C12s
/
c12s-kubespray
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

update dashboard access doc for 2.0.x (#6036) 

* update dashboard access doc for 2.0.x

* make metrics scrapper system-cluster-critical
This commit is contained in:
Joel Seguillon 2020-04-29 16:20:25 +02:00 committed by GitHub
parent 412d560bcf
commit db5f83f8c9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
docs/getting-started.md
View File

@ -93,20 +93,29 @@ the Kubernetes [documentation](https://kubernetes.io/docs/tasks/access-applicati
## Accessing Kubernetes Dashboard
As of kubernetes-dashboard v1.7.x:
Supported version is kubernetes-dashboard v2.0.x :
- New login options that use apiserver auth proxying of token/basic/kubeconfig by default
- Requires RBAC in authorization\_modes
- Login options are : token/kubeconfig by default, basic can be enabled with `kube_basic_auth: true` inventory variable - not recommended because this requires ABAC api-server which is not tested by kubespray team
- Deployed by default in "kube-system" namespace, can be overriden with `dashboard_namespace: kubernetes-dashboard` in inventory,
- Only serves over https
- No longer available at <https://first_master:6443/ui> until apiserver is updated with the https proxy URL
If the variable `dashboard_enabled` is set (default is true), then you can access the Kubernetes Dashboard at the following URL, You will be prompted for credentials:
<https://first_master:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login>
Access is described in [dashboard docs](https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/1.7.x-and-above.md). With kubespray's default deployment in kube-system namespace, instead of kuberntes-dashboard :
Or you can run 'kubectl proxy' from your local machine to access dashboard in your browser from:
<http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login>
- Proxy URL is <http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#/login>
- kubectl commands must be run with "-n kube-system"
It is recommended to access dashboard from behind a gateway (like Ingress Controller) that enforces an authentication token. Details and other access options here: <https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above>
Accessing through Ingress is highly recommended. For proxy access, please note that proxy must listen to [localhost](https://github.com/kubernetes/dashboard/issues/692#issuecomment-220492484) (`proxy --address="x.x.x.x"` will not work)
For token authentication, guide to create Service Account is provided in [dashboard sample user](https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md) doc. Still take care of default namespace.
Access can also by achieved via ssh tunnel on a master :
```bash
# localhost:8081 will be sent to master-1's own localhost:8081
ssh -L8001:localhost:8001 user@master-1
sudo -i
kubectl proxy
```
## Accessing Kubernetes API

1
roles/kubernetes-apps/ansible/templates/dashboard.yml.j2
View File

@ -282,6 +282,7 @@ spec:
labels:
k8s-app: kubernetes-metrics-scraper
spec:
priorityClassName: system-cluster-critical
containers:
- name: kubernetes-metrics-scraper
image: {{ dashboard_metrics_scraper_repo }}:{{ dashboard_metrics_scraper_tag }}