Azurerm_kubernetes_cluster Can't see half of the k8s dashboard

ndtreviv · March 16, 2021, 3:56pm

Hi,

I’m trying to provision an AKS cluster (k8s on Azure) using terraform. However I do it, I can’t seem to get access to the k8s dashboard API. I can log into the dashboard, but everything is empty and there are a lot of Forbidden alerts on API calls.

Has anyone successfully done this? Just wondering if anyone would be willing to give me some tips…

I’m currently using a service_principal on the aks cluster:

  service_principal {
    client_id     = data.external.creds.result["appId"]
    client_secret = data.external.creds.result["password"]
  }

When the cluster comes up I get the credentials:

az aks get-credentials --resource-group $(terraform output -raw resource_group_name) --name $(terraform output -raw kubernetes_cluster_name)

And then browse the dashboard:

az aks browse --resource-group my-rg --name my-aks

and log in using the kube config at $HOME/.kube/config

but I’m clearly missing something if the dashboard can’t make calls to the API…

ndtreviv · March 17, 2021, 8:53pm

I found the answer, and it was to do with a role binding on Azure. I needed to do this:

kubectl delete clusterrolebinding kubernetes-dashboard
kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard --user=clusterUser

I know I can probably do this with https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/cluster_role_binding but haven’t figured it out yet.