My Wiki!

K8s Day 0: Helm
- 1. Helm Installation
- 2. Install k8s dashboard
  - 2.1 Search for packages and install
  - 2.2 Helm K8S Dashboard

K8s Day 0: Helm

TAGs: k8s, helm

.https://searchitoperations.techtarget.com/tip/When-to-use-Kubernetes-operators-vs-Helm-charts

1. Helm Installation

Follow .https://helm.sh/docs/intro/quickstart/

2. Install k8s dashboard

2.1 Search for packages and install

.https://helm.sh/docs/intro/using_helm/

Search hub:

  helm search hub pkg-name

Searh local repository:

Add Add official charts repository

  helm repo add stable https://charts.helm.sh/stable

  helm repo add brigade https://brigadecore.github.io/charts
  "brigade" has been added to your repositories
  
  
  helm search repo brigade

Install chart

  helm install happy-panda bitnami/wordpress
  
  helm status happy-panda

Customizing the Chart Before Installing

helm show values bitnami/wordpress
## Global Docker image parameters

Override any of these settings in a YAML formatted file, and then pass that file during installation.

echo '{mariadb.auth.database: user0db, mariadb.auth.username: user0}' > values.yaml    
helm install -f values.yaml bitnami/wordpress --generate-name

2.2 Helm K8S Dashboard

.https://artifacthub.io/packages/helm/k8s-dashboard/kubernetes-dashboard

Add kubernetes-dashboard repository

  helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/

Deploy a Helm Release named “k8s-dashboard” using the kubernetes-dashboard chart

  helm install k8s-dashboard kubernetes-dashboard/kubernetes-dashboard

Install opetions:

    -n, --namespace string            namespace scope for this request
    --create-namespace

kubectl get pods --all-namespaces

To uninstall/delete the my-release deployment:

helm delete k8s-dashboard

2.2.1 Access dashboard

Get the Kubernetes Dashboard URL by running:

  export POD_NAME=$(kubectl get pods -n default -l "app.kubernetes.io/name=kubernetes-dashboard,app.kubernetes.io/instance=k8s-dashboard" -o jsonpath="{.items[0].metadata.name}")
  echo https://127.0.0.1:8443/
  kubectl -n default port-forward $POD_NAME 8443:8443

2.2.2 Change Dashboard Access to NodePort

see .http://localhost/~dang/wiki/doku.php?id=virtualization:k8s:onap_k8s:0_k8s_installation#k8s_dashboard

2.2.3 Generate new certificat for Dashboard

Chrome doesn't like the certificate.

Create new certs

cd k8s-dashbard-setup
mkdir certs
cd certs
openssl genrsa -out dashboard.key 2048
openssl req -new -out dashboard.csr -key dashboard.key -subj '/CN=kubernetes-dashboard'
ls
openssl x509 -req -in dashboard.csr -signkey dashboard.key -out dashboard.crt
kubectl get secret
kubectl describe secrets k8s-dashboard-kubernetes-dashboard-certs
kubectl delete secret k8s-dashboard-kubernetes-dashboard-certs 
kubectl create secret generic k8s-dashboard-kubernetes-dashboard-certs --from-file=dashboard.key --from file=dashboard.crt 
kubectl delete pods k8s-dashboard-kubernetes-dashboard-696b8cc6f8-jdwxz 
kubectl get pods
kubectl get service

2.2.4 Get login token

This account is created by helm.

kubectl get secrets 
NAME                                             TYPE                                  DATA   AGE
default-token-kcnjb                              kubernetes.io/service-account-token   3      45h
k8s-dashboard-kubernetes-dashboard-certs         Opaque                                2      4m9s
k8s-dashboard-kubernetes-dashboard-token-lb8sz   kubernetes.io/service-account-token   3      25h   <--------

kubectl describe secrets k8s-dashboard-kubernetes-dashboard-token-lb8sz
...
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InZBbDNmcGlJam9tOVRGcFdzYkllekczbFNJM0NsNVpFb3RPcV8xNXE2aFEifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Ims4cy1kYXNoYm9hcmQta3ViZXJuZXRlcy1kYXNoYm9hcmQtdG9rZW4tbGI4c3oiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC5uYW1lIjoiazhzLWRhc2hib2FyZC1rdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjJhZDk2NTgxLTRkYTYtNGUwZS1iOTQ4LTg5MGE1NzY5MmM0MSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDpkZWZhdWx0Oms4cy1kYXNoYm9hcmQta3ViZXJuZXRlcy1kYXNoYm9hcmQifQ.OZ8_5cdCOv-USZmTvBmaU0Xh9teAUDX_5a1cR7BfKWTLUz4XdZ-GmGZZY4FRHaRndcUi3hH08UHogr0cwNOZEdf_sJGZflOcH_AC9OMTuR26bt4_xam66LfviXNUSsvps11wxg4ZFs3_v-Iz3dMJWT-UokmF783TD2Ds5HQ-XkGCvRi7de6EPvjjT_T3Mb_ZVOi4ql-QOfPUBbHRnGU6HmJFhmYKBSOVppuMGlhOL76uu7QnkPydygMurrxKBpfE_-kbZG2PgoBPjavNH8DYxTF6q0tlMCHO-n531M4s3uWkn-N3OBojJubgtYPo9-4wD-Xex8zSSqm67Lqh0WzGdQ

2.2.5 Create new Dashboard Service account

The service account created by helm is restrictive and has no permission. We will create a new one with cluster-admin roles. This should not be used in production as the service account has full control over cluster. https://github.com/kubernetes/dashboard/issues/4179

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

kubectl apply -f service-account.yaml

Trace: • 01_k8s_operation • ansible_in_action • 0_begin • 02_k8s_day0

Table of Contents

K8s Day 0: Helm

1. Helm Installation