-
Notifications
You must be signed in to change notification settings - Fork 13
/
Copy pathexpose-dashboard.sh
executable file
·63 lines (53 loc) · 2.14 KB
/
expose-dashboard.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
#!/usr/bin/env bash
set -u # fail on undeclared variables
####################################################################################
#
# Running this script on the server will do the following:
# 1) Run kubectl proxy
# 2) Add an RBAC account and cluster role binding for access
# 3) Print the token for that relationship (to be used in the UI)
# 4) Print the URL to use.
#
####################################################################################
PROXY_PORT=${PROXY_PORT:-8001}
LOCAL_ADDR=${LOCAL_ADDR:-'0.0.0.0'}
# Ensure the port is open .. otherwise assume this script has already executed
PORT_STATUS=`sudo netstat -tulpn | grep ${PROXY_PORT}` &>/dev/null
# PORT_STATUS has text if port open; hence fail -z; || clause will run
if ! [ -z "$PORT_STATUS" ] ; then
echo "Port ${PROXY_PORT} is already used. Exiting"
echo "Process: `echo ${PORT_STATUS} | cut -d ' ' -f 7`"
exit 1
fi
# This command runs the proxy, allowing anyone to connect
kubectl proxy --port=${PROXY_PORT} --accept-hosts='^.*$' --address=${LOCAL_ADDR} &
# Use the token method for gaining access to the dashboard. This will require some
# setup for RBAC.
# Create/Update the service account (used in cluster role binding)
cat <<EOF | kubectl apply -f -
kind: ServiceAccount
apiVersion: v1
metadata:
name: microk8s-admin
namespace: kube-system
EOF
# Create/Update the cluster role binding
cat <<EOF | kubectl apply -f -
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: microk8s-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: microk8s-admin
namespace: kube-system
EOF
# Print the token that is needed to view the dashboard
printf "\nTo access the kubernetes dashboard, go to:\n"
printf "\n\t http://<EXTERNAL_IP>:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ \n"
printf "\nCopy/paste this token into the kubernetes dashboard:\n"
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep microk8s-admin | awk '{print $1}') | grep token: | cut -d ":" -f 2 | xargs