Authored by:
Oren Penso (Twitter: @openso)
Roie Ben-haim (Twitter: @roie9876)
Barak Shrefler
Kubeapps is a Kubernetes dashboard that supercharges your Kubernetes cluster over PKS as infrastructure, with simple browse and click deployment of apps in any format.
Building on Bitnami’s contributions to leading open source projects, Kubeapps provides a complete application delivery environment that empowers users to launch, review and share applications
Getting started here:
https://github.com/kubeapps/kubeapps/blob/master/docs/user/getting-started.md
Kubeapps is a set of tools that give you the following abilities:
- Your own applications dashboard, allowing you to deploy Kubernetes-ready applications into your cluster with a single click.
- Kubeless – a Kubernetes-native Serverless Framework, compatible with serverless.com.
- SealedSecrets – a SealedSecret can be decrypted only by the controller running in the cluster and nobody else (not even the original author)
Installation instruction over PKS infrastructure
Step 1, making the infrastructure ready:
Spin up a new cluster with PKS, have a routed network from the nodes and pods to the internet. Create a new Name Space for Kubeapp. we need to be able works with Dynamic Persistent Volume (PVC), so the first thing is to configure Storage Class with a YAML file as follow
Create Storage Class YAML file
kind: StorageClass
apiVersion: storage.k8s.io/v1
metadata:
name: thin-disk
provisioner: kubernetes.io/vsphere-volume
parameters:
diskformat: thin
run the following command:
kubectl create -f sc.yaml
Expected output:
storageclass “thin-disk” created
run the following command for verification:
kubectl get sa
Expected output:
# NAME SECRETS AGE
# caceb30a-b97c-4070-852a-ba31ca4c7e40 1 5m
# default 1 32m
Setting up the SC as default. (when setting up the SC as default, there is no need to use the annotation in the PVC manifest file)
kubectl patch storageclass thin-disk -p ‘{“metadata”: {“annotations“:{“storageclass.kubernetes.io/is-default-class“:”true“}}}’
Expected output:
# storageclass “thin-disk” patched
Create Dynamic Persistent Volume Claim
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pvc
spec:
accessModes:
– ReadWriteOnce
resources:
requests:
storage: 1Gi
Deploy the PVC
kubectl create -f pv.yaml -n kubeapps
Expected output:
persistentvolumeclaim “pvc” created
Step 2, Install Kubeapps:
Curl the installation:
curl -s https://api.github.com/repos/kubeapps/kubeapps/releases/latest | grep –i $(uname -s) | grepbrowser_download_url | cut -d ‘”‘ -f 4 | wget –i –
Prepper the installation files:
sudo mv kubeapps-$(uname -s| tr ‘[:upper:]’ ‘[:lower:]’)-amd64 /usr/local/bin/kubeapps
sudo chmod +x /usr/local/bin/kubeapps
run the kubeapps command:
kubeapps up
Change the kubeapps SVC to type Load Balancer:
cat kubeapps-svc.yaml
apiVersion: v1
kind: Service
metadata:
annotations:
kubecfg.ksonnet.io/garbage-collect-tag: bitnami/kubeapps
labels:
app: kubeapps
created-by: kubeapps
name: kubeapps
name: kubeapps
namespace: kubeapps
spec:
ports:
– port: 8080
protocol: TCP
targetPort: http
selector:
app: kubeapps
name: kubeapps
sessionAffinity: None
type: LoadBalancer
delete the current kubeapps svc:
kubectl delete svc kubeapps -n kubeapps
create new kubeapps svc:
kubectl create -f kubeapps-svc.yaml -n kubeapps
get the service info:
kubectl get svc kubeapps -n kubeapps
see the output and the external network:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubeapps LoadBalancer 10.100.200.232 10.40.15.17 8080:30229/TCP <invalid>
The IP address of the ingress is 10.40.15.17
Step 3, Create a Kubernetes API token
create service account called “kubeapps-operator” and give him permissions on the cluster
kubectl create serviceaccount kubeapps-operator
kubectl create clusterrolebinding kubeapps-operator —clusterrole=cluster-admin —serviceaccount=default:kubeapps-operator
get the login token for the Kubeapp dashboard
kubectl get secret $(kubectl get serviceaccount kubeapps-operator -o jsonpath=’{.secrets[].name}’) -ojsonpath='{.data.token}’ | base64 –decode
Token sample:
eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6Imt1YmVhcHBzLW9wZXJhdG9yLXRva2VuLXZ3cjljIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6Imt1YmVhcHBzLW9wZXJhdG9yIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQudWlkIjoiYTcxZTg5OGEtNTJlYy0xMWU4LTkwODItMDA1MDU2YjBjMDI0Iiwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50OmRlZmF1bHQ6a3ViZWFwcHMtb3BlcmF0b3IifQ.E3wIIoz8fK1yzYeDlDh1skXXGsOp7kCRdFpqcTw7JIRXhxVjWXoy3AzHqXgMd1VQneOmiI93faUsa27P_Pa3Z23_76GCWRjvz2ZXr3R9iYcQWMyY1rqmwmTLYjEfG9FCAyED2aTZirXGeGgkGuPY1J43165pytMkhXBtNkHzAq0CJSiD1d4UpAgROL5xoe6MlMlSWE6tFptGxsxYSMZG8xNA2OKHobqWr6WWmRQgaSEEA6CA35OkNHCQg3T_9efD_I7JytYNI6_pqLdRoJACci871A4Y_E3DNsL9l_TPYwt2hs-5dJHxyW1V_x97K_4XjfqW8VJD_F0dBcOhRg
copy and paste the token output to the login page of the application
Open web browser to ingress IP: 10.40.15.17 (Service external IP), and paste the API token from above:
Click Login, then you should see the Applications page that should have the application already deployed with kubeapps
Go to Charts, that’s the page publishing all the Helm charts from the central repository
Step 4, Deploy Word Press for example:
- Hit deploy @WordPress helm chart page
- Wait for the deployment to finish
- click on the URL to access the Word press application:
That’s it, you have deployed containers via Helm chart on top of PKS infrastructure
Welcome to Penso blog space 