Azure Kubernetes Services offers you to host your containerized applications in Kubernetes without having to worry about getting the Kubernetes cluster infrastructure setting up and maintenance. Dashboard in Kubernetes helps you to monitor the status of services deployed as well as deployment states and health of the cluster etc. Let’s look at the steps required to perform to access the Kubernetes Dashboard once you have the Azure Kubernetes Service up and running with Role Base Access Control (RBAC) enabled.
In Azure portal you can find instructions to view Kubernetes dashboard is available in the Service overview page with a link “View Kubernetes Dashboard”.
As the first step you need to install Azure CLI version 2.0.27 or later in you machine. You can follow instructions here to install Azure CLI. Then you can use az login to logon to Azure subscription account.
Then you need to install kubectl by executing command below.
az aks install-cli
As the next step you need to retrieve the credentials for the cluster. For this you can execute command below.
az aks get-credentials --resource-group resourcegroupname --name azurekubernetesservicename
Then you can launch the dashboard by executing the command below.
az aks browse --resource-group resourcegroupname --name azurekubernetesservicename
However when RBAC is enabled you will get error messages similar to below in Kubernetes dashboard.
configmaps is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list configmaps in the namespace "default"
persistentvolumeclaims is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list persistentvolumeclaims in the namespace "default"
secrets is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list secrets in the namespace "default"
services is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list services in the namespace "default"
ngresses.extensions is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list ingresses.extensions in the namespace "default"
daemonsets.apps is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list daemonsets.apps in the namespace "default"
pods is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list pods in the namespace "default"
events is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list events in the namespace "default"
deployments.apps is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list deployments.apps in the namespace "default"
eplicasets.apps is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list replicasets.apps in the namespace "default"
obs.batch is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list jobs.batch in the namespace "default"
cronjobs.batch is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list cronjobs.batch in the namespace "default"
eplicationcontrollers is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list replicationcontrollers in the namespace "default"
statefulsets.apps is forbidden: User "system:serviceaccount:kube-system:kubernetes-dashboard" cannot list statefulsets.apps in the namespace "default"
To fix this issue you need to make sure you are allowing dashboard user service account with admin access using the command below.
kubectl create clusterrolebinding kubernetes-dashboard -n kube-system --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
Then you need to execute the get credential again and launch the dashboard with below two commands.
az aks get-credentials --resource-group resourcegroupname --name azurekubernetesservicename
az aks browse --resource-group resourcegroupname --name azurekubernetesservicename
With this the dashboard will be up and running without issue.
Subscribe to:
Post Comments (Atom)
Popular Posts
-
In Azure DevOps YAML pipelines there are several functions available for you to use. replace is such a useful function, which you can use t...
-
Adding Azure Container Registry (ACR) service connection to Azure DevOps is really simple as described in " Create Service Connection ...
-
We have discueed, that we have to use an environment variable to handle input parameter default values, if we are using trigger for workflo...
-
Some times a silly mistake can waste lot of time of a developer. The exception “System.IO.IOException: The response ended prematurely.” whil...
-
Sometimes you may need to edit files especially the web.config or appsettings.json files after deploying your application to Azure App Servi...
No comments:
Post a Comment