Just me and Opensource Hi Venkat. Thanks for the k8s videos. i have tried the above URL and deployed pods, roles and svc's. I have changed the svc ClusterIP to NodePort (32323) and when I am trying to access the same from my host(windows desktop) chrome browser(192.168.5.21:32323) i am getting certificate invalid error and its not allowing me to proceed further. i have installed k8s vm's on virtualbox and configured network as NAT(192.168.5.0/24). For testing purpose i have deployed one nginx pod and exposed it to 32324 but in this case i am able to access nginx default page from same host and same browser. For dashboard why its throwing https cert invalid error.
Hi, thanks for watching. The cpu and memory usage metrics are shown by the metrics-scraper deployment. Are all your dashboard pods running fine? You can check the logs of the metrics-scraper pod for any issues. And are you using the same link for the dashboard manifest that I used in this video? I haven't tried this recently.
Hi Steve, thanks for watching. I used Manjaro Linux distro with I3 tiling window manager. I have done few videos on how to configure I3 on various distros. If you are interested, here is the playlist. Cheers. ua-cam.com/play/PL34sAs7_26wOgqJAHey16337dkqahonNX.html
Hi Venkat, Just a quick question, can I still use the heapster.yaml and the influxdb.yaml file with this new method to install the dashboard? so that I can have some graphs. If I still can use those files, Do they must be applied before or after the command you copied from the Kubernetes website? Thanks in advance mate.
Hi, thanks for watching. Heapster component has been deprecated. You only need metrics-server that stores various metrics from nodes and pods. In the dashboard you will be able to see all the graphs. You shouldn't be using heapster/influxdb.
tried version 1.16.4, if I apply the dashboard when having cluster with 3 nodes, the dashboard will stuck at CreateContainer state and it using the 2nd work node, then I kubeadm reset and do init and re-apply the dashboard with master only and then add the other node, the dashboard created successfully. is there a way to force the dashboard using particular node??
Hi Hakha, thanks for watching. I believe your worker node had some problem which prevented the dashboard pod from running successfully. Anyways, I am glad that you got it working. If you want to force a pod to a particular node, then you can use nodeSelector. You can find a video about nodeSelector in my Kubernetes playlist. Cheers.
@@justmeandopensource thank you for the respond, it was confusing since the worker nodes are identical, it cloned, but I just remove weave net and use calicio and using kube v1.17, it all fine, creating dashboard and replicas
HI Venkatesh, thanks for watching. First make sure the dashboard pod is running fine. Then look at the logs of the dashboard pod. It may have some clue as to why you are not seeing the page. And make sure to use the correct service account token.
Hi Imam, thanks for watching. Yes you can use LoadBalancer for your service. Depending on where you are running kubernetes. If you are using one of managed Kubernetes like Amazon EKS, Azure AKS or Google GKE, then you don't have to do anything extra. You can just specify the Type of service as LoadBalancer and a load balancer will be created automatically. If you are running your cluster on bare metals, you can make use of MetalLB as Load Balancing solution. I have done a video on MetalLB (ua-cam.com/video/xYiYIjlAgHY/v-deo.html). Hope this helps. Cheers.
i am facing the issue kubectl -n kubernetes-dashboard describe sc kubernetes-dashboard Error from server (NotFound): storageclasses.storage.k8s.io "kubernetes-dashboard" not found
Hi Venkat, I have deployed the dashboard in Centos 7 but I'm unable to see the dashboard ... I'm replacing the localhost:portnumber with ipofmaster:portnumber...am i correct here ?
Hi, thanks for watching. How is your k8s cluster provisioned? I tried this video yesterday and it worked fine. Please give me more details about your environment. Cheers.
HI Sagar, thanks for watching. I think the below article should help you with that. medium.com/nycdev/deploy-to-a-managed-kubernetes-cluster-on-google-cloud-894d35b83619
Hi Diplav, thanks for watching. I will see if I have time to record a video for that. I have already recorded and scheduled video for the next two months. Cheers.
@@justmeandopensource Thanks.Can you suggest me a way as I am facing problem in setting up this?This video was very close to what I was looking for however this had mentions regarding the ClusterRole not the Namespace Role..
@@diplavsrivastava8681 Hi, ClusterRole applies to the whole cluster. There is no such thing as namespace role. There are two types of roles. ClusterRole and Role and you bind it to an account respectively using ClusterRoleBinding and RoleBinding. While ClusterRole applies to the whole cluster, Role applies to a specific namespace. So you can create a Role in a particular namespace and create RoleBinding that binds this Role to a user/account. Then if you use that account to login to dashboard, he will only be able to see that particular namespace. Thanks.
@@manikandans8808 Hmm.. I never got around to finding a solution to run k8s v1.15+ in lxc containers. For my videos and personal learning I always use KinD. I have asked in many forums and there is not a lot of people using LXC containers for their k8s cluster. If I find a way, I will definitely let you know. Cheers.
Hi Venkat, I am unable to edit kubectl -n kubernetes-dashboard edit svc kubernetes-dashboard in Mac . Warning: Failed to set locale category LC_MESSAGES to en_SG. A copy of your changes has been stored to "/var/folders/jn/b4j7z6v966z4m53hmry6yysw0000gp/T/kubectl-edit-5du51.yaml" . I am able to access the dashboard if I run port forward. Any hint can help me resolve this would be great. thank you.
Hi, thanks for watching. I believe this is something to do with the terminal editor you are using in Mac. What is your terminal editor set to? Is it vim? Does kubectl edit command opens a vim editor? Can you open other documents using vi/vim?
Add the below line to your .bash_profile in your home directory. export LC_ALL=en_US.UTF-8 And then logout and log back in and see if you still get the error.
@@justmeandopensource added export LC_ALL=en_US.UTF-8 and switched to mac terminal from iTerm. Managed to edit to NodePort and it is working as you have shown in the videos. Thanks very much for your help.I will continue with the videos. Just simple question, would you like create a course in udemy or own portal on Kubernetes cluster to run a micro service architecture which includes queue, memcache etc with a CI/CD pipeline ? I am willing to pay for it to learn from you. You have good knowledge on subject and explanation is very clear.
@@learndevops3666 Glad to hear that the problem has been resolved. Thanks for your interest in my videos. I am doing these videos out of my own interest during my spare time in the weekend. I have a primary 9-5 job as a DevOps engineer. I don't have enough time to practice and do videos unfortunately. I can't do more than 2 videos in a week. I will however continue to do Kubernetes videos in my Channel though. Thanks again for your interest.
Hi Dipti, thanks for watching. It looks like you don't have permissions to view other namespaces. In this video, I created a service account and attached the cluster-admin role to the service account and used that service account's token to login to the dashboard. Please double check the steps shown in this video and use the right service account.
Hi, Thanks for watching this video. You could create a user account (basically certificate/token, not really an user account) and assign it a role with rolebinding. Basically you are creating a role that says this user can only access this namespace. And you will have to create rolebinding for every single namespace that the user needs access. You can check the below article for detailed steps. docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/ But instead of creating a role, just create cluster role. So that you have one cluster role and individual role bindings for each namespace the user needs access. Otherwise you will have to create role and rolebinding for each namespace. So one cluster role and as many rolebindings (not clusterrolebinding) as you need. You can also check the below link. medium.com/faun/kubernetes-rbac-use-one-role-in-multiple-namespaces-d1d08bb08286 Hope it makes sense Thanks
Hi Martin, thanks for watching. Grafana is a visualization only tool. You will have to store the metrics somewhere like in Prometheus. I am not sure what you mean by adding Grafana dashboard to it. I have done a video on Prometheus/Grafana in Kubernetes for monitoring. If you are interested you can watch it at ua-cam.com/video/CmPdyvgmw-A/v-deo.html Thanks.
Hi sir ,It is very Nice video and solved my issues .but one think its not able to open chrome browser ,for POC i need to do Chrome ,kindly help -error "NET::ERR_CERT_INVALID",cleared chache and opened safemode also but not luck.Master node is running Azure -Ubuntu 18
Hi Naveen, thanks for watching. I haven't tried either of those. Not sure what level of control you have with them. See if the below discussion helps you. stackoverflow.com/questions/46906977/running-dashboard-inside-play-with-kubernetes
Hu Mahesh, thanks for watching. Those metrics are handled by the metrics server. Please check that metrics server has been deployed properly. You can also check its logs. Cheers.
@@justmeandopensource Metric pod is running, but getting "level":"error","msg":"Error scraping node metrics: the server could not find the requested resource (get nodes.metrics.k8s.io)" in logs
@@justmeandopensource issue resolved, after following video tutorial, metric-scraper & dashboard was running, so i have installed the metric server separately, and added the following thins in yaml, - /metrics-server - --kubelet-insecure-tls - --v=2 - --kubelet-preferred-address-types=InternalIP hostNetwork: true
thanks for putting Kubernetes tutorial, your videos are awesome, just following your videos, i was able to deploy my docker container application on kubernetes.
hey i wanna ask you something is that normal for kubernetes dashboard status always creatingContainer for 2 days? can i fix that and how? i hope you answer my question and your video is helpfull thank you
Hi Hardian, its definitely not normal. Something is stuck. I would advise you to look into the logs and events. kubectl get events, kubectl describe deploy , kubectl logs and so on to identify why its in that state. Cheers.
Hi Srinath, thanks for watching this video. With the feedback and motivation from all my viewers, I want to do more stuff related to DevOps. But the problem is finding time to do it. I have a primary 9 - 6 job and using my evenings to learn, practise and record videos. Currently doing Kubernetes and AWS series. Soon will be starting Terraform. GitOps, GitLab, Spinnaker and many other topics are in my list. I wish I had 48 hours a day :) Thanks.
Hi..first of all thanks for the video.. I got some issues in getting the dashboard. When i describe the dashboard service, Endpoints shows . How to fix it?
Hi venket is there any way that I can login to my kubernets dashboard with username and password not by token , how I create user for kubernets dashboard .
Hi Atul, thanks for watching. I tried this video yesterday as it was done a while ago and want to make sure this video is still relevant. It worked exactly as shown in this video. Regarding logging in with username/password, I don't think its possible. There are only two ways, either service account token or using your kubeconfig file. At the moment, kubernetes dashboard only supports one cluster where is deployed. But work is in progress for the next major version (2.0) where there will be option to switch between different cluster using kubeconfig file. This is just for your information. Cheers.
Hi Venkat, Great video! Really helped me understand a couple of things, however I'm facing an issue: I have a Raspberry Pi cluster, and I deployed the dashboard on that cluster. I configured the service as NodePort, and edited my hosts file on my computer (not running k8s). When trying to access the dashboard I'm getting a "ERR_CERT_INVALID" webpage, without the option to click on "proceed anyway" (no button). Any ideas on how can I overcome this problem? Thanks :)
Hi Jaya, thanks for watching. I don't think so. You only get two options (kubeconfig/token). I have tried the kubeconfig way, but never worked. You can think differently and implement your own solution something like below. You deploy dashboard as usual. And separately configure an Nginx reverse proxy where you can have username/password based simple basic http authentication that proxies the request to dashboard service in the cluster along with the token in the header.
Hi Mir, thanks for watching. I am not entirely sure about that error as I have never encountered it. Have you tried searching Google for possible answers?
i modified the rolebinding for kubernetes-dashboard so that i can still use the same user to access the dashboard. apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: name: dashboard-rolebinding roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: kubernetes-dashboard namespace: kubernetes-dashboard
Nice video, but perhaps not very realistic with the machine which provisioned the cluster being a GUI linux, usually it would be a non GUI linux and you wouldn't be able to open up a browser and port-forward only works with the host machine by default. I tried to play with it for quite a while but just couldn't get it to work, I tried various configs, ended up with allowing 0.0.0.0 on the master and then IP forwarded on the underlying machine from my 192... internal network to 192. of the machine which hosted the cluster and there it was with kubectl .. port-forward forwarded into the cluster 172.. network. It worked but somehow I was only getting JSON output from the dashboard, I couldn't find a solution so I just gave up. probably didn't explain well so another try: A: 192.168.0.80 - my desktop B: 192.168.0.100 - my laptop which provisions the cluster through vagrant C: 172.42.42.100 - master IP so on master I did kubectl proxy --address=0.0.0.0 --accept-hosts=^*$, had to it that way because simple port forward only allows access from 192.168.0.100 then I went on 192.168.0.100 and iptables forwarded traffic from 192.168.0.80:8000 to 172.42.42.100:8001 (8001 is default port for kubectl proxy) so now I could access 172.42.42.100:8001 from 192.168.0.80 through 192.168.0.100:8000, but the output wasn't graphical but rather a JSON...
Thanks for watching. I agree. All my videos are based on local k8s cluster running on my Laptop. If you are connecting to a server where you are running k8s in virtual machines, there are two hops to get to the nodes and you will have to manage the port forwarding to get to it.
I followed by your video when I access the dashboard from the browser(172.42.42.101:32323) it shows the message "Client sent an HTTP request to an HTTPS server." only. I tried different browsers to verify it. Please help me with it to go forward.
Hello, thanks for uploading this video. How can I enter this dashboard from other subnets? Before I used this command to accept any source: kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='.*' Thanks again.
Hi Emanuel, as shown in the video, if you had changed the dashboard service to Nodeport, you can access it from any machine that can reach one of the node's ip. You can also expose dashboard service as Load Balancer if you have metallb deployed. Thanks.
@@justmeandopensource Thanks (again) for your answer. There is a way to check why is not working for me? Im connected over SSH to my master node, so I can reach it. But when I want to enter the dashboard using 192.168.68.231:30935 , I can't.... 30935 is the port generated by NodePort. [epena-local@emak-m ~]$ kubectl -n kubernetes-dashboard get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.106.251.235 8000/TCP 16m kubernetes-dashboard NodePort 10.101.146.184 443:30935/TCP 16m Linux CentOS firewalls are off.
@@MatiMape I tried it now. Deployed the kubernetes-dashboard. kubectl apply -f raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml Kubernetes-dashboard service is a ClusterIP type and I didn't use NodePort. Then ran kubectl proxy on my local machine. kubectl proxy Then I was able to access the dashboard using below url. localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ Are you running kubectl locally or are you connecting to a different machine where you are running kubectl?
Hmm I'm sorry.. I have a problem.. I still can't access my dashboard form localhost:8000 it said this site can't be reach.. I've followed ur steps except I'm using project calico as my pod network cidr.. I'm so clueless lol. pls I'm sorry can u help me?
@@justmeandopensource haven't tried that out yet. I've tried 1)kubectl proxy and open the URL that given by kubernetes.io itself 2)port-forward like what u did on ur vid But the output from my browser still the same 'refused it said that I need to configure my firewall or something'
Heyy, This is no doubt a great video and it helps me a lot, i have one question i hope you will revert me soon. I have deploy the dashboard in 1.17.2 version and it is perfectly deployed but i am not able to see any graphs like it was shown in your previous video... Can u help me on this
Hi Gautam, thanks for watching. All the graph related stuff are provided by metrics-server. Previously I used to use heapster and influxdb for metrics collection in the cluster. But they have been deprecated. Now we got to use metrics-server which collects and stores the metrics. Dashboard deployment will be able to pull metrics from metrics-server deployment and display them in the dashboard. So please make sure you have deployed metrics-server and is running fine without any issues. Cheers.
Hi Venkat, I am new to kubernetes as well as devops, your videos are providing better quality content for better understanding. Thanks for the great job . But I am facing an issue, I have followed your video to bring the cluster manually using kubeadmn + flannel (1 master nodes+2 worker nodes) ,as suggested in this video I have deployed the kubernetes-dashboard and have exposed the same with nodeport type service Issue: I am able to access the dashboard only on the node where the kubernetes-dashboard pod is running not on the other node, Same is faced by any applications exposed via nodeport service Does NodePort Service type unirformly distribute the load between the worker nodes Can you kindly me with the same Can you kindly do a detailed video on the service types and the Loadbalancing of traffic covered by each service type
Hi Monisha, thanks for your interest in this channel. I believe something is wrong with your cluster networking. The idea behind nodeport service is that you can reach the nodeport on any of the nodes in your cluster (even when that node isn't running the actual pod), you will be redirected to one of the node where the pod is running. This is all taken care by the CNI overlay network which is Flannel in your case. This needs bit more debugging to find where the issue is.
Hi Ho, thanks for watching. Depending on the setup, you will have to set up port forwarding. Or you can configure your virtual machines to get IP address from the host network. Cheers.
@@justmeandopensource Well. It just gives me the This site can’t be reachedlocalhost refused to connect. Try: Checking the connection Checking the proxy and the firewall ERR_CONNECTION_REFUSED error. Also, how do you save the edits in svc? Eg the part where you edit the nodeport. It's going a little too fast
I'm learning a lot from your videos, great stuff! I've set up a cluster of LXC machines running inside of an Ubuntu VM (using Multipass on my Mac). I installed the dashboard and got it working from your instructions, but I'm not getting any cpu or memory data. I installed the metrics-server (github.com/kubernetes-sigs/metrics-server) in the cluster because I had done this in a microk8s environment, but I still don't get any memory or cpu information for my pods. Is there something that needs to be tweaked to get this information from an LXC container?
To answer my own question, I found that I had to modify the coredns configuration to add the ip addresses of my nodes. The information here - stackoverflow.com/questions/56559829/metrics-not-available-yet-metrics-server-kubernetes-on-aws was useful.
kubectl create -f raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
Hi Ravi, I believe its a problem with your access. Do you have cluster admin privilege? Check your kube config file. Make sure to use the right kube config file. Can you do other commands like "kubectl get nodes"?
Hi Shivam, thanks for watching. I will try that in my environment and make it a video when I get some time. Hope you have subscribed to my channel and enabled notifications. You will get notified when I upload that video. Stay tuned. Cheers.
Hi Venkat, I tried same steps but unable to access throug private ip with port, got error like below Your connection is not private Attackers might be trying to steal your information from myip:32553/ (for example, passwords, messages or credit cards). Learn more NET::ERR_CERT_INVALID in logs: http: TLS handshake error from 10.32.0.1:51095: remote error: tls: unknown certificate Please help on this Thanks Madhu
![[ Kube 6 ] Running Docker Containers in Kubernetes Cluster](http://i.ytimg.com/vi/-NzB4sPZXwU/mqdefault.jpg)
![[ Kube 6 ] Running Docker Containers in Kubernetes Cluster](/img/tr.png)
![[ Kube 65.1 ] Kubespray - Kubernetes cluster provisioning](http://i.ytimg.com/vi/8Jh4yZQOVZU/mqdefault.jpg)
![[ Kube 31 ] Set up Nginx Ingress in Kubernetes Bare Metal](/img/n.gif)
ive spent 2 days trying to access this form outside and this guy solved my problem with a 12 min video.
Hi Ari, thanks for watching. Glad it helped.
I know that doing blogs and videos can be a thankless job - but seriously, your videos are rock solid! Thank you so much!
Hi Mike, many thanks for your interest in this channel. People like you keep motivating me to do more. Thanks.
You're a lifesaver man, I had given up on dashboard guides and solution out there but this video really solved it for me. Thank you very much.
HI Mayur, thanks for watching.
work Perfectly. It's maybe the first time in my life I have followed successfully tutorial
Hi Rab, thanks for trying this out. Cheers.
The best free educational resource on K8S, thanks for sharing Venkat
Hi Siarhei, Thanks for watching.
I didn't care much about the notifications. The idea of creating a new service account with escalated privileges is amazing
Hi Rewanth, thanks for watching. Cheers.
Awesome Venkat. Appreciate your efforts
Hi Chris, Many thanks for watching.
Hello Venkat, It is so nice !! It is working as expected on 1.16 version. Thank you very much.
Cool. Thanks for watching.
Awesome Sir .. Thank you so much for this video..
Hi Sudhansu, you are welcome and thanks for watching. Cheers.
Very good explanation. Great video
Hi Chetan, thanks for watching.
I am learning a lot from you master. :-) thanks alot.
Hi Mo, many thanks for your interest in my channel. Glad you are finding it useful. Cheers.
....When you get time try to make tutorial based on CI/CD with Jenkins inside two worker node K8S cluster for a simple HTML web app or Nodejs app
Awesome tutorial man, thank you
Hi Donald, thanks for watching.
Awesome video!!
Thanks for watching. Cheers.
U r awesome , Thanks for this video .
Hi thanks for watching. Cheers.
work Perfectly. Excellent! Very helpful! Many Thanks...
Hi Edi, thanks for watching. Cheers.
Who is Awesome, you are Awesome! :)
Hi Bhargav, thanks for watching. Cheers.
Excellent! Very helpful!
Tyanks for watching.
Thanx man,good job.
Hi Boris, Thanks for watching.
Can you explain how to expose web k8s dashboard using Oauth or another authentication please.
ty man... appreciated
No worries. Thanks for watching. Cheers.
Hi mate, is it possible to make a follow up of this video and explain how to expose this using ingress.
Really appreciated
Just me and Opensource Hi Venkat. Thanks for the k8s videos.
i have tried the above URL and deployed pods, roles and svc's. I have changed the svc ClusterIP to NodePort (32323) and when I am trying to access the same from my host(windows desktop) chrome browser(192.168.5.21:32323) i am getting certificate invalid error and its not allowing me to proceed further. i have installed k8s vm's on virtualbox and configured network as NAT(192.168.5.0/24). For testing purpose i have deployed one nginx pod and exposed it to 32324 but in this case i am able to access nginx default page from same host and same browser. For dashboard why its throwing https cert invalid error.
Hi Shiva, Have you tried it from a different browser?
Hi,pod level cpu and memory usage not showing here, something to do with metrics server
Hi, thanks for watching. The cpu and memory usage metrics are shown by the metrics-scraper deployment. Are all your dashboard pods running fine? You can check the logs of the metrics-scraper pod for any issues. And are you using the same link for the dashboard manifest that I used in this video? I haven't tried this recently.
Great stuff. What terminal are you using in these vides’s ?
Hi Steve, thanks for watching. I used Manjaro Linux distro with I3 tiling window manager. I have done few videos on how to configure I3 on various distros. If you are interested, here is the playlist. Cheers.
ua-cam.com/play/PL34sAs7_26wOgqJAHey16337dkqahonNX.html
Hi Venkat I am regularly following your vedios.i want know about hardening kubernetes , could you please explain this topic
I will try to compile some ideas for that. Thanks for watching. Cheers.
Hi Venkat,
Just a quick question, can I still use the heapster.yaml and the influxdb.yaml file with this new method to install the dashboard? so that I can have some graphs.
If I still can use those files, Do they must be applied before or after the command you copied from the Kubernetes website?
Thanks in advance mate.
Hi, thanks for watching. Heapster component has been deprecated. You only need metrics-server that stores various metrics from nodes and pods. In the dashboard you will be able to see all the graphs. You shouldn't be using heapster/influxdb.
Thanks so much for this tutorial.
Thanks for watching.
thank you . works for me.
Hi Ronaldo, thanks for watching.
tried version 1.16.4, if I apply the dashboard when having cluster with 3 nodes, the dashboard will stuck at CreateContainer state and it using the 2nd work node, then I kubeadm reset and do init and re-apply the dashboard with master only and then add the other node, the dashboard created successfully. is there a way to force the dashboard using particular node??
Hi Hakha, thanks for watching. I believe your worker node had some problem which prevented the dashboard pod from running successfully. Anyways, I am glad that you got it working. If you want to force a pod to a particular node, then you can use nodeSelector. You can find a video about nodeSelector in my Kubernetes playlist. Cheers.
@@justmeandopensource thank you for the respond, it was confusing since the worker nodes are identical, it cloned, but I just remove weave net and use calicio and using kube v1.17, it all fine, creating dashboard and replicas
@@hakhastudio7575 Hmm. Strange.
Hi, i exactly followed your steps. But when i click sign in button no response at all. What might be the issue?
HI Venkatesh, thanks for watching.
First make sure the dashboard pod is running fine. Then look at the logs of the dashboard pod. It may have some clue as to why you are not seeing the page. And make sure to use the correct service account token.
Another awesome video. Hi venkat, is it possible the node type kubernetes dashboard using load balancer or ingress?
Hi Imam, thanks for watching. Yes you can use LoadBalancer for your service. Depending on where you are running kubernetes. If you are using one of managed Kubernetes like Amazon EKS, Azure AKS or Google GKE, then you don't have to do anything extra. You can just specify the Type of service as LoadBalancer and a load balancer will be created automatically.
If you are running your cluster on bare metals, you can make use of MetalLB as Load Balancing solution. I have done a video on MetalLB (ua-cam.com/video/xYiYIjlAgHY/v-deo.html).
Hope this helps. Cheers.
Thx! You are cool
Hi Denis, thanks for watching. Cheers.
i am facing the issue
kubectl -n kubernetes-dashboard describe sc kubernetes-dashboard
Error from server (NotFound): storageclasses.storage.k8s.io "kubernetes-dashboard" not found
the dashboard is not working when we access it through the external IP address port..
Hi, thanks for watching. What is the external ip and from which machine you are trying to access it and are these on the same network.
Hi Venkat,
I have deployed the dashboard in Centos 7 but I'm unable to see the dashboard ...
I'm replacing the localhost:portnumber with ipofmaster:portnumber...am i correct here ?
Hi, thanks for watching. How is your k8s cluster provisioned? I tried this video yesterday and it worked fine. Please give me more details about your environment. Cheers.
hey venkat can you tell me how to deploy the dashboard in the GCP manages kubernetes cluster....thank you.
HI Sagar, thanks for watching. I think the below article should help you with that.
medium.com/nycdev/deploy-to-a-managed-kubernetes-cluster-on-google-cloud-894d35b83619
Can you show an example of namespace local Role? i.e. a user should not be able to view the information of other namespace in dashboard
Hi Diplav, thanks for watching. I will see if I have time to record a video for that. I have already recorded and scheduled video for the next two months. Cheers.
@@justmeandopensource Thanks.Can you suggest me a way as I am facing problem in setting up this?This video was very close to what I was looking for however this had mentions regarding the ClusterRole not the Namespace Role..
@@diplavsrivastava8681 Hi, ClusterRole applies to the whole cluster. There is no such thing as namespace role. There are two types of roles. ClusterRole and Role and you bind it to an account respectively using ClusterRoleBinding and RoleBinding. While ClusterRole applies to the whole cluster, Role applies to a specific namespace. So you can create a Role in a particular namespace and create RoleBinding that binds this Role to a user/account. Then if you use that account to login to dashboard, he will only be able to see that particular namespace. Thanks.
@@justmeandopensource Thanks for your reply. I did try that and somehow the user is able to see the pods and services of other namespaces as well
@@diplavsrivastava8681 okay. When I get a chance I will try that later.
Cool....new features...what are updates in new dashboard?
I haven't looked at the new features. Sure there will be lot added in the last 11 months. May be some bug fixes, UI enhancements and others.
@@justmeandopensource that's fine...can you pls update the lxc container for kube 1.16?
I'm still using the lxc kube 1.14.
@@manikandans8808 Hmm.. I never got around to finding a solution to run k8s v1.15+ in lxc containers. For my videos and personal learning I always use KinD. I have asked in many forums and there is not a lot of people using LXC containers for their k8s cluster.
If I find a way, I will definitely let you know.
Cheers.
@@justmeandopensource thanks venkat...🤗🤗🤗...cheers!!!!
@@manikandans8808 you are welcome
How to expose it via ingress? I tried by setting 443 port on ingress but getting empty page
Hi Vladimir, thanks for watching. I will see if I can do a video on this. Cheers.
Cool I tried but getting blank page
i am getting below error after applying k8s dashboard yml file
CrashLoopBackOff ...what it means , how to fix this?
How should i access my dashboard running in EC2 from a web browser internet
Very helpful to me thanks a lot ...
Hi Sajjad, thanks for watching.
what is the difference between its bashboard with the bashboard minikube?
This worked, thanks! How is the SSO set up for k8s dashboard?
Hi, thanks for watching. I haven't explored much into SSO side.
Hi Venkat, I am unable to edit kubectl -n kubernetes-dashboard edit svc kubernetes-dashboard in Mac . Warning: Failed to set locale category LC_MESSAGES to en_SG.
A copy of your changes has been stored to "/var/folders/jn/b4j7z6v966z4m53hmry6yysw0000gp/T/kubectl-edit-5du51.yaml" . I am able to access the dashboard if I run port forward. Any hint can help me resolve this would be great. thank you.
Hi, thanks for watching. I believe this is something to do with the terminal editor you are using in Mac. What is your terminal editor set to? Is it vim? Does kubectl edit command opens a vim editor? Can you open other documents using vi/vim?
Add the below line to your .bash_profile in your home directory.
export LC_ALL=en_US.UTF-8
And then logout and log back in and see if you still get the error.
@@justmeandopensource added export LC_ALL=en_US.UTF-8 and switched to mac terminal from iTerm. Managed to edit to NodePort and it is working as you have shown in the videos. Thanks very much for your help.I will continue with the videos. Just simple question, would you like create a course in udemy or own portal on Kubernetes cluster to run a micro service architecture which includes queue, memcache etc with a CI/CD pipeline ? I am willing to pay for it to learn from you. You have good knowledge on subject and explanation is very clear.
@@learndevops3666 Glad to hear that the problem has been resolved. Thanks for your interest in my videos. I am doing these videos out of my own interest during my spare time in the weekend. I have a primary 9-5 job as a DevOps engineer. I don't have enough time to practice and do videos unfortunately. I can't do more than 2 videos in a week. I will however continue to do Kubernetes videos in my Channel though. Thanks again for your interest.
@@justmeandopensource Understood :-) ..Again many thanks for this selfless service of sharing knowledge..
does this work in 1.18.6 k8s version? I cannot edit service, it gives error: services "kubernetes-dashboard" is invalid
Hi, this video is very helpful to me but I am not able to see any namespace in kubernetes dashboard except default namespace... please help.
Hi Dipti, thanks for watching. It looks like you don't have permissions to view other namespaces. In this video, I created a service account and attached the cluster-admin role to the service account and used that service account's token to login to the dashboard. Please double check the steps shown in this video and use the right service account.
how do I caonfigure a non admin account to let the user see some namespaces and not all of them? thanks
Hi, Thanks for watching this video.
You could create a user account (basically certificate/token, not really an user account) and assign it a role with rolebinding. Basically you are creating a role that says this user can only access this namespace. And you will have to create rolebinding for every single namespace that the user needs access.
You can check the below article for detailed steps.
docs.bitnami.com/kubernetes/how-to/configure-rbac-in-your-kubernetes-cluster/
But instead of creating a role, just create cluster role. So that you have one cluster role and individual role bindings for each namespace the user needs access. Otherwise you will have to create role and rolebinding for each namespace.
So one cluster role and as many rolebindings (not clusterrolebinding) as you need.
You can also check the below link.
medium.com/faun/kubernetes-rbac-use-one-role-in-multiple-namespaces-d1d08bb08286
Hope it makes sense
Thanks
Thanks! works fine also for version v1.14.1. Can you make another video to add grafana graphs to it? Thanks in advance!
Hi Martin, thanks for watching. Grafana is a visualization only tool. You will have to store the metrics somewhere like in Prometheus. I am not sure what you mean by adding Grafana dashboard to it. I have done a video on Prometheus/Grafana in Kubernetes for monitoring. If you are interested you can watch it at ua-cam.com/video/CmPdyvgmw-A/v-deo.html
Thanks.
Hi sir ,It is very Nice video and solved my issues .but one think its not able to open chrome browser ,for POC i need to do Chrome ,kindly help -error "NET::ERR_CERT_INVALID",cleared chache and opened safemode also but not luck.Master node is running Azure -Ubuntu 18
Thanks for watching. Can you try access it from a different browser. I have heard this from few viewers and they confirmed it worked on Firefox.
Not able to expose the Kubernetes Dashboard through Nginx Ingress Controller.
any clue on how to deploy same in katacoda playground or play with k8
Hi Naveen, thanks for watching. I haven't tried either of those. Not sure what level of control you have with them.
See if the below discussion helps you.
stackoverflow.com/questions/46906977/running-dashboard-inside-play-with-kubernetes
Hello Sir, thanks for this video.
is there a plan to make a playlist about GCP?
Not at the moment I am afraid. Have plenty other topics in mind. Thanks.
Followed tutorial & Works perfectly, but in dashboard not getting cpu & memory utilization of pods
.
Hu Mahesh, thanks for watching. Those metrics are handled by the metrics server. Please check that metrics server has been deployed properly. You can also check its logs. Cheers.
@@justmeandopensource Metric pod is running, but getting "level":"error","msg":"Error scraping node metrics: the server could not find the requested resource (get nodes.metrics.k8s.io)" in logs
@@mahesh8490 Hmmm. That needs bit more investigation.
@@justmeandopensource issue resolved, after following video tutorial, metric-scraper & dashboard was running, so i have installed the metric server separately, and added the following thins in yaml, - /metrics-server
- --kubelet-insecure-tls
- --v=2
- --kubelet-preferred-address-types=InternalIP
hostNetwork: true
thanks for putting Kubernetes tutorial, your videos are awesome, just following your videos, i was able to deploy my docker container application on kubernetes.
hey i wanna ask you something
is that normal for kubernetes dashboard status always creatingContainer for 2 days? can i fix that and how?
i hope you answer my question
and your video is helpfull
thank you
Hi Hardian, its definitely not normal. Something is stuck. I would advise you to look into the logs and events. kubectl get events, kubectl describe deploy , kubectl logs and so on to identify why its in that state. Cheers.
venkat by any chance ur going to do gitops videos?
Hi Srinath, thanks for watching this video. With the feedback and motivation from all my viewers, I want to do more stuff related to DevOps. But the problem is finding time to do it. I have a primary 9 - 6 job and using my evenings to learn, practise and record videos. Currently doing Kubernetes and AWS series. Soon will be starting Terraform. GitOps, GitLab, Spinnaker and many other topics are in my list. I wish I had 48 hours a day :)
Thanks.
@@justmeandopensource Thanks a lot. Please keep up the good work.. Thanks again for this videos and future videos. :)
Thanks Srinath.
Hi..first of all thanks for the video..
I got some issues in getting the dashboard. When i describe the dashboard service, Endpoints shows . How to fix it?
Hi venket is there any way that I can login to my kubernets dashboard with username and password not by token , how I create user for kubernets dashboard .
Hi Atul, thanks for watching. I tried this video yesterday as it was done a while ago and want to make sure this video is still relevant. It worked exactly as shown in this video. Regarding logging in with username/password, I don't think its possible. There are only two ways, either service account token or using your kubeconfig file.
At the moment, kubernetes dashboard only supports one cluster where is deployed. But work is in progress for the next major version (2.0) where there will be option to switch between different cluster using kubeconfig file. This is just for your information. Cheers.
Hi Venkat,
Great video! Really helped me understand a couple of things, however I'm facing an issue:
I have a Raspberry Pi cluster, and I deployed the dashboard on that cluster.
I configured the service as NodePort, and edited my hosts file on my computer (not running k8s).
When trying to access the dashboard I'm getting a "ERR_CERT_INVALID" webpage, without the option to click on "proceed anyway" (no button).
Any ideas on how can I overcome this problem?
Thanks :)
Dashboard is not getting accessible on a machine in the same network other than master, even nodeport service is created.
Hi, thanks for watching. How are you exposing the dashboard service? NodePort, load balancer or port forwarding.
But working on centos, any videos can you publish on environemnt for master on Ubuntu??
@@justmeandopensource load balancer
@@PackageBuilder Cool.
Hi venkat
Is there any possibility to login kubernetes dashboard with own password insted of using token.
Hi Jaya, thanks for watching. I don't think so. You only get two options (kubeconfig/token). I have tried the kubeconfig way, but never worked.
You can think differently and implement your own solution something like below.
You deploy dashboard as usual. And separately configure an Nginx reverse proxy where you can have username/password based simple basic http authentication that proxies the request to dashboard service in the cluster along with the token in the header.
@@justmeandopensource
Ok i ll try...thanks for ur responde
@@jayaraju4574 Cheers.
I'm gettting this error while trying ro port-forward
error: error upgrading connection: unable to upgrade connection: Unauthorized
Hi Mir, thanks for watching. I am not entirely sure about that error as I have never encountered it. Have you tried searching Google for possible answers?
i modified the rolebinding for kubernetes-dashboard so that i can still use the same user to access the dashboard.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-rolebinding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: kubernetes-dashboard
namespace: kubernetes-dashboard
Okay.
Nice video, but perhaps not very realistic with the machine which provisioned the cluster being a GUI linux, usually it would be a non GUI linux and you wouldn't be able to open up a browser and port-forward only works with the host machine by default. I tried to play with it for quite a while but just couldn't get it to work, I tried various configs, ended up with allowing 0.0.0.0 on the master and then IP forwarded on the underlying machine from my 192... internal network to 192. of the machine which hosted the cluster and there it was with kubectl .. port-forward forwarded into the cluster 172.. network. It worked but somehow I was only getting JSON output from the dashboard, I couldn't find a solution so I just gave up.
probably didn't explain well so another try:
A: 192.168.0.80 - my desktop
B: 192.168.0.100 - my laptop which provisions the cluster through vagrant
C: 172.42.42.100 - master IP
so on master I did kubectl proxy --address=0.0.0.0 --accept-hosts=^*$, had to it that way because simple port forward only allows access from 192.168.0.100
then I went on 192.168.0.100 and iptables forwarded traffic from 192.168.0.80:8000 to 172.42.42.100:8001 (8001 is default port for kubectl proxy)
so now I could access 172.42.42.100:8001 from 192.168.0.80 through 192.168.0.100:8000, but the output wasn't graphical but rather a JSON...
Thanks for watching. I agree. All my videos are based on local k8s cluster running on my Laptop. If you are connecting to a server where you are running k8s in virtual machines, there are two hops to get to the nodes and you will have to manage the port forwarding to get to it.
I followed by your video when I access the dashboard from the browser(172.42.42.101:32323) it shows the message "Client sent an HTTP request to an HTTPS server." only.
I tried different browsers to verify it.
Please help me with it to go forward.
Hello, thanks for uploading this video. How can I enter this dashboard from other subnets? Before I used this command to accept any source:
kubectl proxy --address='0.0.0.0' --port=8001 --accept-hosts='.*'
Thanks again.
Hi Emanuel, as shown in the video, if you had changed the dashboard service to Nodeport, you can access it from any machine that can reach one of the node's ip. You can also expose dashboard service as Load Balancer if you have metallb deployed. Thanks.
@@justmeandopensource Thanks (again) for your answer. There is a way to check why is not working for me? Im connected over SSH to my master node, so I can reach it. But when I want to enter the dashboard using 192.168.68.231:30935 , I can't.... 30935 is the port generated by NodePort.
[epena-local@emak-m ~]$ kubectl -n kubernetes-dashboard get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.106.251.235 8000/TCP 16m
kubernetes-dashboard NodePort 10.101.146.184 443:30935/TCP 16m
Linux CentOS firewalls are off.
Okay. From the machine you are right now, can you ping the worker nodes IP address?
Just me and Opensource hello!! yes I can ping the Workers and the MasterNode too from my computer on the other subnet
@@MatiMape I tried it now. Deployed the kubernetes-dashboard.
kubectl apply -f raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta4/aio/deploy/recommended.yaml
Kubernetes-dashboard service is a ClusterIP type and I didn't use NodePort. Then ran kubectl proxy on my local machine.
kubectl proxy
Then I was able to access the dashboard using below url.
localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
Are you running kubectl locally or are you connecting to a different machine where you are running kubectl?
Hmm I'm sorry.. I have a problem.. I still can't access my dashboard form localhost:8000 it said this site can't be reach.. I've followed ur steps except I'm using project calico as my pod network cidr.. I'm so clueless lol. pls I'm sorry can u help me?
I also can't ping my localhost:8000
The output is
Name or service not known
@@rii8487 Hi Annisa, thanks for watching this video. You will have to access the dashboard using https after doing a port forward.
localhost:8000
I've tried that URL but still refused form my browser :(
@@rii8487 Okay how about using a NodePort service instead of port-forwarding?
@@justmeandopensource haven't tried that out yet. I've tried 1)kubectl proxy and open the URL that given by kubernetes.io itself
2)port-forward like what u did on ur vid
But the output from my browser still the same 'refused it said that I need to configure my firewall or something'
Heyy,
This is no doubt a great video and it helps me a lot, i have one question i hope you will revert me soon.
I have deploy the dashboard in 1.17.2 version and it is perfectly deployed but i am not able to see any graphs like it was shown in your previous video...
Can u help me on this
Hi Gautam, thanks for watching. All the graph related stuff are provided by metrics-server. Previously I used to use heapster and influxdb for metrics collection in the cluster. But they have been deprecated. Now we got to use metrics-server which collects and stores the metrics. Dashboard deployment will be able to pull metrics from metrics-server deployment and display them in the dashboard. So please make sure you have deployed metrics-server and is running fine without any issues.
Cheers.
Hi Venkat, I am new to kubernetes as well as devops, your videos are providing better quality content for better understanding. Thanks for the great job .
But I am facing an issue,
I have followed your video to bring the cluster manually using kubeadmn + flannel (1 master nodes+2 worker nodes)
,as suggested in this video I have deployed the kubernetes-dashboard and have exposed the same with nodeport type service
Issue: I am able to access the dashboard only on the node where the kubernetes-dashboard pod is running not on the other node,
Same is faced by any applications exposed via nodeport service
Does NodePort Service type unirformly distribute the load between the worker nodes
Can you kindly me with the same
Can you kindly do a detailed video on the service types and the Loadbalancing of traffic covered by each service type
Hi Monisha, thanks for your interest in this channel. I believe something is wrong with your cluster networking. The idea behind nodeport service is that you can reach the nodeport on any of the nodes in your cluster (even when that node isn't running the actual pod), you will be redirected to one of the node where the pod is running. This is all taken care by the CNI overlay network which is Flannel in your case. This needs bit more debugging to find where the issue is.
@@justmeandopensource any furthee help on how i can further debug and fix, tried all that I can
I've install on the remote server. How can i access dashboard from remote?
Hi Ho, thanks for watching. Depending on the setup, you will have to set up port forwarding. Or you can configure your virtual machines to get IP address from the host network. Cheers.
Thanks. follow you
Hi Xin, thanks for watching. Cheers.
Fresh cut
Can't access the dashboard
Can you provide more details?
@@justmeandopensource Well. It just gives me the This site can’t be reachedlocalhost refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSED
error.
Also, how do you save the edits in svc? Eg the part where you edit the nodeport. It's going a little too fast
I'm learning a lot from your videos, great stuff! I've set up a cluster of LXC machines running inside of an Ubuntu VM (using Multipass on my Mac). I installed the dashboard and got it working from your instructions, but I'm not getting any cpu or memory data. I installed the metrics-server (github.com/kubernetes-sigs/metrics-server) in the cluster because I had done this in a microk8s environment, but I still don't get any memory or cpu information for my pods. Is there something that needs to be tweaked to get this information from an LXC container?
To answer my own question, I found that I had to modify the coredns configuration to add the ip addresses of my nodes. The information here - stackoverflow.com/questions/56559829/metrics-not-available-yet-metrics-server-kubernetes-on-aws was useful.
Hi James, many thanks for watching. Glad that you found and resolved the issue.
kubectl create -f raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
Hi Ravi, I believe its a problem with your access. Do you have cluster admin privilege? Check your kube config file. Make sure to use the right kube config file. Can you do other commands like "kubectl get nodes"?
iam geting error please help me any one ..
Hi Ravi, thanks for watching. What error do you get? Could you please explain in a bit more detail. Thanks.
how to access Kubnernetes Dashboard Web UI using Istio ingress controller
Hi Shivam, thanks for watching. I will try that in my environment and make it a video when I get some time. Hope you have subscribed to my channel and enabled notifications. You will get notified when I upload that video. Stay tuned. Cheers.
Hi Venkat, I tried same steps but unable to access throug private ip with port, got error like below
Your connection is not private
Attackers might be trying to steal your information from myip:32553/ (for example, passwords, messages or credit cards). Learn more
NET::ERR_CERT_INVALID
in logs:
http: TLS handshake error from 10.32.0.1:51095: remote error: tls: unknown certificate
Please help on this
Thanks
Madhu