Share with friends
Welcome to the Kubernetes Dashboard Tutorial! In this tutorial, we'll guide you to install and setup Kubernetes Dashboard—an essential web-based interface for managing and monitoring your Kubernetes clusters.
You'll have a solid understanding of how to leverage the Kubernetes Dashboard to visualize and manage your K8s infrastructure by the end of this tutorial.
So, let's dive in.
Let's look at the first step - installing Kubernetes Dashboard.
How to Install the Kubernetes Dashboard?
-
Open a terminal or command prompt.
-
Use the following command to install the Kubernetes Dashboard:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
When you run the command, kubectl takes care of setting up the necessary resources for the Kubernetes Dashboard.
This includes creating a namespace, service account, config map, pods, cluster role, service, RBAC, and deployments.
- Verify that the Dashboard pods are running:
kubectl get pods -n kubernetes-dashboard
Wait until both pods show the "Running" status.
How to Create a Service Account and Cluster Role Binding
-
Create a file called
dashboard-admin.yaml
and open it in a text editor. -
Copy and paste the following YAML content into the file:
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
-
Save the file and exit the text editor.
-
Apply the YAML file to create the necessary resources:
kubectl apply -f dashboard-admin.yaml
How to Access Kubernetes Dashboard?
- Obtain an access token for the
admin-user
Service Account by running the following command:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
Copy the token value from the output. You will need it to log in to the Dashboard.
It should print something like this:
eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZxMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXY1N253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMzAzMjQzYy00MDQwLTRhNTgtOGE0Ny04NDllZTliYTc5YzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Z2JrQlitASVwWbc-s6deLRFVk5DWD3P_vjUFXsqVSY10pbjFLG4njo
- Start a proxy connection to the Kubernetes API server by running this command in a separate terminal.
kubectl proxy
Leave this command running in the background.
- Open a web browser and navigate to the following URL:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
This URL establishes a connection to the Kubernetes Dashboard through the proxy.
-
On the Dashboard login page, select the "Token" option.
-
Paste the access token obtained in Step 3, Point 1 into the "Token" field and click the "Sign in" button.
How to Stop Kubernetes Dashboard?
To stop the Dashboard UI, you can remove user roles that are no longer required using the delete method.
kubectl delete -f dashboard-admin.yaml
Similarly, if you wish to disable the dashboard entirely, you can delete it like any other deployment:
kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
You can redeploy the dashboard whenever needed by following the same procedure as before.
Also Read: A Complete Cheat Sheet of Kubectl Commands
How to Access Kubernetes Dashboard?
To access the Kubernetes Dashboard, here are 4 common methods you can follow.
Method 1: Using kubectl proxy
Step 1: Start a proxy connection to the Kubernetes API server
Open a terminal or command prompt and execute this.
kubectl proxy
Again, leave this kubectl proxy command running in the background. Just to reiterate, it creates a connection between your local machine and the K8s API server.
Step 2: Access the Dashboard URL
Open a web browser and enter the URL.
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
It establishes a connection to the Kubernetes Dashboard through the proxy.
Step 3: Authenticate and log in to the Dashboard.
On the Dashboard login page, select the authentication method and provide the details
Also Read: How to Work with Kubernetes Clusters using Kubeadm?
Method 2: Using port forwarding
Step 1: Start port forwarding to the Dashboard service.
Open a terminal or command prompt and run the following command:
kubectl -n kubernetes-dashboard port-forward service/kubernetes-dashboard 8080:443
This command forwards local port 8080 to the k8s Dashboard service.
Step 2: Access the Dashboard URL.
Open a web browser and enter the following URL:
https://localhost:8080/
Step 3: Authenticate and log in to the Dashboard.
Follow the authentication process based on the configured method, such as using a token or username/password.
Method 3: Using NodePort
This method allows you to access the Kubernetes Dashboard through a specific port on the nodes in your cluster.
Step 1: Expose the Kubernetes Dashboard service
By default, the Kubernetes Dashboard service is created as a ClusterIP service, which is only accessible within the cluster.
To expose it externally, we need to modify the service to use the NodePort type.
For that, follow along:-
-
Open a separate terminal.
-
Run the following command to patch the Dashboard service and change its service type to NodePort:
kubectl patch service kubernetes-dashboard -n kubernetes-dashboard -p '{"spec": {"type": "NodePort"} }'
This command modifies the service configuration to use the NodePort type.
Step 2: Obtain the NodePort details
To access the Dashboard, we need to find out the NodePort allocated for the service.
- Run the following command to retrieve the details of the Dashboard service:
kubectl -n kubernetes-dashboard get service kubernetes-dashboard
This command displays information about the Kubernetes Dashboard service, including the allocated NodePort.
- Take note of the NodePort value associated with the Dashboard service. It will be a number in the range of 30000-32767.
Step 3: Access the Dashboard URL
Now that the Dashboard service is exposed using the NodePort type, we can access it using the Node's IP address and the allocated NodePort.
- Determine the IP address of any node in your cluster. You can use the following command to retrieve the IP address of a specific node or any node:
kubectl get nodes -o wide
Look for the IP address under the "INTERNAL-IP" column.
- Open a web browser and enter the following URL, replacing
<node-ip>
and<nodeport>
with the IP address of the node obtained in the previous step and the NodePort value, respectively:
https://<node-ip>:<nodeport>/
This URL establishes a connection to the Kubernetes Dashboard using NodePort.
Step 4: Authenticate and log in to the Dashboard
On the Dashboard login page, follow the authentication method you have configured (e.g., token, username/password) and provide the necessary credentials.
Method 4: Using Helm
Using Helm provides an alternative method for deploying the Kubernetes Dashboard.
- Start by adding the Kubernetes Dashboard Helm repository.
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
- Next, install the Kubernetes Dashboard chart with the release name
kubernetes-dashboard
.
helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard
By default, this command installs the Kubernetes Dashboard with the default settings.
If you wish to customize the installation, you can utilize the --set
flag to provide configuration options.
For instance:
helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard \
--set service.externalPort=8080,resources.limits.cpu=200m
- Alternatively, you can supply a YAML file that defines the values for the configuration parameters during the installation:
helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard \ -f values.yaml
- To uninstall the Kubernetes Dashboard using Helm, simply execute the following command:
helm delete kubernetes-dashboard
Also Read: What is Helm and Helm Chart in Kubernetes?
Walkthrough of Kubernetes Dashboard
Cluster View
- Namespaces: This sub-view gives you an overview of the Kubernetes cluster namespaces.
- Nodes: In this sub-view, you can access information about all the Kubernetes nodes registered with your cluster.
- Node Details: This section provides specific details about a selected node, such as its IP addresses, machine ID, operating system, and versions of the kubelet (the primary node agent) and kube-proxy (a network proxy) running on the node.
- CPU and Memory Utilization: This visualization displays the available CPU and memory resources on the selected node, along with limits and current utilization.
- Pod Allocation: This section shows the total number of pods that a node can run based on its capacity, as well as the current utilization of pods on that node.
- Node Conditions: Here, you can view error conditions or alerts related to the selected node. Conditions like OutOfDisk, MemoryPressure, and DiskPressure indicate potential issues that may affect the node's performance.
- Pods: This section displays all the pods currently running on the selected node. Click on an individual pod, and it will redirect you to a “details” page for that pod.
Workload View
The workload view provides detailed information about applications running in the cluster.
Here's a breakdown of the information you can find in this view.
-
Labels attached to the pod: Labels are key-value pairs attached to Kubernetes objects that help with organizing and identifying them.
-
QoS class: QoS (Quality of Service) class means the priority and resource requirements of a pod. K8s categorizes pods into three QoS classes: Guaranteed, Burstable, and BestEffort.
-
Containers running in the pod: This information includes the container names, images used, and their current status.
-
The controller that created the pod: In this view, you can see the controller that created and manages each pod.
-
Events and Persistent Volume Claims (PVCs): Here you can see events associated with each pod, which can be useful for troubleshooting and monitoring purposes.
-
ConfigMaps and Secrets: Displays all Kubernetes resources used for the in-flight setup of clustered applications. The view shows Kubernetes secrets that are by default hidden and enables changing and manipulating configuration objects.
-
Logs viewer: Links to a logs viewer that is part of the Kubernetes Dashboard are available on the pod listings and detail pages. One can drill down logs from containers that are part of a single Pod using the viewer.
Tip: When using the K8s Dashboard, it is recommended to adopt a read-only approach and provide users with the minimum necessary permissions. While the dashboard does offer the ability to make changes to the cluster's resources, it's generally safer to perform such modifications through a managed CI/CD pipeline that keeps a record of revisions. This way, you can easily compare or revert changes if the need arises, ensuring better control and accountability for any modifications made to your cluster.
Also Read: A Complete Tutorial on Kubectl Set Context
How to Control Access or Secure Your Kubernetes Dashboard?
-
Avoid exposing the dashboard service using a LoadBalancer.
-
Limit privileges of the dashboard ServiceAccount.
-
Implement Role-Based Access Control (RBAC).
-
Utilize an OAuth2 authenticating proxy such as Keycloak or Dex.
Kubernetes Dashboard Alternative
If you are looking for some alternatives, there are some popular options you can look at. Some of the top alternatives are - Rancher, Octant, Lens, K8Dash, and Weave Scope.
Read our article on top Kubernetes Dashboard alternatives to know about the top 9 options in more detail.
FAQs
1. Can I secure the Kubernetes Dashboard with authentication and authorization?
Yes. One common approach is to configure RBAC (Role-Based Access Control) to control user access and permissions. You can create custom roles and bind them to specific users or groups. Use external authentication providers like OpenID Connect (OIDC) or Single Sign-On (SSO) to improve security.
2. How to access the Kubernetes Dashboard Exernally?
To access the Kubernetes Dashboard externally, you need to expose it using a service type that allows external access, such as a LoadBalancer or NodePort.
Share with friends