Infra As Code — Terraform (4) Deploy Kubernetes Dashboard and Jenkins App
In my last article, I showed you how to deploy worknodes to your AWS EKS cluster. If you followed my article (Infra As Code — Terraform (3) Add Worknodes To AWS EKS Cluster), you should have a EKS cluster and one running worknode.
Before you deploy anything, it is important to build a visual dashboard for you Kubernetes platform, so that you can have one place to go to observe and check your platform status. I will talk about Kubernetes dashboard and how to deploy it in this article. You can definitely use kubectl to get the platform information, but that’s not very user friendly and won’t give you the best experience. I will also do one example (Jenkins) application deployment.
What Is Kubernetes Dashboard and Why You Need It?
In one sentence, Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. Use Kubernetes dashboard, you can manage the cluster resources, deploy applications to the cluster and troubleshoot your containerized applications. Dashboard is a good place to get an overview of your cluster. For example:
How To Deploy Kubernetes Dashboard?
Assuming you already installed and configured kubectl (If not, you can refer to this documentation (How to install kubectl):
- Deploy kubernetes metrics server. Metrics server is an aggregator of all the resource usage data, this is not included in the EKS default deployment. Kubernetes cluster will use the metrics server to gather data.
# Check cluster info
$ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 56m$ kubectl get node
NAME STATUS ROLES AGE VERSION
ip-10-0-0-251.ec2.internal Ready <none> 51m v1.15.11-eks-af3caf# Deploy the Metrics server
$ kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
17 apiVersion: v1
deployment.apps/metrics-server created
service/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
(awscli) txu@tmac /tmp kubectl get deployment metrics-server -n kube-system# Verify metircs-server deployment is running
$ kubectl get deployment metrics-server -n kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
metrics-server 1/1 1 1 12s
2. Deploy the dashboard
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created3. Create an admin account. For security reasons, the Kubernetes dashboard user has limited permissions. For demostration purpose, we will create an eks-admin service account and cluster role binding, so we can securely connect to the dashboard with admin access. You can use Role-based access contorl (RBAC) to get more granular level access control.
# Create the admin service account YAML file
$ vim eks-admin-svc-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: eks-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: eks-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: eks-admin
namespace: kube-system# Apply the service account and cluster role binding
$ kubectl apply -f eks-admin-service-account.yaml
serviceaccount/eks-admin created
clusterrolebinding.rbac.authorization.k8s.io/eks-admin created
4. Now the dashboard is deployed and admin service account has been created, it is time to connect! We need an an authentication token for the eks-admin service account. This can be generated by the following command:
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')
Name: eks-admin-token-f2ncf
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name: eks-admin
kubernetes.io/service-account.uid: 4fbd22a2-5281-4e40-950f-673b40f59696Type: kubernetes.io/service-account-tokenData
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: xxxxxx
Now start the proxy service:
$ kubectl proxy
Starting to serve on 127.0.0.1:8001Connect to the dashboard by typing the following url in your browser:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/loginChoose “Token” and input the token:
Click “Sign in”, and you should be able to see the dashboard!
Use Kubernetes Dashboard To Deploy Jenkins Application
Now the dashboard is up and running, let’s use it to deploy a Jenkins application. You can see how easy it is to deploy apps using the Dashboard!
- Go to kubernetes dashboard, and click the “+” sign on the upper right corner.
- Choose “Create from form”
3. Click “Deploy”, you will see the deployment is ongoing immediately:
4. Wait till the deployment finishes:
5. Now go to the “External Endpoints” of your Jenkins app:
6. You should see your Jenkins app is up and running:
7. You can use kubectl get the the password:
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
jenkins-c595699-pkjxr 1/1 Running 0 5m13s$ kubectl logs jenkins-c595699-pkjxr
Running from: /usr/share/jenkins/jenkins.war
webroot: EnvVars.masterEnvVars.get("JENKINS_HOME")
...
Jenkins initial setup is required. An admin user has been created and a password generated.
Please use the following password to proceed to installation:143365d1fa034537817b5ec0f81a951e (The password)This may also be found at: /var/jenkins_home/secrets/initialAdminPassword
After fill in the password, you are all set!
I hope you enjoyed my article and was able to get your own first containerized app deployed into your EKS cluster!
