Difference between revisions of "Install k3s with dashboard in Rocky9"
Jump to navigation
Jump to search
| Line 4: | Line 4: | ||
The goal is to install and expose the Kubernetes Dashboard using NodePort and an authentication token, allowing LAN users to access it without port forwarding. | The goal is to install and expose the Kubernetes Dashboard using NodePort and an authentication token, allowing LAN users to access it without port forwarding. | ||
| − | |||
| − | + | ||
| + | == Step 1: Upgrade and install necessary packages == | ||
<pre> | <pre> | ||
dnf -y upgrade | dnf -y upgrade | ||
| Line 12: | Line 12: | ||
</pre> | </pre> | ||
| − | + | == Step 2: Disable swap == | |
<pre> | <pre> | ||
sed -i '/swap/d' /etc/fstab | sed -i '/swap/d' /etc/fstab | ||
| Line 18: | Line 18: | ||
</pre> | </pre> | ||
| − | + | == Step 3: Open necessary firewall ports == | |
<pre> | <pre> | ||
firewall-cmd --permanent --add-port=30443/tcp # dashboard | firewall-cmd --permanent --add-port=30443/tcp # dashboard | ||
| Line 29: | Line 29: | ||
</pre> | </pre> | ||
| − | + | == Step 4: Install k3s == | |
<pre> | <pre> | ||
curl -sfL https://get.k3s.io | sh - | curl -sfL https://get.k3s.io | sh - | ||
| Line 43: | Line 43: | ||
</pre> | </pre> | ||
| − | + | == Step 5: Install Helm == | |
<pre> | <pre> | ||
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | sh | curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | sh | ||
| Line 52: | Line 52: | ||
Log out and back in to apply changes, then proceed with Helm setup. | Log out and back in to apply changes, then proceed with Helm setup. | ||
| − | + | == Step 6: Add the Kubernetes Dashboard Helm repo and install the Dashboard == | |
<pre> | <pre> | ||
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/ | helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/ | ||
| Line 58: | Line 58: | ||
</pre> | </pre> | ||
| − | + | == Step 7: Expose Dashboard via NodePort == | |
<pre> | <pre> | ||
kubectl patch service kubernetes-dashboard-kong-proxy -n kubernetes-dashboard --type='merge' -p '{ | kubectl patch service kubernetes-dashboard-kong-proxy -n kubernetes-dashboard --type='merge' -p '{ | ||
| Line 85: | Line 85: | ||
</pre> | </pre> | ||
| − | + | == Step 8: Create Service Account and RoleBinding for Admin Access == | |
<pre> | <pre> | ||
echo 'apiVersion: v1 | echo 'apiVersion: v1 | ||
| Line 117: | Line 117: | ||
</pre> | </pre> | ||
| − | + | == Step 9: Retrieve the Admin User Token == | |
<pre> | <pre> | ||
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d | kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d | ||
| Line 124: | Line 124: | ||
Use the retrieved token to log in to the Kubernetes Dashboard at https://your.cluster.fqdn:30443 | Use the retrieved token to log in to the Kubernetes Dashboard at https://your.cluster.fqdn:30443 | ||
| − | |||
| − | |||
| − | |||
| − | + | ||
| + | |||
| + | |||
| + | = Cleanup = | ||
To remove the Kubernetes Dashboard, run the following commands: | To remove the Kubernetes Dashboard, run the following commands: | ||
<pre> | <pre> | ||
Revision as of 21:08, 18 September 2024
Contents
- 1 Kubernetes Dashboard via NodePort and Auth Token
- 1.1 Description
- 1.2 Step 1: Upgrade and install necessary packages
- 1.3 Step 2: Disable swap
- 1.4 Step 3: Open necessary firewall ports
- 1.5 Step 4: Install k3s
- 1.6 Step 5: Install Helm
- 1.7 Step 6: Add the Kubernetes Dashboard Helm repo and install the Dashboard
- 1.8 Step 7: Expose Dashboard via NodePort
- 1.9 Step 8: Create Service Account and RoleBinding for Admin Access
- 1.10 Step 9: Retrieve the Admin User Token
- 2 Cleanup
1 Kubernetes Dashboard via NodePort and Auth Token
1.1 Description
The goal is to install and expose the Kubernetes Dashboard using NodePort and an authentication token, allowing LAN users to access it without port forwarding.
1.2 Step 1: Upgrade and install necessary packages
dnf -y upgrade dnf -y install setroubleshoot-server curl lsof wget tar vim git bash-completion
1.3 Step 2: Disable swap
sed -i '/swap/d' /etc/fstab swapoff -a
1.4 Step 3: Open necessary firewall ports
firewall-cmd --permanent --add-port=30443/tcp # dashboard firewall-cmd --permanent --add-port=443/tcp # ingress controller firewall-cmd --permanent --add-port=6443/tcp # API server firewall-cmd --permanent --zone=trusted --add-source=10.42.0.0/16 # pods firewall-cmd --permanent --zone=trusted --add-source=10.43.0.0/16 # services firewall-cmd --reload reboot
1.5 Step 4: Install k3s
curl -sfL https://get.k3s.io | sh - grep 'kubectl completion bash' $HOME/.bashrc || echo 'source <(kubectl completion bash)' >> $HOME/.bashrc
Check k3s version:
k3s -v # Expected output: # k3s version v1.30.4+k3s1 (98262b5d) # go version go1.22.5
1.6 Step 5: Install Helm
curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | sh helm completion bash > /etc/bash_completion.d/helm grep KUBECONFIG $HOME/.bashrc || echo 'export KUBECONFIG=/etc/rancher/k3s/k3s.yaml' >> $HOME/.bashrc
Log out and back in to apply changes, then proceed with Helm setup.
1.7 Step 6: Add the Kubernetes Dashboard Helm repo and install the Dashboard
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/ helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
1.8 Step 7: Expose Dashboard via NodePort
kubectl patch service kubernetes-dashboard-kong-proxy -n kubernetes-dashboard --type='merge' -p '{
"spec": {
"type": "NodePort",
"ports": [
{
"name": "kong-proxy-tls",
"port": 443,
"protocol": "TCP",
"targetPort": 8443,
"nodePort": 30443
}
],
"selector": {
"app.kubernetes.io/component": "app",
"app.kubernetes.io/instance": "kubernetes-dashboard",
"app.kubernetes.io/name": "kong"
},
"sessionAffinity": "None"
},
"status": {
"loadBalancer": {}
}
}'
1.9 Step 8: Create Service Account and RoleBinding for Admin Access
echo 'apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
' | kubectl apply -f -
1.10 Step 9: Retrieve the Admin User Token
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
Use the retrieved token to log in to the Kubernetes Dashboard at https://your.cluster.fqdn:30443
2 Cleanup
To remove the Kubernetes Dashboard, run the following commands:
helm uninstall kubernetes-dashboard --namespace kubernetes-dashboard kubectl get all -n kubernetes-dashboard kubectl delete namespace kubernetes-dashboard helm repo remove kubernetes-dashboard
