DEV Community

Cover image for Deploying Kubernetes dashboard on a Kubernetes cluster
Dilanka Rathnasiri
Dilanka Rathnasiri

Posted on

Deploying Kubernetes dashboard on a Kubernetes cluster

cover image: Photo by Joseph Barrientos on Unsplash

In this article, we will talk about deploying Kubernetes dashboard on a Kubernetes cluster. Kubernetes dashboard is the official web user interface for getting an overview of a Kubernetes cluster. It can be used for managing, monitoring, and troubleshooting a Kubernetes cluster. Kubernetes dashboard is one of the easiest ways to have a dashboard for Kubernetes cluster managing and monitoring.

Install Kubernetes dashboard

Kubernetes dashboard can be easily installed with Helm. Execute the following commands in a terminal for installation.



# Add kubernetes-dashboard repository
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# Deploy a Helm Release named "kubernetes-dashboard" using the kubernetes-dashboard chart
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard


Enter fullscreen mode Exit fullscreen mode

We'll get a reply similar to the following.

Reply-A:



Release "kubernetes-dashboard" does not exist. Installing it now.
NAME: kubernetes-dashboard
LAST DEPLOYED: Fri Aug  9 20:35:55 2024
NAMESPACE: kubernetes-dashboard
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
*************************************************************************************************
*** PLEASE BE PATIENT: Kubernetes Dashboard may need a few minutes to get up and become ready ***
*************************************************************************************************

Congratulations! You have just installed Kubernetes Dashboard in your cluster.

To access Dashboard run:
  kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443

NOTE: In case port-forward command does not work, make sure that kong service name is correct.
      Check the services in Kubernetes Dashboard namespace using:
        kubectl -n kubernetes-dashboard get svc

Dashboard will be available at:
  https://localhost:8443 # ‼ Note down this url for accessing the dashboard


Enter fullscreen mode Exit fullscreen mode

Create a user for accessing kubernetes dashboard

We need a user to access the Kubernetes dashboard. We can regulate access control with Role-based access control (RBAC). Reference [3] provides a detailed explanation of RBAC.

Service Account:
A service account provides a distinct identity in a Kubernetes cluster. We can consider a service account to be similar to a user. But a Service account and a user account are two different things. Reference [4] provides a detailed explanation of the service account. We can use the following YAML configuration for creating a service account for the Kubernetes dashboard.



apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard


Enter fullscreen mode Exit fullscreen mode

Cluster Role:
A cluster role is a set of rules that provides specific permissions. We only discuss four predefined roles for simplicity.

They are,

cluster-admin:

  • Provides superuser access to do anything on any resource.

admin:

  • Provides permissions to do most of the actions on most of the resources.
  • It doesn't give the permission for the following,
    • write access to the resource quota or to the namespace itself
    • write access to EndpointSlices (or Endpoints)

edit:

  • Provides permission to read and write access for most of the resources
  • It doesn't give the permission for the following,
    • viewing or modifying roles or role bindings
    • permissions aren't provided by the admin cluster role

view:

  • Provides read-only access for most of the resources
  • It doesn't give the permission for the following,
    • viewing roles or role bindings
    • viewing Secrets
    • permissions aren't provided by the edit cluster role

Since great power comes with great responsibility, it is good to use minimum permission as much as possible.

Uncle Ben advice

In this example Kubernetes configuration, we use the predefined admin cluster role.

Cluster Role Binding:
Cluster role binding attaches a cluster role to a service account. We can use the following YAML configuration for creating a cluster role binding for the created user.



apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard


Enter fullscreen mode Exit fullscreen mode

Generating token for accessing Kubernetes dashboard

We can generate an access token using the following.



kubectl -n kubernetes-dashboard create token admin-user


Enter fullscreen mode Exit fullscreen mode

Accessing kubernetes dashboard

There are two ways of accessing the Kubernetes dashboard.

1.kubectl port-forward (I prefer this way)

  • execute the following command in the terminal, ```shell

kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443

- Now we can access Kubernetes dashboard from `https://localhost:8443` **(URL in Reply-A)**
- We use HTTPS for accessing because the URL in Reply-A is a https request
- If the URL in Reply-A is an HTTP request, we have to access the Kubernetes dashboard with HTTP
- Since we'll get a short URL in this method, I prefer this method.

2.kubectl proxy
- execute the following command in the terminal,
```shell


kubectl proxy --port=8001


Enter fullscreen mode Exit fullscreen mode
  • Now we can access the kubernetes dashboard from http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard-kong-proxy:443/proxy/

Create a long-lived Bearer Token for accessing the Kubernetes dashboard

We can create a token and save it as a secret with the following YAML configuration.



apiVersion: v1
kind: Secret
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token  


Enter fullscreen mode Exit fullscreen mode

Then we can get the created token by executing the following command on the terminal.



kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d

Enter fullscreen mode Exit fullscreen mode




That's it! We’ve successfully deployed the Kubernetes dashboard on our cluster.

minions hurray

Pulumi Infrastructure as Code for Kubernetes dashboard deployment (Optional)

simple-k8s

This GitHub project is an example of Infrastructure as Code with Pulumi for Kubernetes dashboard deployment. Since this article doesn't focus on Infrastructure as Code, we'll not discuss the code here. But I think this will help to get a rough idea.

Summary

In this article, we’ve discussed deploying the Kubernetes dashboard on a Kubernetes cluster. The Kubernetes dashboard is one of the easiest ways to get an overview of a Kubernetes cluster. Hands-on experience with the Kubernetes dashboard is valuable in learning Kubernetes. Also, it'll be a good jumpstart. Even though the Kubernetes dashboard provides an overview of the cluster to some extent, I think it'll not be enough for an advanced production Kubernetes cluster.

References

  1. https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md
  2. https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/creating-sample-user.md
  3. https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-and-clusterrole
  4. https://kubernetes.io/docs/concepts/security/service-accounts

Top comments (0)