Install Kubernetes Dashboard

Dashboard is a web-based Kubernetes user interface.

Pre-requisites

We are using our Kubernetes homelab to deploy the dashboard.

Install Kubernetes Dashboard

To deploy the dashboard, run the following command:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

Accessing the Dashboard UI

Dashboard deploys with a minimal RBAC configuration by default. The dashboard service account created here will have administrative privileges and is for homelab purposes only.

Create a dashboard service account in the default namespace:

$ kubectl -n default create serviceaccount dashboard

Create a dashboard-admin cluster role binding. This binds the dashboard service account to the cluster-admin role to have super-user access to perform any action on any resource.

$ kubectl -n default create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=default:dashboard

A role can only be used to grant access to resources within a single namespace. A cluster role can be used to grant the same permissions as a role, but because they are cluster-scoped, they are not tied to a namespace.

Create a cluster role binding that adds the system:anonymous user to the cluster-admin role. This setup is useful when unauthenticated access to the Kubernetes API is desired and is acceptable for a homelab environment, but is not recommended on a production cluster. Do not elevate accounts to cluster-admin unless you know what you are doing.

$ kubectl create clusterrolebinding cluster-system-anonymous --clusterrole=cluster-admin --user=system:anonymous

Get a dashboard token:

$ kubectl get secret $(kubectl get serviceaccount dashboard -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}"|base64 -d;echo

We can access the dashboard using the following command:

$ kubectl proxy

Kubectl will make dashboard available at:

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

The problem with this approach is that the UI can only be accessed from the machine where the command is executed. While it’s not necessary, I’ve created a load balancer in order to access the dashboard on a FQDN using kube-apiserver port:

https://dashboard.apps.hl.test:6443/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

2 thoughts on “Install Kubernetes Dashboard

  1. Thank You
    It’ s fine for me with this approach is that the UI can only be accessed from the machine where the command is executed
    ie:
    $ ssh -L localhost:1234:localhost:8001 [email protected]
    $ http:// localhost:1234/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

    But after i don’t know how to:
    configure your load balancer in order to access the dashboard on a FQDN using kube-apiserver port.

    * Is this a CNAME the value of ? dashboard.apps.hl.test = {{ k8s_ha_dns }}

    • Hi, yes, for that to work you have to create a load balancer, e.g HAProxy, Nginx or Istio. In my case dashboard.apps.hl.test is an A record to the IP address of the load balancer.

Leave a Reply

Your email address will not be published. Required fields are marked *