 503
}


So, let's check what it's currently running with:

./kubectl --kubeconfig ./admin.conf get pods --all-namespaces


Looks like the dashboard app is not happy:

kube-system kubernetes-dashboard-747c4f7cf-p8blw


Checking the logs for the dashboard:

./kubectl --kubeconfig ./admin.conf logs kubernetes-dashboard-747c4f7cf-p8blw --namespace=kube-system
2017/10/19 03:35:51 Error while initializing connection to Kubernetes apiserver.
This most likely means that the cluster is misconfigured (e.g., it has invalid apiserver certificates or service accounts configuration) 
or the -apiserver-host param points to a server that does not exist. 
  
Reason: Get https://10.96.0.1:443/version: dial tcp 10.96.0.1:443: getsockopt: no route to host


OK.

I set up my master node using the flannel overlay. I don't know if this makes any difference, but I noticed this article, using kubeadm, used Weave Net instead. Not knowing how to move forward (and after browsing many posts and tickets on issues with kubeadm with Dashboard), and knowing at least that kubadm + Weave Net works for installing Dashboard, I tried this approach instead.

After re-initializing and the adding weave-net, my pods are all started:

$ kubectl get pods –all-namespaces

NAMESPACE     NAME                                          READY     STATUS    RESTARTS   AGE

kube-system   etcd-unknown000c2960f639                      1/1       Running   0          11m

kube-system   kube-apiserver-unknown000c2960f639            1/1       Running   0          11m

kube-system   kube-controller-manager-unknown000c2960f639   1/1       Running   0          11m

kube-system   kube-dns-545bc4bfd4-nhrw7                     3/3       Running   0          12m

kube-system   kube-proxy-cgn45                              1/1       Running   0          4m

kube-system   kube-proxy-dh6jm                              1/1       Running   0          12m

kube-system   kube-proxy-spxm5                              1/1       Running   0          5m

kube-system   kube-scheduler-unknown000c2960f639            1/1       Running   0          11m

kube-system   weave-net-gs8nh                               2/2       Running   0          5m

kube-system   weave-net-jkkql                               2/2       Running   0          4m

kube-system   weave-net-xb4hx                               2/2       Running   0          10m


Now, trying to add the dashboard once more:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml


...and, O.M.G.:

$ kubectl get pods -all-namespaces

NAMESPACE     NAME                                          READY     STATUS    RESTARTS   AGE

kube-system   etcd-unknown000c2960f639                      1/1       Running   0          37m

kube-system   kube-apiserver-unknown000c2960f639            1/1       Running   0          37m

kube-system   kube-controller-manager-unknown000c2960f639   1/1       Running   0          37m

kube-system   kube-dns-545bc4bfd4-nhrw7                     3/3       Running   0          38m

kube-system   kube-proxy-cgn45                              1/1       Running   0          30m

kube-system   kube-proxy-dh6jm                              1/1       Running   0          38m

kube-system   kube-proxy-spxm5                              1/1       Running   0          31m

kube-system   kube-scheduler-unknown000c2960f639            1/1       Running   0          37m

kube-system   kubernetes-dashboard-747c4f7cf-jgmgt          1/1       Running   0          4m

kube-system   weave-net-gs8nh                               2/2       Running   0          31m

kube-system   weave-net-jkkql                               2/2       Running   0          30m

kube-system   weave-net-xb4hx                               2/2       Running   0          36m


Starting the kubectl proxy and hitting localhost:8001/ui now gives me:

Error: 'malformed HTTP response "\x15\x03\x01\x00\x02\x02"'
Trying to reach: 'http://10.32.0.3:8443/'


Reading here, trying the master node directly...

https://192.168.1.80:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/


...gives a different error:

{
    "kind": "Status",
    "apiVersion": "v1",
    "metadata": {

    },
    "status": "Failure",
    "message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system\"",
    "reason": "Forbidden",
    "details": {
        "name": "https:kubernetes-dashboard:",
        "kind": "services"
    },
    "code": 403
}


But reading further ahead, it seems accessing via the /ui URL is not working correctly. You need to access via the URL in the docs here, which says the correct URL is:

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/


And now I get an authentication page:

Time to read ahead on authentication approaches.

List the available tokens with:

kubectl -n kube-system get secret


Using the same token as per the docs (although at this point I honestly have no idea what the difference in permissions is for each of the different tokens):

./kubectl --kubeconfig admin.conf -n kube-system describe secret replicaset-controller-token-7tzd5


And then pasting the token value into the authentication dialog gets me logged on! There are some errors about this token not having access to some features, but at this point, I'm just glad I've managed to get this deployed and working!

If you're intested in the specific versions I'm using, this is deployed to CentOS 7, and for Kubernetes:

$ kubectl version

Client Version: version.Info{
    Major:"1″, Minor:"8″, 
    GitVersion:"v1.8.1″, 
    GitCommit:"f38e43b221d08850172a9a4ea785a86a3ffa3b3a", 
    GitTreeState:"clean", BuildDate:"2017-10-11T23:27:35Z", 
    GoVersion:"go1.8.3″, Compiler:"gc", Platform:"linux/amd64″
}


Join us in exploring application and infrastructure changes required for running scalable, observable, and portable apps on Kubernetes.

Topics:
cloud ,kubernetes ,dashboard ,kubeadm ,tutorial

Published at DZone with permission of

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}