How do I set up a Kubernetes dashboard on an Amazon EKS cluster?
Last updated: 2019-07-17
How do I set up a Kubernetes dashboard on an Amazon Elastic Kubernetes Service (Amazon EKS) cluster?
Short Description
Heapster, the deprecated metrics provider, is required for setting up a Kubernetes dashboard. Because Heapster is deprecated, the read-only port (10255) of the kubelet in the Amazon EKS-Optimized AMI (starting with version 1.10.11) is disabled. This disabled port generates an error in the Heapster logs that says "dial tcp x.x.x.x:10255:getsockopt: connection refused." This error means that you can't see CPU and memory metrics when you access the Kubernetes dashboard.
Resolution
Set up your environment
Note: If necessary, connect to your Amazon Elastic Compute Cloud (Amazon EC2) instance using SSH. The syntax in the code examples below applies to Linux servers.
1. Install kubectl and aws-iam-authenticator.
2. To configure your kubeconfig file to point to the Amazon EKS control plane, run the following command:
$ aws eks update-kubeconfig --name EKS_ClusterName
Note: Replace EKS_ClusterName with your EKS cluster name. For additional information on configuring your kubeconfig file, see update-kubeconfig.
3. To verify that worker nodes are running in your environment, run the following command:
$ kubectl get nodes
4. To verify that the Kubernetes service is running in your environment, run the following command:
$ kubectl get svc
Create a Kubernetes dashboard
1. To create a Kubernetes dashboard, run the following command:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
2. To make metrics and graphs available on your dashboard with Heapster, run the following command:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/heapster.yaml
Important: To get Heapster to collect CPU and memory metrics that will appear on the Kubernetes dashboard, you can use the amazon-eks-nodegroup template for AWS CloudFormation to provision your EKS worker nodes. To avoid the error from the Short Description section, enable the read-only port (10255) on your Amazon EKS-Optimized AMI in your AWS CloudFormation template. Also, set the BootstrapArguments parameter to --kubelet-extra-args '--read-only-port=10255' when you create your EKS worker nodes.
3. To create a deployment and service, run the following command:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/influxdb/influxdb.yaml
4. To create a cluster role binding for the dashboard, run the following command:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/heapster/master/deploy/kube-config/rbac/heapster-rbac.yaml
5. To create a new service account with cluster admin privileges, run the following command:
cat > eks-admin-service-account.yaml << EOF
apiVersion: v1
kind: ServiceAccount
metadata:
name: eks-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
name: eks-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: eks-admin
namespace: kube-system
EOF
6. To verify that a manifest file was created in the previous step, run the following command:
$ cat eks-admin-service-account.yaml
7. To bind eks-admin to the cluster role binding, run the following command:
$ kubectl apply -f eks-admin-service-account.yaml
8. To forward all requests from your Amazon EC2 instance localhost port to the Kubernetes dashboard port, run the following command:
$ kubectl port-forward svc/kubernetes-dashboard -n kube-system 6443:443
9. To access the port from your local machine with an SSH tunnel, run the following command:
ssh -i EC2KeyPair.pem ec2-user@IP -L 6443:127.0.0.1:6443
Note: Replace EC2KeyPair.pem with your key pair.
Access the Kubernetes dashboard in a browser
1. To access your Kubernetes dashboard in a browser, enter https://127.0.0.1:6443.
The Kubernetes dashboard loads in the browser and prompts you for input.
2. To get a bearer token for authentication, return to the command line, and run the following command:
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')
3. Copy the token from the command line output.
4. In your browser, in the Kubernetes Dashboard pop-up window, choose Token.
5. Paste the token from the output into the Enter token box, and then choose SIGN-IN.
You now have access to the Kubernetes dashboard in your browser.
Related Information
Did this article help you?
Anything we could improve?
Need more help?