Lab 13.3 Instruction to install and run Dashboard is not clear

ogbonnaec

@chrispokorni
The instructions for the labs are missing on installing the helm chart.
I have followed what is on the github Readme document but it does not work.

Firstly its not clear on where I to edit on the value.yml
I added the nopeport entry in the only service in the nginx ingress block I saw on the file but there is and that did not work.
And there is not previous similar lab to refer to.

chrispokorni

Hi @ogbonnaec,

The intentionally missing instructions for the helm chart installation encourage the learner to navigate the helm chart registry and become familiar with its features.

As far as configuring the dashboard please take a look at one of my earlier comments on a similar discussion topic:

https://forum.linuxfoundation.org/discussion/comment/39269/#Comment_39269

Regards,
-Chris

ogbonnaec

Hello @chrispokorni
I have read your post and it is clear your team is aware that service block is no longer in the value.yml of the helm chart. my question is why do you still keep a false and misleading lab guide.
Do you know how frustrating it is for someone who is learning to follow a "how to" documentation from a trusted body like LF leading you to a dead end.
I paid for this course to learn from a point to known to the unknown not vice versa. I saw comments from 2022 about this same lab and it has not been revised.
I have not skipped any lab till this point but I think I will skip this. I have been stuck here for more than two weeks. My metric server runs fine but the dashboard is the issue. I have tried to edit the port section of the dashboard-web service but it does not validate my edit.
I like to find solutions to things but that when I have a reference material. The instruction on the github page is straight forward but still does not work.

chrispokorni

Hi @ogbonnaec,

A temporary working solution would be to deviate from the ever complex helm chart and fall back to an earlier release of the Kubernetes Dashboard. The installation and configuration are easily managed through a single manifest, attached with this comment.

Download the attached file, save it as .yaml (instead of .txt).
It assumes you already have the metrics-server running in your cluster.

Load the manifest and install the dashboard
kubectl apply -f kubernetes-dashboard-v2.7.0.yaml

Retrieve the node IP
curl ifconfig.io

Retrieve the dashboard service node port
kubectl -n kubernetes-dashboard get svc kubernetes-dashboard

Create the sign-in token
kubectl -n kubernetes-dashboard create token kubernetes-dashboard

Regards,
-Chris

jmfwss

I followed the instructions in Lab 13.3, but when I list the service accounts in step 4., I get

vagrant@cp:~/kubernetes-dashboard$ k get serviceaccounts
NAME                                             SECRETS   AGE
dashboard-kong                                   0         82s
dashboard-kubernetes-dashboard-api               0         82s
dashboard-kubernetes-dashboard-metrics-scraper   0         82s
dashboard-kubernetes-dashboard-web               0         82s
default                                          0         245d
myingress-ingress-nginx                          0         9d

instead of the only dashboard-related dashboard-kubernetes-dashboard account shown in the output.

Which of the four is eligible for clusterrole configuration?

Cheers,
Jens

chrispokorni

Hi @jmfwss,

For the time being, you are welcome to try the temp workaround posted earlier.

Regards,
-Chris

jmfwss

Hello @chrispokorni ,

I tried the workaround that you suggested to @ogbonnaec and it finally worked out so I can see the graphs in my browser.

However, I had to jump some hoops:

1. With your workaround, the dashboard is deployed in the kubernetes-dashboard namespace, so it must be specified when figuring out the service accounts and when creating the token.
2. because in my case the cluster runs on nodes deployed as virtual machines on a host, the Public IP returned by config.io is the IP address of the host machine; I had to specify the IP address of the VM hosting the controller node instead. A short note about different setups in which config.io might be misleading in step 5 would be helpful in the future.

Cheers,
Jens

chrispokorni

Hi @jmfwss,

It is best practice to have complex applications such as the dashboard deployed to their dedicated namespaces. The namespace options were supplied with the work around commands above.

In more complex networking setups, or combinations of host, nat, and/or bridged, the IP addresses of a VM can be listed with ip a or hostname -I. The command shown in the lab guide may work with a single bridged adapter per VM to return its private IP.

Regards,
-Chris

gavsdavs

This is made more complex by an existing ingress still there from a previous lab. Sometimes it's suggested resources are removed to tidy up, sometimes they are needed for the next lab.

In this case there was a lab for the 2 webservers still there, and the kubernetes-dashboard helm chart cloned from git added another ingress, but was disabled and this is not noted in the lab guide.

The guide suggests setting up a simple nodeport, but the chart provides an ingress.

I've tried the workaround posted on June 18th and though I can see the nodeport listed in
kubectl get svc -n kubernetes-dashboard

student@lab3:~$ kubectl get svc -n kubernetes-dashboard NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE dashboard-metrics-scraper ClusterIP 10.102.148.205 <none> 8000/TCP 19m kubernetes-dashboard NodePort 10.105.190.122 <none> 443:30443/TCP 19m

student@lab3:~$ curl https://10.0.1.151:8443 curl: (60) SSL certificate problem: self signed certificate More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not establish a secure connection to it. To learn more about this situation and how to fix it, please visit the web page mentioned above.

student@lab3:~$ echo close | telnet 10.105.190.122 8443 Trying 10.105.190.122...

It does not respond on it's nodeport IP from within the cluster, I'm not sure why.

And I can't access it from my home PC.

This is a poor/over-complicated exercise and ideally needs to be reviewed from scratch if it's to be of any value

gavsdavs

In response to

"The intentionally missing instructions for the helm chart installation encourage the learner to navigate the helm chart registry and become familiar with its features."

I think this needs to be an explicit exercise in the Helm chapter where it fits, as opposed to an unspoken lesson when trying to integrate the dashboard with the metrics server.

chrispokorni

Hi @gavsdavs,

To explore the dashboard exercise as it was originally intended, feel free to use the workaround posted above. It takes away the guesswork and packs the kubernetes-dashboard installation and configuration into a single manifest - also provided.

https://forum.linuxfoundation.org/discussion/comment/40239/#Comment_40239

Regards,
-Chris

gavsdavs

Hi @chrispokorni, i tried that, i couldn't work out how to get the service exposed so i could see it from my home workstation (as I covered above)

chrispokorni

Hi @gavsdavs,

What type of Kubernetes cluster setup do you have?
The dashboard should be accessible from the browser, not curl (as presented in step 3 of lab exercise 13.3 Configure the Dashboard). On your workstation open a browser window and in the address bar type https://node-IP:node-port . The commands above help you to retrieve the node's IP address and the value of the node-port (it should be 30443 if the manifest was correctly deployed).

Regards,
-Chris

gavsdavs

I'm re-doing all the exercises for a review, i'll get back to this

gavsdavs

ok i got through this - i found that the proxy server i use at home doesn't permit me to see the "continue but with warning" button because it's a self-signed SSL website. I tried with an unproxied browser and it worked (and the instructions above).

Many thanks.