Exposing the Kubernetes Dashboard with Istio Service Mesh
Written by Sigal Zigelboim   
Thursday, 24 November 2022
Article Index
Exposing the Kubernetes Dashboard with Istio Service Mesh
Save and Edit the Definition File

Step 2: Save and Edit the Definition File

Download the Kubernetes-dashboard.yaml definition file using the wget command:  

wget  https://raw.githubusercontent.com/kubernetes/
   dashboard/v2.0.5/aio/deploy/recommended.yaml>
                                -O kubernetes-dashboard.yaml

Here is how to implement the Namespace specification. It requires us to define the API version, its kind, spec and metadata as follows: 

apiVersion: v1
kind: Namespace       
metadata:
  name: kubernetes-dashboard
spec:
  ports:
  —port: 90
     targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard

Let’s implement the dashboard secret. In order to avoid certificate errors that can occur in several web browsers, we will develop it manually. We define API version, its kind, type and metadata as follows: 

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kube-system
type: Opaque

Step 3: Create Namespaces and Certificates

This stage involves the generation of Namespaces and Certificates.

  1. All other dashboard elements for the K8 will come under the Namespace category. In this step, we will first create the kubernetes-dashboard namespace using kubectl:

kub1

  1. Next, we will create the Certificates using kubectl:

kub2

 

Step 4: Deployment of the Configuration 

In this step, we will deploy the Kubernetes-deployment.yaml file using the create command: 

kub3

A Kubernetes Namespace defines the scope of the cluster's Pods, Services, and Deployments. We can analyze the Pods and Services using the get commands: 

kub4

 

Step 5: Implement the Kubernetes Dashboard 

Here we build ClusterRoleBinding and a ServiceAccount. Create a ServiceAccount using dashboard-admin.yaml:

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: dashboard-admin
  namespace: kubernetes-dashboard
spec:
 ports:
  —port: 80

Now create ClusterRoleBinding using

dashboard-admin-bind-cluster-role.yaml:

 kub5

To implement a Kubernetes Dashboard, users need to apply the ClusterRoleBinding and a ServiceAccount using the apply command in their cluster: 

kubectl apply -f dashboard-admin.yaml
kubectl apply -f dashboard-admin-bind-cluster-role.yaml 

Users can access the dashboard by opening the host url, which we defined in the VirtualService. In our case, navigate to k8sdashboard.example.com

Create a connection between the default cluster administrator and the cluster administrator by establishing a ServiceAccount using the create command as follows:

kub6 

Lastly, users can log in to the Kubernetes dashboard using the newly acquired token.

Conclusion

In this article, I explained the basics of Istio for Kubernetes clusters, and showed how you can use Istio to easily expose your Kubernetes dashboard to users and administrators of your cluster. This involves: 

  1. Creating a new dashboard Gateway and Virtual Service.

  2. Saving and editing the definition file.

  3. Generating Namespaces and Certificates.

  4. Deploying the Kubernetes-deployment.yaml file using the create command.

  5. Creating a ClusterRoleBinding and ServiceAccount. 

I hope this will be useful as you make better use of Istio for managing cluster communications. 

itsiosq

More Information

Istio

Related Articles

Istio 1.7 Expands Capabilities for the Hybrid Cloud

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

 

Banner


Edera Releases Open Source Container Benchmark And Scanner
07/11/2024

Edera has released Am I Isolated, an open source container security benchmark that probes users runtime environments and tests for container isolation.



Meta Releases OpenSource Podcast Generating Tool
28/11/2024

Meta has released an open source project that can be used to automatically convert a PDF file into a podcast. Meta says Notebook Llama can be considered an open-source version of Google's NotebookLM.

 [ ... ]


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info



Last Updated ( Friday, 25 November 2022 )