search

PyratLabs / ansible-role-k3s

Ansible role for installing k3s as either a standalone server or HA cluster.
BSD 3-Clause "New" or "Revised" License
627 stars 135 forks source link

k3s dashboard #178

Closed yodog closed 2 years ago

yodog commented 2 years ago

i really liked how easy it is to use your ansible role.

i would like to suggest an option to automatically install dashboard as well.

also, while not implemented, if anyone could write a few steps i could add to the playbook, it would be awesome.

PS: i found this https://github.com/RickCoxDev/k3s-ansible/blob/master/roles/dashboard/tasks/main.yml to install the dashboard, but looks like a lot of code... is there any way to make simple?

xanmanning commented 2 years ago

Hi @yodog,

With K8s dashboard there's a lot of stuff around RBAC to consider so I am a bit more hesitant to add it as an option.

There is an option in the role to download and install manifests when building a K3s cluster, as a very basic playbook you could do something like this:

---

- name: Ensure K3s is provisioned
  hosts: k3s_nodes
  vars:
    k3s_server_manifests_urls:
      - url: https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
        filename: kubernetes-dashboard.yaml
  tasks:
    - name: Ensure K3s role is run
      include_role:
        name: xanmanning.k3s

This would do the install dashboard for you. Post install you would then need to configure users and role bindings and grab the password out of the secret from the deployment, much like the file you shared does.

yodog commented 2 years ago

would the 3 steps presented here be enough?

https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md

looks like i could do something like

---
# Creating a Service Account
# We are creating Service Account with the name admin-user in namespace kubernetes-dashboard first.

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

---
# Creating a ClusterRoleBinding
# In most cases after provisioning the cluster using kops, kubeadm or any other popular tool, the ClusterRole cluster-admin already exists in the cluster. 
# We can use it and create only a ClusterRoleBinding for our ServiceAccount. 
# If it does not exist then you need to create this role first and grant required privileges manually.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

and then

# Getting a Bearer Token
# Now we need to find the token we can use to log in.

- shell: kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
    register: dashboard-token
    changed_when: False
crutonjohn commented 2 years ago

for what it's worth @xanmanning i personally view this ansible role as a way to set up a k3s cluster, not a way to make opinionated decisions regarding deploying applications.

in lieu of adding in the functionality to this role, i would encourage @yodog to author or otherwise obtain another role to use in conjunction with ansible-role-k3s in order to deploy the kubernetes dashboard.

crutonjohn commented 2 years ago

I'm going to close this issue as i believe it's something that's out of band of this role.