The Kubernetes Dashboard is not deployed in Oracle Cloud Infrastructure (OCI) Oracle Container Engine for Kubernetes (OKE) by default but can easily be enabled by following the steps below.
Check Environment
For this post I am using Kubernetes version 1.20.8 with Oracle Linux 7.8 nodes, you can confirm the version of your Oracle Cloud Infrastructure (OCI) Kubernetes Cluster with kubectl version
% kubectl version --short | awk -Fv '/Server Version: / {print $3}'
1.20.8
And use kubectl get nodes to list the nodes within the OKE cluster.
% kubectl get nodes -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME 10.0.1.111 Ready node 167m v1.20.8 10.0.1.111 140.238.103.139 Oracle Linux Server 7.8 4.14.35-1902.306.2.el7uek.x86_64 cri-o://1.20.2 10.0.1.122 Ready node 167m v1.20.8 10.0.1.122 152.67.141.251 Oracle Linux Server 7.8 4.14.35-1902.306.2.el7uek.x86_64 cri-o://1.20.2 10.0.1.168 Ready node 167m v1.20.8 10.0.1.168 140.238.75.119 Oracle Linux Server 7.8 4.14.35-1902.306.2.el7uek.x86_64 cri-o://1.20.2
Deploy Kubernetes Dashboard
Ok, let’s deploy the Kubernetes Dashboard to the OKE cluster.
% kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created
Create Service Account
Create a file called oke-admin-service-account.yaml as below:
apiVersion: v1
kind: ServiceAccount
metadata:
name: oke-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: oke-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: oke-admin
namespace: kube-systemAnd apply with kubectl apply -f <filename>
% kubectl apply -f oke-admin-service-account.yaml serviceaccount/oke-admin created clusterrolebinding.rbac.authorization.k8s.io/oke-admin created
Get Token
Before we can logon to the dashboard we need to grab the token for the service account.
% kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep oke-admin |
awk '{print $1}')
Copy the token and save to a file as we will need to provide this to logon to the dashboard
Kubernetes Dashboard
To access the dashboard from your laptop type kubectl proxy
% kubectl proxy Starting to serve on 127.0.0.1:8001
You should now be able to access the Kubernetes dashboard using:
Select Token and paste token previoulsy captured, and click Sign In
The Kubernetes Dashboard should now be ready to use.
Summary
In this blogs I have shared how we can enable the Kubernetes Dashboard in the Oracle Kubernetes Engine (OKE).
You can also have OKE automatically deploy the Kubernetes Dashboard during cluster creation, by using the API and set the isKubernetesDashboardEnabled attribute to true.
Note, when Container Engine for Kubernetes automatically deploys the Kubernetes Dashboard, it is deployed in the kube-system namespace, this will result in a slightly different URL, for example:
[twitter-follow screen_name=’RonEkins’ show_count=’yes’]
Leave a Reply