Updated on 2024-09-30 GMT+08:00

Kubernetes Dashboard

Introduction

Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself, by running commands.

With Kubernetes Dashboard, you can:

  • Deploy containerized applications to a Kubernetes cluster.
  • Diagnose containerized application problems.
  • Manage cluster resources.
  • View applications running in a cluster.
  • Create and modify Kubernetes resources (such as Deployments, jobs, and DaemonSets).
  • Check errors that occur in a cluster.

For example, you can scale a Deployment, perform a rolling update, restart a pod, or deploy a new application.

Open source community: https://github.com/kubernetes/dashboard

Installing the Add-on

  1. Log in to the CCE console and click the cluster name to access the cluster console. In the navigation pane, choose Add-ons, locate Kubernetes Dashboard on the right, and click Install.
  2. (Supported by 3.0.2 and later versions) In the window that slides out from the right, configure Specifications.

    Table 1 Add-on configuration

    Parameter

    Description

    Add-on Specifications

    Select Preset or Custom for the add-on specifications.

    Containers

    If you selected Custom, you can adjust the container specifications as needed.

  3. In the Parameters area, configure the following parameters:

    • Access Mode: NodePort is supported. This add-on can be accessed through the EIP bound to the node. If the cluster node does not have an EIP bound to it, then this function will not be available.
    • Certificate: Configure a certificate for the dashboard.
      • Use a custom certification.

        You need to fill in the Certificate File and Certificate Private Key in PEM format by referring to the example.

      • Use the default certificate.

        The default certificate generated by the dashboard is invalid, which affects the normal access to the dashboard through a browser. You are advised to manually upload a valid certificate so that the browser can verify your access and secure your connection.

  4. Click Install.

Accessing the dashboard Add-on

  1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane. On the page displayed, verify that the dashboard add-on is in the Running state and click Access.
  2. Copy the token in the dialog box displayed.
  3. On the dashboard login page, select Token, paste the copied token, and click SIGN IN.

    By default, this add-on does not support login using kubeconfig authenticated by certificate. You are advised to use the token mode for login. For details, see https://github.com/kubernetes/dashboard/issues/2474#issuecomment-348912376.

    Figure 1 Token login

  4. View the dashboard page as shown in Figure 2.

    Figure 2 Dashboard page

Modifying Permissions

After the dashboard is installed, the initial role can only view a majority of resources that are displayed on the dashboard. To apply for the permissions to perform other operations on the dashboard, modify RBAC authorization resources in the background.

Procedure

Modify the kubernetes-dashboard-minimal rule in the ClusterRole.

For details about how to use RBAC authorization, visit https://kubernetes.io/docs/reference/access-authn-authz/rbac/.

Components

Table 2 Add-on components (for versions earlier than 3.0.2)

Component

Description

Resource Type

Dashboard

Visualized monitoring UI

Deployment

Table 3 Add-on components (for 3.0.2 or later)

Component

Description

Resource Type

dashboard-api

Back-end API of Dashboard, which provides a RESTful API for communicating with the Kubernetes API server. This component obtains cluster information from the Kubernetes API server and reports the information to the web component.

Deployment

dashboard-auth

Authentication module of Dashboard, which provides a token-based authentication mechanism. When a user logs in to the Dashboard, this component checks whether the token provided by the user is valid. If the token is valid, the user can access the Dashboard.

Deployment

dashboard-web

Front-end UI of Dashboard, which provides a user-friendly UI for viewing and managing Kubernetes clusters. This component is a single-page application based on the React framework and can be accessed through HTTPS.

Deployment

metrics-scraper

Metric collection module of Dashboard, which collects metric data from Kubernetes clusters and reports the data to the web component. Metrics-scraper uses Heapster or Metrics Server to get metric data, and it stores the data in the Kubernetes API server.

Deployment

dashboard-kong

Open-source API gateway component on which Dashboard depends, which helps manage APIs and implement authentication and authorization.

Deployment

Troubleshooting Access Problems

When Google Chrome is used to access the dashboard, the error message "ERR_CERT_INVALID", instead of the login page, is displayed. The possible cause is that the default certificate generated by the dashboard does not pass Google Chrome verification. There are two solutions to this problem:
Figure 3 Error message displayed on Google Chrome
  • Solution 1: Use the Firefox browser to access the dashboard. In the Exceptions area of the Proxy Settings page, add the dashboard address to the addresses that will bypass the proxy server. Then, the dashboard login page will be displayed.

  • Solution 2: Start Google Chrome with the --ignore-certificate-errors flag to ignore the certificate error.

    Windows: Save the dashboard address. Close all active Google Chrome windows. Press the Windows key + R to display the Run dialog box. Enter chrome --ignore-certificate-errors in the Run dialog box to open a new Google Chrome window. In the address bar, enter the dashboard address to open the login page.

Change History

Table 4 Release history

Add-on Version

Supported Cluster Version

New Feature

Community Version

3.0.4

v1.27

v1.28

v1.29

Fixed some issues.

7.3.2

3.0.2

v1.27

v1.28

v1.29

  • Supported clusters of v1.27, v1.28, and v1.29.
  • Updated the add-on to its community version 7.3.2.

7.3.2

2.2.27

v1.21

v1.23

v1.25

Fixed some issues.

2.7.0

2.2.7

v1.21

v1.23

v1.25

None

2.7.0

2.2.5

v1.21

v1.23

v1.25

Synchronized time zones used by the add-on and the node.

2.7.0

2.2.3

v1.21

v1.23

v1.25

None

2.7.0

2.1.1

v1.19

v1.21

v1.23

  • CCE clusters 1.23 are supported.
  • Updated the add-on to its community version v2.5.0.

2.5.0

2.0.10

v1.15

v1.17

v1.19

v1.21

CCE clusters 1.21 are supported.

2.0.0

2.0.4

v1.15

v1.17

v1.19

Adds the default seccomp profile.

2.0.0

2.0.3

v1.15

v1.17

v1.19

CCE clusters 1.15 are supported.

2.0.0

2.0.2

v1.17

v1.19

CCE clusters 1.19 are supported.

2.0.0

2.0.1

v1.15

v1.17

-

2.0.0

2.0.0

v1.17

Enables interconnection with CCE v1.17

2.0.0