Skip to Content

This is a continuation of Kubernetes 1.7 Installation part 1.

At this point we should have a working Kubernetes cluster with all worker nodes joined and in the Ready state.

None of the below steps are required, but add functionality and operability to the cluster.

 

[Master Only] Deploying the Dashboard:

Next, we’ll deploy the Kubernetes dashboard which provides a graphical way of administering the cluster.

We’ll need to make sure we use a version of dashboard compatible with our version of Kubernetes. Obtaining the ‘lastest’ dashboard YAML will most likely lead to compatibility issues unless you happen to be using the latest Kubernetes version as well.

Since I am using Kuberenetes 1.7.1, I will apply the yaml file below:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.7.1/src/deploy/recommended/kubernetes-dashboard.yaml

For a full list of dashboard versions, see the Kubernetes dashboard releases page.

 

Versions of Kubernetes dashboard 1.7.x and above include additional security features that can make it difficult to access outside of the cluster. You can read more about proper dashboard accessibility here.

Since this is for development/testing, we can grant full admin privileges to the dashboard service account and avoid setting up tokens, just be warned this can pose a security risk.

Create a yaml file called dashboard-admin.yaml and paste in the below role binding authorization:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system

Save the file and run the below command to deploy it:

kubectl create -f dashboard-admin.yaml

This will provide a “skip” option on the login page when accessing the dashboard.

 

There are a number of ways to access the dashboard, I find the NodePort option to be the most hassle-free, but all are provided below:

 

Using kubectl proxy:

  • From the machine where you wish to access the dashboard, run:
    kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='^*$'​
  • Dashboard can be accessed at:
    http://<master_fqdn>:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Install kubectl on local machine

  • Install kubectl on your local machine.
  • Configure kubectl to use your cluster by copying $HOME/.kube/config on master to your local machhine at ~/.kube/config
  • Add master IP to your no_proxy
  • Finally run:
    kubectl proxy​
  • Access the dashboard at:
    http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Configure and use NodePort:

  • Edit the kubernetes-dashboard service to use NodePort rather than ClusterIP:
    kubectl edit svc kubernetes-dashboard -n kube-system​
  • Change type as follows:
    ...
    sessionAffinity: None
    -- type: ClusterIp
    ++ type: NodePort​
  • Issue a describe command to see the value of the port:
    kubectl describe service kubernetes-dashboard -n kube-system​
  • Look for the value of NodePort:
    NodePort:               <unset> 30006/TCP
  • Determine the master IP used by the cluster:
    kubectl cluster-info
  • Access the dashboard at:
    https://<master_IP>:<NodePort_port>
    *NOTE: NodePort is exposed via HTTPS. Make sure you access the dashboard using https protocol.

 

Note: the shortcut http://<node_fqdn>:<port>/ui has been deprecated. It is recommended to use the full URL above when using kubectl proxies.

If dashboard-admin.yaml was correctly applied, the login page should have a “Skip” button that allows quick access to the dashboard.

 

[Master Only] Install Helm:

Helm is a tool that streamlines installing and managing Kubernetes applications. The official docs liken it to apt/yum/homebrew for Kubernetes.

You can find more information as well as which versions are tested with specific Kubernetes releases on their official Github page.

I’ll be using Helm 2.6.2 in this installation as 2.6 has been tested against Kubernetes 1.7.

 

First, download the Helm package:

wget https://kubernetes-helm.storage.googleapis.com/helm-v2.6.2-linux-amd64.tar.gz

Make a directory for helm and unpack the download media:

mkdir /opt/helm
tar -xzvf helm-v2.6.2-linux-amd64.tar.gz -C /opt/helm

Add helm to your PATH environment variable to access the executable:

vi /etc/bashrc     #or wherever you want to add the environment variable

export PATH=$PATH:/opt/helm/linux-amd64/

Exit and re-enter your shell to confirm the path has been added.

Finally initialize helm:

helm init

[Master Only – Optional] Add helm cluster roles:

If you intend to install Vora or DataHub on the Kubernetes cluster, this step will be needed otherwise the Vora installation will fail during ‘get configmaps’.

Run the below commands to create a service account and cluster role binding for tiller (helm’s server-side agent) and apply them to helm/tiller:

kubectl create serviceaccount --namespace kube-system tiller
kubectl create clusterrolebinding tiller-cluster-rule --clusterrole=cluster-admin --serviceaccount=kube-system:tiller
kubectl patch deploy --namespace kube-system tiller-deploy -p '{"spec":{"template":{"spec":{"serviceAccount":"tiller"}}}}'
helm init --service-account tiller --upgrade

 

[All Nodes] Setup Docker Registry

The Docker registry is a stateless server-side application that allows us to store and distribute Docker images within our cluster.

[Single selected node] Run the below command to start the docker registry on port 5000:

docker run -d -p 5000:5000 --restart=always --name registry -v /regdata:/var/lib/registry registry:latest

 

[All nodes] Configure nodes to use the registry. On each node we need to add an INSECURE_REGISTRY option to docker and restart the service:

Note: the node and port below should reflect the node/port where the docker registry was created above.

vi /etc/sysconfig/docker

INSECURE_REGISTRY="--insecure-registry=<registry_node>:5000"

Next, we have to add this as an environment file to the docker service itself and use our INSECURE_REGISTRY environment variable at startup.

vi /usr/lib/systemd/system/docker.service

EnvironmentFile=/etc/sysconfig/docker
ExecStart=/usr/bin/dockerd $INSECURE_REGISTRY

Finally restart the daemon and the docker service:

systemctl daemon-reload
systemctl restart docker

 

Now you should have a sufficient Kubernetes cluster for testing / development. Happy Kubeing!

To report this post you need to login first.

Be the first to leave a comment

You must be Logged on to comment or reply to a post.

Leave a Reply