English

Share with friends

Note

Welcome to the Kubernetes Dashboard Tutorial! In this tutorial, we'll guide you to install and setup Kubernetes Dashboard—an essential web-based interface for managing and monitoring your Kubernetes clusters.

How to Install, Setup, Access, and Stop Kubernetes Dashboard? cover image

You'll have a solid understanding of how to leverage the Kubernetes Dashboard to visualize and manage your K8s infrastructure by the end of this tutorial.

So, let's dive in.

Let's look at the first step - installing Kubernetes Dashboard.

How to Install the Kubernetes Dashboard?

  1. Open a terminal or command prompt.

  2. Use the following command to install the Kubernetes Dashboard:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

When you run the command, kubectl takes care of setting up the necessary resources for the Kubernetes Dashboard.

This includes creating a namespace, service account, config map, pods, cluster role, service, RBAC, and deployments.

  1. Verify that the Dashboard pods are running:
kubectl get pods -n kubernetes-dashboard

Wait until both pods show the "Running" status.

How to Create a Service Account and Cluster Role Binding

  1. Create a file called dashboard-admin.yaml and open it in a text editor.

  2. Copy and paste the following YAML content into the file:

apiVersion: v1
   kind: ServiceAccount
   metadata:
     name: admin-user
     namespace: kubernetes-dashboard
   ---
apiVersion: rbac.authorization.k8s.io/v1
   kind: ClusterRoleBinding
   metadata:
     name: admin-user
   roleRef:
     apiGroup: rbac.authorization.k8s.io
     kind: ClusterRole
     name: cluster-admin
   subjects:
   - kind: ServiceAccount
     name: admin-user
     namespace: kubernetes-dashboard
  1. Save the file and exit the text editor.

  2. Apply the YAML file to create the necessary resources:

kubectl apply -f dashboard-admin.yaml

How to Access Kubernetes Dashboard?

  1. Obtain an access token for the admin-user Service Account by running the following command:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

Copy the token value from the output. You will need it to log in to the Dashboard.

It should print something like this:

eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZxMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXY1N253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMzAzMjQzYy00MDQwLTRhNTgtOGE0Ny04NDllZTliYTc5YzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Z2JrQlitASVwWbc-s6deLRFVk5DWD3P_vjUFXsqVSY10pbjFLG4njo
  1. Start a proxy connection to the Kubernetes API server by running this command in a separate terminal.
kubectl proxy
Note

Leave this command running in the background.

  1. Open a web browser and navigate to the following URL:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

This URL establishes a connection to the Kubernetes Dashboard through the proxy.

  1. On the Dashboard login page, select the "Token" option.

  2. Paste the access token obtained in Step 3, Point 1 into the "Token" field and click the "Sign in" button.

How to Stop Kubernetes Dashboard?

To stop the Dashboard UI, you can remove user roles that are no longer required using the delete method.

kubectl delete -f dashboard-admin.yaml

Similarly, if you wish to disable the dashboard entirely, you can delete it like any other deployment:

kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
Note

You can redeploy the dashboard whenever needed by following the same procedure as before.

Also Read: A Complete Cheat Sheet of Kubectl Commands

How to Access Kubernetes Dashboard?

To access the Kubernetes Dashboard, here are 4 common methods you can follow.

Method 1: Using kubectl proxy

Step 1: Start a proxy connection to the Kubernetes API server

Open a terminal or command prompt and execute this.

kubectl proxy

Again, leave this kubectl proxy command running in the background. Just to reiterate, it creates a connection between your local machine and the K8s API server.

Step 2: Access the Dashboard URL

Open a web browser and enter the URL.

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

It establishes a connection to the Kubernetes Dashboard through the proxy.

Step 3: Authenticate and log in to the Dashboard.

On the Dashboard login page, select the authentication method and provide the details

Also Read: How to Work with Kubernetes Clusters using Kubeadm?

Method 2: Using port forwarding

Step 1: Start port forwarding to the Dashboard service.

Open a terminal or command prompt and run the following command:

kubectl -n kubernetes-dashboard port-forward service/kubernetes-dashboard 8080:443

This command forwards local port 8080 to the k8s Dashboard service.

Step 2: Access the Dashboard URL.

Open a web browser and enter the following URL:

https://localhost:8080/

Step 3: Authenticate and log in to the Dashboard.

Follow the authentication process based on the configured method, such as using a token or username/password.

Method 3: Using NodePort

This method allows you to access the Kubernetes Dashboard through a specific port on the nodes in your cluster.

Step 1: Expose the Kubernetes Dashboard service

By default, the Kubernetes Dashboard service is created as a ClusterIP service, which is only accessible within the cluster.

To expose it externally, we need to modify the service to use the NodePort type.

For that, follow along:-

  1. Open a separate terminal.

  2. Run the following command to patch the Dashboard service and change its service type to NodePort:

kubectl patch service kubernetes-dashboard -n kubernetes-dashboard -p '{"spec": {"type": "NodePort"} }'

This command modifies the service configuration to use the NodePort type.

Step 2: Obtain the NodePort details

To access the Dashboard, we need to find out the NodePort allocated for the service.

  1. Run the following command to retrieve the details of the Dashboard service:
kubectl -n kubernetes-dashboard get service kubernetes-dashboard

This command displays information about the Kubernetes Dashboard service, including the allocated NodePort.

  1. Take note of the NodePort value associated with the Dashboard service. It will be a number in the range of 30000-32767.

Step 3: Access the Dashboard URL

Now that the Dashboard service is exposed using the NodePort type, we can access it using the Node's IP address and the allocated NodePort.

  1. Determine the IP address of any node in your cluster. You can use the following command to retrieve the IP address of a specific node or any node:
kubectl get nodes -o wide

Look for the IP address under the "INTERNAL-IP" column.

  1. Open a web browser and enter the following URL, replacing <node-ip> and <nodeport> with the IP address of the node obtained in the previous step and the NodePort value, respectively:
https://<node-ip>:<nodeport>/

This URL establishes a connection to the Kubernetes Dashboard using NodePort.

Step 4: Authenticate and log in to the Dashboard

On the Dashboard login page, follow the authentication method you have configured (e.g., token, username/password) and provide the necessary credentials.

Method 4: Using Helm

Using Helm provides an alternative method for deploying the Kubernetes Dashboard.

  1. Start by adding the Kubernetes Dashboard Helm repository.
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
  1. Next, install the Kubernetes Dashboard chart with the release name kubernetes-dashboard.
helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard

By default, this command installs the Kubernetes Dashboard with the default settings.

If you wish to customize the installation, you can utilize the --set flag to provide configuration options.

For instance:

helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard \
--set service.externalPort=8080,resources.limits.cpu=200m
  1. Alternatively, you can supply a YAML file that defines the values for the configuration parameters during the installation:
helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard \ -f values.yaml
  1. To uninstall the Kubernetes Dashboard using Helm, simply execute the following command:
helm delete kubernetes-dashboard

Also Read: What is Helm and Helm Chart in Kubernetes?

Walkthrough of Kubernetes Dashboard

Cluster View

  • Namespaces: This sub-view gives you an overview of the Kubernetes cluster namespaces.
  • Nodes: In this sub-view, you can access information about all the Kubernetes nodes registered with your cluster.
  • Node Details: This section provides specific details about a selected node, such as its IP addresses, machine ID, operating system, and versions of the kubelet (the primary node agent) and kube-proxy (a network proxy) running on the node.
  • CPU and Memory Utilization: This visualization displays the available CPU and memory resources on the selected node, along with limits and current utilization.
  • Pod Allocation: This section shows the total number of pods that a node can run based on its capacity, as well as the current utilization of pods on that node.
  • Node Conditions: Here, you can view error conditions or alerts related to the selected node. Conditions like OutOfDisk, MemoryPressure, and DiskPressure indicate potential issues that may affect the node's performance.
  • Pods: This section displays all the pods currently running on the selected node. Click on an individual pod, and it will redirect you to a “details” page for that pod.

Workload View

The workload view provides detailed information about applications running in the cluster.

Here's a breakdown of the information you can find in this view.

  • Labels attached to the pod: Labels are key-value pairs attached to Kubernetes objects that help with organizing and identifying them.

  • QoS class: QoS (Quality of Service) class means the priority and resource requirements of a pod. K8s categorizes pods into three QoS classes: Guaranteed, Burstable, and BestEffort.

  • Containers running in the pod: This information includes the container names, images used, and their current status.

  • The controller that created the pod: In this view, you can see the controller that created and manages each pod.

  • Events and Persistent Volume Claims (PVCs): Here you can see events associated with each pod, which can be useful for troubleshooting and monitoring purposes.

  • ConfigMaps and Secrets: Displays all Kubernetes resources used for the in-flight setup of clustered applications. The view shows Kubernetes secrets that are by default hidden and enables changing and manipulating configuration objects.

  • Logs viewer: Links to a logs viewer that is part of the Kubernetes Dashboard are available on the pod listings and detail pages. One can drill down logs from containers that are part of a single Pod using the viewer.

Tip: When using the K8s Dashboard, it is recommended to adopt a read-only approach and provide users with the minimum necessary permissions. While the dashboard does offer the ability to make changes to the cluster's resources, it's generally safer to perform such modifications through a managed CI/CD pipeline that keeps a record of revisions. This way, you can easily compare or revert changes if the need arises, ensuring better control and accountability for any modifications made to your cluster.

Also Read: A Complete Tutorial on Kubectl Set Context

How to Control Access or Secure Your Kubernetes Dashboard?

  1. Avoid exposing the dashboard service using a LoadBalancer.

  2. Limit privileges of the dashboard ServiceAccount.

  3. Implement Role-Based Access Control (RBAC).

  4. Utilize an OAuth2 authenticating proxy such as Keycloak or Dex.

Kubernetes Dashboard Alternative

If you are looking for some alternatives, there are some popular options you can look at. Some of the top alternatives are - Rancher, Octant, Lens, K8Dash, and Weave Scope.

Read our article on top Kubernetes Dashboard alternatives to know about the top 9 options in more detail.

FAQs

1. Can I secure the Kubernetes Dashboard with authentication and authorization?

Yes. One common approach is to configure RBAC (Role-Based Access Control) to control user access and permissions. You can create custom roles and bind them to specific users or groups. Use external authentication providers like OpenID Connect (OIDC) or Single Sign-On (SSO) to improve security.

2. How to access the Kubernetes Dashboard Exernally?

To access the Kubernetes Dashboard externally, you need to expose it using a service type that allows external access, such as a LoadBalancer or NodePort.

Share with friends

Priyansh Khodiyar's profile

Written by Priyansh Khodiyar

Priyansh is the founder of UnYAML and a software engineer with a passion for writing. He has good experience with writing and working around DevOps tools and technologies, APMs, Kubernetes APIs, etc and loves to share his knowledge with others.

Further Reading

Life is better with cookies 🍪

This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt out if you wish. Cookie Policy