update dashboard access doc for 2.0.x (#6036)
* update dashboard access doc for 2.0.x * make metrics scrapper system-cluster-critical
This commit is contained in:
parent
412d560bcf
commit
db5f83f8c9
2 changed files with 19 additions and 9 deletions
|
@ -93,20 +93,29 @@ the Kubernetes [documentation](https://kubernetes.io/docs/tasks/access-applicati
|
|||
|
||||
## Accessing Kubernetes Dashboard
|
||||
|
||||
As of kubernetes-dashboard v1.7.x:
|
||||
Supported version is kubernetes-dashboard v2.0.x :
|
||||
|
||||
- New login options that use apiserver auth proxying of token/basic/kubeconfig by default
|
||||
- Requires RBAC in authorization\_modes
|
||||
- Login options are : token/kubeconfig by default, basic can be enabled with `kube_basic_auth: true` inventory variable - not recommended because this requires ABAC api-server which is not tested by kubespray team
|
||||
- Deployed by default in "kube-system" namespace, can be overriden with `dashboard_namespace: kubernetes-dashboard` in inventory,
|
||||
- Only serves over https
|
||||
- No longer available at <https://first_master:6443/ui> until apiserver is updated with the https proxy URL
|
||||
|
||||
If the variable `dashboard_enabled` is set (default is true), then you can access the Kubernetes Dashboard at the following URL, You will be prompted for credentials:
|
||||
<https://first_master:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login>
|
||||
Access is described in [dashboard docs](https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/1.7.x-and-above.md). With kubespray's default deployment in kube-system namespace, instead of kuberntes-dashboard :
|
||||
|
||||
Or you can run 'kubectl proxy' from your local machine to access dashboard in your browser from:
|
||||
<http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login>
|
||||
- Proxy URL is <http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#/login>
|
||||
- kubectl commands must be run with "-n kube-system"
|
||||
|
||||
It is recommended to access dashboard from behind a gateway (like Ingress Controller) that enforces an authentication token. Details and other access options here: <https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above>
|
||||
Accessing through Ingress is highly recommended. For proxy access, please note that proxy must listen to [localhost](https://github.com/kubernetes/dashboard/issues/692#issuecomment-220492484) (`proxy --address="x.x.x.x"` will not work)
|
||||
|
||||
For token authentication, guide to create Service Account is provided in [dashboard sample user](https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md) doc. Still take care of default namespace.
|
||||
|
||||
Access can also by achieved via ssh tunnel on a master :
|
||||
|
||||
```bash
|
||||
# localhost:8081 will be sent to master-1's own localhost:8081
|
||||
ssh -L8001:localhost:8001 user@master-1
|
||||
sudo -i
|
||||
kubectl proxy
|
||||
```
|
||||
|
||||
## Accessing Kubernetes API
|
||||
|
||||
|
|
|
@ -282,6 +282,7 @@ spec:
|
|||
labels:
|
||||
k8s-app: kubernetes-metrics-scraper
|
||||
spec:
|
||||
priorityClassName: system-cluster-critical
|
||||
containers:
|
||||
- name: kubernetes-metrics-scraper
|
||||
image: {{ dashboard_metrics_scraper_repo }}:{{ dashboard_metrics_scraper_tag }}
|
||||
|
|
Loading…
Reference in a new issue