SPDX-License-Identifier: Apache-2.0
Copyright (c) 2019 Intel Corporation

Kubernetes Dashboard in Smart Edge Open

Overview

Kubernetes Dashboard is a web user interface for Kubernetes. User can use Dashboard to check the state of deployed pods, get information about all kinds of deployments that are being run on cluster and be provided with lots of useful insights about cluster and running applications. In Smart Edge Open environment Kubernetes Dashboard will be deployed with read-only access to all information except Kubernetes’ Secrets. User can modify this role to disable or enable accesses as explained in Access rights chapter of this document.

Details - Kubernetes Dashboard support in Smart Edge Open

Kubernetes Dashboard is disabled by default in Converged Edge Experience Kits. It can be enabled by setting variable kubernetes_dashboard_enable in inventory/default/group_vars/all/10-open.yml file to true value:

# Kubernetes Dashboard
kubernetes_dashboard_enable: false # set to true to enable Kubernetes Dashboard

TLS encryption

TLS for Kubernetes dashboard is enabled by default. User can disable TLS encryption using variable disable_dashboard_tls in inventory/default/group_vars/all/10-open.yml:

disable_dashboard_tls: false # set to true to disable TLS

Usage

User can use Kubernetes Dashboard by browsing https://<controller_ip>:30553 if TLS is enabled or http://<controller_ip>:30553 if TLS is disabled.

With TLS enabled Kubernetes Dashboard will prompt for Kubernetes Service Account token to log in user. You can get the token by executing the following command on your controller:

kubectl describe secret -n kube-system $(kubectl get secret -n kube-system | grep 'kubernetes-dashboard-token' | awk '{print $1}') | grep 'token:' | awk '{print $2}'

NOTE: To use Kubernetes Dashboard with TLS encryption user will have to add https://<controller_ip>:30553 to web browser’s list of security exceptions.

Access rights

By default Smart Edge Open will deploy Kubernetes Dashboard with read-only access to every information except Kubernetes’ secrets. To change access rights (for example hide information about persistent volumes claims, etc.) please modify cluster role defined in roles/kubernetes/dashboard/files/clusterrole.yml of Converged Edge Experience Kits.

Reference