Sign up for a live Kubernetes or DevSecOps demo

Click here

Kubernetes

Learn how to get started with Kubernetes including how to monitor and manage your clusters, view your Kubernetes logs, and how to improve your Kubernetes security

Kubernetes, as a platform, is a comprehensive set of tools for orchestrating containers at scale. It consists of a modular architecture of specific components with a defined purpose. For example, the scheduler finds the ideal match for a particular pod and the kube-proxy manages the networking between the nodes and the master.

One of the most useful components is the Kube API server, which is the main interaction point between the master and the external world. It offers a complete set of REST operations from which all other components interface with each other. Having a REST server is also useful for offering Dashboards for managing Kubernetes via a UI. The official Kubernetes team maintains a Web UI Dashboard, which is a quick and convenient way to manage and troubleshoot cluster resources.

In this post we are going to describe the steps to install this Dashboard and how to use it. Next, we will provide alternative options for users that demand more from a dashboard using Sumo Logic Dashboards.

Deploying and Utilizing the Dashboard UI

Surprisingly enough, the dashboard itself is a container that accesses the cluster information from within the cluster. For Kubernetes, it is just another resource it needs to manage.

To install it, we need to apply the recommended deployment descriptor file:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml

There is also an alternative deployment path with less secure endpoints:

https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/alternative.yaml

Take a look at those yaml files before executing the plan, as it gives you a clearer picture of what we are going to deploy:

  • A namespace: kubernetes-dashboard
  • A service account for the dashboard
  • A service from port 8000:8000
  • A secret
  • A Config map
  • An RBAC role and RoleBinding
  • The main image deployment
  • The metrics scraper deployment

Once the deployment completes, you can establish a proxy connection with the cluster, using the following command:

$ kubectl proxy

Starting to serve on 127.0.0.1:8001

Now navigate to:

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#/login

You will be presented with this login screen:

We need to select Token here, and use the secret value as stored in the cluster. For convenience, I’ve listed a small script that we use to search for the secret token name and copy the token to the clipboard:

#!/bin/bash

get_k8s_secret() {

k8s_namespace=$1

query_name=$2

echo "query:"

echo " namespace: $k8s_namespace"

echo " query_name: $query_name"

secret_token_name_output=$(kubectl -n "$k8s_namespace" get secret | grep "$query_name" | awk '{print $1}')

if [[ -z "$secret_token_name_output" ]]; then

echo "message: Token name not found"

else

secret_token_name=(${secret_token_name_output//"\n"/ })

if [[ "${#secret_token_name[@]}" -gt 1 ]]; then

echo "message: More than one token found"

echo "secret_names: ${secret_token_name[@]}"

else

k8s_secret=$(kubectl -n "$k8s_namespace" describe secret "$secret_token_name")

token=$(echo "$k8s_secret" | grep -E '^token:' | cut -f2 -d':' | xargs echo -n)

echo "message: Token found! This is copied to your clipboard"

echo "secret_name: $secret_token_name"

echo "secret_token: $token"

$(echo "$token" | pbcopy)

fi

fi

}

for i in "$@"

do

case $i in

-n=*)

NAMESPACE="${i#*=}"

shift # past argument=value

;;

-q=*)

QUERY="${i#*=}"

shift # past argument=value

;;

-d)

DASHBOARD_DEFAULT="true"

shift # help

;;

-h)

HELP="true"

shift # help

;;

*)

# unknown option

;;

esac

done

if [[ "$DASHBOARD_DEFAULT" ]] ; then

get_k8s_secret kube-system kubernetes-dashboard-token

elif [[ "$NAMESPACE" && "$QUERY" ]] ; then

get_k8s_secret "$NAMESPACE" "$QUERY"

elif [[ -z "$DASHBOARD_DEFAULT" || -z "$NAMESPACE" || -z "$QUERY" || "$HELP" ]] ; then

echo -e "You need to set some of the following paramaters:\n"

echo "Usage: $0"

echo -e "\t-d - The Default Dashboard query. The following parameters are set -n 'kube-system' -q 'kubernetes-dashboard-token'"

echo -e "\t-n - The kubernetes namespace"

echo -e "\t-q - The kubernetes secret name to query"

echo -e "\t-h - Help"

exit 1

fi

Here is how we use it:

k8s-token

-d - The Default Dashboard query. The following parameters are set -n 'kube-system' -q 'kubernetes-dashboard-token'

-n - The kubernetes namespace

-q - The kubernetes secret name to query

-h - Help

That should print:

query:

namespace: kube-system

query_name: kubernetes-dashboard-token

message: Token found! This is copied to your clipboard

secret_name: kubernetes-dashboard-token-wxyz

secret_token: eyJhbGciOiJSUzI1NiIsImt…

Once we login we should be able to view the main dashboard page:

Now let’s explore the dashboard in detail.