Closed yodog closed 2 years ago
Hi @yodog,
With K8s dashboard there's a lot of stuff around RBAC to consider so I am a bit more hesitant to add it as an option.
There is an option in the role to download and install manifests when building a K3s cluster, as a very basic playbook you could do something like this:
---
- name: Ensure K3s is provisioned
hosts: k3s_nodes
vars:
k3s_server_manifests_urls:
- url: https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
filename: kubernetes-dashboard.yaml
tasks:
- name: Ensure K3s role is run
include_role:
name: xanmanning.k3s
This would do the install dashboard for you. Post install you would then need to configure users and role bindings and grab the password out of the secret from the deployment, much like the file you shared does.
would the 3 steps presented here be enough?
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
looks like i could do something like
---
# Creating a Service Account
# We are creating Service Account with the name admin-user in namespace kubernetes-dashboard first.
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
# Creating a ClusterRoleBinding
# In most cases after provisioning the cluster using kops, kubeadm or any other popular tool, the ClusterRole cluster-admin already exists in the cluster.
# We can use it and create only a ClusterRoleBinding for our ServiceAccount.
# If it does not exist then you need to create this role first and grant required privileges manually.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
and then
# Getting a Bearer Token
# Now we need to find the token we can use to log in.
- shell: kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
register: dashboard-token
changed_when: False
for what it's worth @xanmanning i personally view this ansible role as a way to set up a k3s cluster, not a way to make opinionated decisions regarding deploying applications.
in lieu of adding in the functionality to this role, i would encourage @yodog to author or otherwise obtain another role to use in conjunction with ansible-role-k3s in order to deploy the kubernetes dashboard.
I'm going to close this issue as i believe it's something that's out of band of this role.
i really liked how easy it is to use your ansible role.
i would like to suggest an option to automatically install dashboard as well.
also, while not implemented, if anyone could write a few steps i could add to the playbook, it would be awesome.
PS: i found this https://github.com/RickCoxDev/k3s-ansible/blob/master/roles/dashboard/tasks/main.yml to install the dashboard, but looks like a lot of code... is there any way to make simple?