Kubernetes, as a platform, is a comprehensive set of tools for orchestrating containers at scale. It consists of a modular architecture of specific components with a defined purpose. For example, the scheduler finds the ideal match for a particular pod and the kube-proxy manages the networking between the nodes and the master.
One of the most useful components is the Kube API server, which is the main interaction point between the master and the external world. It offers a complete set of REST operations from which all other components interface with each other. Having a REST server is also useful for offering Dashboards for managing Kubernetes via a UI. The official Kubernetes team maintains a Web UI Dashboard, which is a quick and convenient way to manage and troubleshoot cluster resources.
Below, we will discuss how to deploy and utilize a standard Kubernetes Dashboard and show the benefits that a Sumologic kubernetes dashboard provides.
Deploying and Utilizing the Dashboard UI
Surprisingly enough, the dashboard itself is a container that accesses the cluster information from within the cluster. For Kubernetes, it is just another resource it needs to manage.
To install it, we need to apply the recommended deployment descriptor file:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
There is also an alternative deployment path with less secure endpoints:
https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/alternative.yaml
Take a look at those yaml files before executing the plan, as it gives you a clearer picture of what we are going to deploy:
- A namespace: kubernetes-dashboard
- A service account for the dashboard
- A service from port 8000:8000
- A secret
- A Config map
- An RBAC role and RoleBinding
- The main image deployment
- The metrics scraper deployment
Once the deployment completes, you can establish a proxy connection with the cluster, using the following command:
$ kubectl proxy
Starting to serve on 127.0.0.1:8001
Now navigate to:
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#/login
You will be presented with this login screen:
We need to select Token here, and use the secret value as stored in the cluster. For convenience, I’ve listed a small script that we use to search for the secret token name and copy the token to the clipboard:
#!/bin/bash get_k8s_secret() { k8s_namespace=$1 query_name=$2 echo "query:" echo " namespace: $k8s_namespace" echo " query_name: $query_name" secret_token_name_output=$(kubectl -n "$k8s_namespace" get secret | grep "$query_name" | awk '{print $1}') if [[ -z "$secret_token_name_output" ]]; then echo "message: Token name not found" else secret_token_name=(${secret_token_name_output//"\n"/ }) if [[ "${#secret_token_name[@]}" -gt 1 ]]; then echo "message: More than one token found" echo "secret_names: ${secret_token_name[@]}" else k8s_secret=$(kubectl -n "$k8s_namespace" describe secret "$secret_token_name") token=$(echo "$k8s_secret" | grep -E '^token:' | cut -f2 -d':' | xargs echo -n) echo "message: Token found! This is copied to your clipboard" echo "secret_name: $secret_token_name" echo "secret_token: $token" $(echo "$token" | pbcopy) fi fi } for i in "$@" do case $i in -n=*) NAMESPACE="${i#*=}" shift # past argument=value ;; -q=*) QUERY="${i#*=}" shift # past argument=value ;; -d) DASHBOARD_DEFAULT="true" shift # help ;; -h) HELP="true" shift # help ;; *) # unknown option ;; esac done if [[ "$DASHBOARD_DEFAULT" ]] ; then get_k8s_secret kube-system kubernetes-dashboard-token elif [[ "$NAMESPACE" && "$QUERY" ]] ; then get_k8s_secret "$NAMESPACE" "$QUERY" elif [[ -z "$DASHBOARD_DEFAULT" || -z "$NAMESPACE" || -z "$QUERY" || "$HELP" ]] ; then echo -e "You need to set some of the following paramaters:\n" echo "Usage: $0" echo -e "\t-d - The Default Dashboard query. The following parameters are set -n 'kube-system' -q 'kubernetes-dashboard-token'" echo -e "\t-n - The kubernetes namespace" echo -e "\t-q - The kubernetes secret name to query" echo -e "\t-h - Help" exit 1 fi
Here is how we use it:
k8s-token -d - The Default Dashboard query. The following parameters are set -n 'kube-system' -q 'kubernetes-dashboard-token' -n - The kubernetes namespace -q - The kubernetes secret name to query -h - Help
That should print:
query: namespace: kube-system query_name: kubernetes-dashboard-token message: Token found! This is copied to your clipboard secret_name: kubernetes-dashboard-token-wxyz secret_token: eyJhbGciOiJSUzI1NiIsImt…
Once we login we should be able to view the main dashboard page:
Now let’s explore the dashboard in detail.
Navigating through the Dashboard UI
Navigating through the Dashboard layout should be intuitive. There are main sections on the right-hand side for Cluster Management, Workloads, Service Discovery, Config, Storage and Settings.
Each section expands to subsections where we can select individual resources that we can manage. For example:
- We can easily switch namespaces using the dropdown selection option:
- We can see all the available nodes from Cluster-> Nodes
- We can see the list of all pods, and filter by pod label from Workloads->Pods
- We can see the list of all config maps, and filter by pod label from Config and Storage >Config Maps
- We can perform additional actions for each item in the list by clicking on the vertical dotted icons on the right-hand side. For example, we have the option to see the logs or scale the deployment:
That concludes the basic navigation of the dashboard. Let’s see how we can create a new resource using the UI this time, and deploy it into the cluster.
Deploying Containerized Applications
We can create a new resource deployment using the plus (+) button on the upper right-hand corner of the screen:
We can then have various options to describe our deployment such as text, file or a generic form. Let’s choose the last option and follow the form steps to deploy a Redis server in our cluster.
Fill in the following fields as depicted in the screenshot below:
If you click on the show advanced options button you can fill in additional properties regarding the deployment:
Once you are ready, click on the Deploy button. You should be able to see the deployment information and its status:
Once the deployment is successful, we should be able to connect to the redis server from within the cluster. For example:
$ kubectl exec -it redisdemo-598d696fb6-mfmhz /bin/sh /data # ps PID USER TIME COMMAND 1 redis 0:00 redis-server 16 root 0:00 /bin/sh 21 root 0:00 ps /data # redis-cli 127.0.0.1:6379> INFO # Server redis_version:3.2.7 redis_git_sha1:00000000 redis_git_dirty:0 redis_build_id:10f09fc625258756 redis_mode:standalone os:Linux 4.14.152-127.182.amzn2.x86_64 x86_64 ...
Once we are finished working with this example, we can destroy it using the trash icon:
Kubernetes Dashboards with Sumo Logic
The official Kubernetes Dashboard is a valuable tool when we want to quickly manage and monitor our Cluster. However, out-of-the-box it is very limited, and it quickly becomes a second or third choice. For those that want something more advanced and need enterprise-level support, you can leverage the new Sumo Logic Dashboards for Kubernetes.
Among the many features, they offer integration with the existing Sumo logic Dashboards, so we don’t have to switch tabs and places to monitor our cluster. We have numerous collection options and custom widgets. There are also additional sections, such as a dedicated security overview. This is more favourable than the stock dashboard, which has a set widget layout and looks more primitive.
The benefits of using a custom Dashboard for Kubernetes like Sumo Logic Dashboards, is the improved visibility and more streamlined experience. We have more options for customization coupled with the enterprise-level of support for new features that makes the product more aligned with the business needs.
Complete visibility for DevSecOps
Reduce downtime and move from reactive to proactive monitoring.