Kubernetes Dashboard

Introduction

Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself, by running commands.

With Kubernetes Dashboard, you can:

• Deploy containerized applications to a Kubernetes cluster.
• Diagnose containerized application problems.
• Manage cluster resources.
• View applications running in a cluster.
• Create and modify Kubernetes resources (such as Deployments, jobs, and DaemonSets).
• Check errors that occur in a cluster.

For example, you can scale a Deployment, perform a rolling update, restart a pod, or deploy a new application.

Open source community: https://github.com/kubernetes/dashboard

Installing the Add-on

1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane, locate Kubernetes Dashboard on the right, and click Install.
2. In the Parameters area, configure the following parameters:
   • Certificate Configuration: Configure a certificate for the dashboard.
     • Using a custom certification
       • Certificate File: Click to view the example certificate file.
       • Private Key: Click to view the example private key.
     • Using a default certificate
       

       The default certificate generated by the dashboard is invalid, which affects the normal access to the dashboard through a browser. You are advised to manually upload a valid certificate so that the browser can verify your access and secure your connection.

3. Click Install.

Accessing the dashboard Add-on

1. Log in to the CCE console and click the cluster name to access the cluster console. Choose Add-ons in the navigation pane. On the page displayed, verify that the dashboard add-on is in the Running state and click Access.
2. Copy the token in the dialog box displayed.
3. On the dashboard login page, select Token, paste the copied token, and click SIGN IN.
   

   By default, this add-on does not support login using kubeconfig authenticated by certificate. You are advised to use the token mode for login. For details, see https://github.com/kubernetes/dashboard/issues/2474#issuecomment-348912376.

   Figure 1 Token login
   

4. View the dashboard page as shown in Figure 2.
   Figure 2 Dashboard page
   

Modifying Permissions

After the dashboard is installed, the initial role can only view a majority of resources that are displayed on the dashboard. To apply for the permissions to perform other operations on the dashboard, modify RBAC authorization resources in the background.

Procedure

Modify the kubernetes-dashboard-minimal rule in the ClusterRole.

For details about how to use RBAC authorization, visit https://kubernetes.io/docs/reference/access-authn-authz/rbac/.

Components

Troubleshooting Access Problems

When Google Chrome is used to access the dashboard, the error message "ERR_CERT_INVALID", instead of the login page, is displayed. The possible cause is that the default certificate generated by the dashboard does not pass Google Chrome verification. There are two solutions to this problem:

Figure 3 Error message displayed on Google Chrome

• Solution 1: Use the Firefox browser to access the dashboard. In the Exceptions area of the Proxy Settings page, add the dashboard address to the addresses that will bypass the proxy server. Then, the dashboard login page will be displayed.

• Solution 2: Start Google Chrome with the --ignore-certificate-errors flag to ignore the certificate error.

  Windows: Save the dashboard address. Close all active Google Chrome windows. Press the Windows key + R to display the Run dialog box. Enter chrome --ignore-certificate-errors in the Run dialog box to open a new Google Chrome window. In the address bar, enter the dashboard address to open the login page.

Change History