cover image: Photo by Joseph Barrientos on Unsplash
In this article, we will talk about deploying Kubernetes dashboard on a Kubernetes cluster. Kubernetes dashboard is the official web user interface for getting an overview of a Kubernetes cluster. It can be used for managing, monitoring, and troubleshooting a Kubernetes cluster. Kubernetes dashboard is one of the easiest ways to have a dashboard for Kubernetes cluster managing and monitoring.
Install Kubernetes dashboard
Kubernetes dashboard can be easily installed with Helm. Execute the following commands in a terminal for installation.
# Add kubernetes-dashboard repository
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# Deploy a Helm Release named "kubernetes-dashboard" using the kubernetes-dashboard chart
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard
We'll get a reply similar to the following.
Reply-A:
Release "kubernetes-dashboard" does not exist. Installing it now.
NAME: kubernetes-dashboard
LAST DEPLOYED: Fri Aug 9 20:35:55 2024
NAMESPACE: kubernetes-dashboard
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
*************************************************************************************************
*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
*************************************************************************************************
Congratulations! You have just installed Kubernetes Dashboard in your cluster.
To access Dashboard run:
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443
NOTE: In case port-forward command does not work, make sure that kong service name is correct.
Check the services in Kubernetes Dashboard namespace using:
kubectl -n kubernetes-dashboard get svc
Dashboard will be available at:
https://localhost:8443 # ‼ Note down this url for accessing the dashboard
Create a user for accessing kubernetes dashboard
We need a user to access the Kubernetes dashboard. We can regulate access control with Role-based access control (RBAC). Reference [3] provides a detailed explanation of RBAC.
Service Account:
A service account provides a distinct identity in a Kubernetes cluster. We can consider a service account to be similar to a user. But a Service account and a user account are two different things. Reference [4] provides a detailed explanation of the service account. We can use the following YAML configuration for creating a service account for the Kubernetes dashboard.
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
Cluster Role:
A cluster role is a set of rules that provides specific permissions. We only discuss four predefined roles for simplicity.
They are,
cluster-admin:
- Provides superuser access to do anything on any resource.
admin:
- Provides permissions to do most of the actions on most of the resources.
- It doesn't give the permission for the following,
- write access to the resource quota or to the namespace itself
- write access to EndpointSlices (or Endpoints)
edit:
- Provides permission to read and write access for most of the resources
- It doesn't give the permission for the following,
- viewing or modifying roles or role bindings
- permissions aren't provided by the admin cluster role
view:
- Provides read-only access for most of the resources
- It doesn't give the permission for the following,
- viewing roles or role bindings
- viewing Secrets
- permissions aren't provided by the edit cluster role
Since great power comes with great responsibility, it is good to use minimum permission as much as possible.
In this example Kubernetes configuration, we use the predefined admin cluster role.
Cluster Role Binding:
Cluster role binding attaches a cluster role to a service account. We can use the following YAML configuration for creating a cluster role binding for the created user.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
Generating token for accessing Kubernetes dashboard
We can generate an access token using the following.
kubectl -n kubernetes-dashboard create token admin-user
Accessing kubernetes dashboard
There are two ways of accessing the Kubernetes dashboard.
1.kubectl port-forward (I prefer this way)
- execute the following command in the terminal,
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443
- Now we can access Kubernetes dashboard from
https://localhost:8443(URL in Reply-A) - We use HTTPS for accessing because the URL in Reply-A is a https request
- If the URL in Reply-A is an HTTP request, we have to access the Kubernetes dashboard with HTTP
- Since we'll get a short URL in this method, I prefer this method.
2.kubectl proxy
- execute the following command in the terminal,
kubectl proxy --port=8001
- Now we can access the kubernetes dashboard
from
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard-kong-proxy:443/proxy/
Create a long-lived Bearer Token for accessing the Kubernetes dashboard
We can create a token and save it as a secret with the following YAML configuration.
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
Then we can get the created token by executing the following command on the terminal.
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d
That's it! We’ve successfully deployed the Kubernetes dashboard on our cluster.
Pulumi Infrastructure as Code for Kubernetes dashboard deployment (Optional)
This GitHub project is an example of Infrastructure as Code with Pulumi for Kubernetes dashboard deployment. Since this article doesn't focus on Infrastructure as Code, we'll not discuss the code here. But I think this will help to get a rough idea.
Summary
In this article, we’ve discussed deploying the Kubernetes dashboard on a Kubernetes cluster. The Kubernetes dashboard is one of the easiest ways to get an overview of a Kubernetes cluster. Hands-on experience with the Kubernetes dashboard is valuable in learning Kubernetes. Also, it'll be a good jumpstart. Even though the Kubernetes dashboard provides an overview of the cluster to some extent, I think it'll not be enough for an advanced production Kubernetes cluster.
References
- https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md
- https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
- https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
- https://kubernetes.io/docs/concepts/security/service-accounts
Top comments (0)