Deploying the Kubernetes Dashboard

How to deploy and access the Kubernetes dashboard

I am constantly forgetting exactly how to deploy and access the Kubernetes dashboard, so this will serve as a note-to-self for future Andrew!

The source of truth for this guide is the official documentation: Deploy and Access the Kubernetes Dashboard. However, this writeup will be a tl;dr version of that document.

Also, it should go without saying, but do NOT do this for a production Kubernetes cluster.

Deploying the Dashboard (One-time Setup)

The first step is to deploy the dashboard:

1
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml

Creating a User (One-time Setup)

Once the dashboard is deployed, you will need to create a user for accessing the dashboard. We will create two YAML files and then use kubectl to apply them. (See: Creating sample user)

  1. Create the service account

    Create dashboard-adminuser.yaml:

    1
    2
    3
    4
    5
    
     apiVersion: v1
     kind: ServiceAccount
     metadata:
       name: admin-user
       namespace: kubernetes-dashboard
    

    Apply:

    1
    
     $ kubectl apply -f dashboard-adminuser.yaml
    
  2. Create a ClusterRoleBinding

    Create dashboard-adminuser-clusterrolebinding.yaml:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    
     apiVersion: rbac.authorization.k8s.io/v1
     kind: ClusterRoleBinding
     metadata:
       name: admin-user
     roleRef:
       apiGroup: rbac.authorization.k8s.io
       kind: ClusterRole
       name: cluster-admin
     subjects:
     - kind: ServiceAccount
       name: admin-user
       namespace: kubernetes-dashboard
    

    Apply:

    1
    
     $ kubectl apply -f dashboard-adminuser-clusterrolebinding.yaml
    

Accessing the Dashboard

Now that we have a user created, we need to retrieve the token that will be used on the login page of the dashboard:

1
2
3
$ kubectl -n kubernetes-dashboard get secret \
    $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") \
    -o go-template="{{.data.token | base64decode}}"

The output should be a really long secret that looks like this:

1
2
3
4
5
6
7
8
9
10
11
12
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Ii\
wia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib\
2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2Vy\
LXRva2VuLXY1N253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQ\
ubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYW\
Njb3VudC51aWQiOiIwMzAzMjQzYy00MDQwLTRhNTgtOGE0Ny04NDllZTliYTc5YzEiLCJzdWIiOiJze\
XN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Z2JrQli\
tASVwWbc-s6deLRFVk5DWD3P_vjUFXsqVSY10pbjFLG4njoZwh8p3tLxnX_VBsr7_6bwxhWSYChp9hw\
xznemD5x5HLtjb16kI9Z7yFWLtohzkTwuFbqmQaMoget_nYcQBUC5fDmBHRfFvNKePh_vSSb2h_aYXa\
8GV5AcfPQpY7r461itme1EXHQJqv-SN-zUnguDguCTjD80pFZ_CmnSE1z9QdMHPB8hoB4V68gtswR1V\
La6mSYdgPwCHauuOobojALSaMc3RH7MmFUumAgguhqAkX3Omqd3rJbYOMRuMjhANqd08piDC3aIabIN\
X6gP5-Tuuw2svnV6NYQ

To actually access the dashboard from our computer, we need to establish a gateway between localhost and the Kubernetes API server. This is done via the kubectl proxy command. You will need to run this command (or ensure that it’s running) whenever you want to access the dashboard. Note that the dashboard will still only be accessible from the machine where you run this command.

1
$ kubectl proxy

The dashboard will now be available in your web browser at the following URL: http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/.

Simply paste in the token that we retrieved earlier, and you’re in!

Some rights reserved

Up Next

Updating Warble to GTK4

How I updated Warble to GTK4, and a few of the issues I encountered

Raspberry Control Tower

Raspberry Pi + Apple AirPort Extreme + UniFi Controller = Raspberry Control Tower?

Related