Kubernetes Dashboard

Kubernetes Dashboard

First thing we need to do is install the dashboard on your cluster:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

The above is lifted form documentation that can be found here.

Now the dashboard is installed we need to set up a user to use it.

Create a file called dashboard-admin-user.yaml and add the following yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin
  namespace: kube-system

Now run

kubectl apply -f dashboard-admin-user.yaml

The above steps create a new user called dashboard-admin

To access the dashboard website you could expose it publicly but kubectl gives you a way to create a secure channel to your Kubernetes cluster.

kubectl proxy

Now you can access the dashboard website at

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

You are presented with

Dashboard login prompt

We will be using the Token option to gain access with the dashboard-admin user we have created above To find the dashboard-admin token run:

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard-admin | awk '{print $1}')

You will be presented with something the this

Name:         dashboard-admin-token-2w99d
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: dashboard-admin
              kubernetes.io/service-account.uid: d9f596ac-5302-47f2-8032-bf351b23e675

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1156 bytes
namespace:  11 bytes
token:     eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1sa3M2eCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImEzNWMyY2IzLTA1YWMtMTFlOS04NmUzLTZhOTFiNDE2ZDJjMCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.AAfPt6pWwz2uS5EVQRedFfvfdWTdrRWq_nuPohmzWPR-IFa587tWBB4yM-ixtvsaQpv3epT3xlPgan9G3v5_h-qFa7SBtrOZc_hYo6CNRQmjjz4WnR3ySoESWjSVX6Zlp5TciXIWKB2EUUykxMwYACCzDhsKf-RmQb8oRSrWgfQcHi0igJo27QaDMKe4912Ql0_m02lsYNyU0qN2wKuNoWlNgB1kIFbJ7yjJc78JIE9WXJNHcGhI9VJR9jTVKXW4gbBx_upfRduTcONbKXvYvy87RUIKw4I_0ikBI1viCZiUH2xb7XGOLRqIuAEIxVzwHRazCcdXK9NX5C4biI6dCQ

Copy the token that was output:

eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZC10b2tlbi1sa3M2eCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImEzNWMyY2IzLTA1YWMtMTFlOS04NmUzLTZhOTFiNDE2ZDJjMCIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTprdWJlcm5ldGVzLWRhc2hib2FyZCJ9.AAfPt6pWwz2uS5EVQRedFfvfdWTdrRWq_nuPohmzWPR-IFa587tWBB4yM-ixtvsaQpv3epT3xlPgan9G3v5_h-qFa7SBtrOZc_hYo6CNRQmjjz4WnR3ySoESWjSVX6Zlp5TciXIWKB2EUUykxMwYACCzDhsKf-RmQb8oRSrWgfQcHi0igJo27QaDMKe4912Ql0_m02lsYNyU0qN2wKuNoWlNgB1kIFbJ7yjJc78JIE9WXJNHcGhI9VJR9jTVKXW4gbBx_upfRduTcONbKXvYvy87RUIKw4I_0ikBI1viCZiUH2xb7XGOLRqIuAEIxVzwHRazCcdXK9NX5C4biI6dCQ

This can be used to login to the dashboard, however you will be presented with the number of errors.

These errors are due to the dashboard-admin not having the correct privileges so need to add a ClusterRoleBinding

dashboard-admin-binding.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin
  namespace: kube-system

To create the role binding run:

kubectl create -f dashboard-admin-binding.yaml

The dashboard-admin now has all privileges required for you to use the dashboard. One word of warning though, I am not an expert and have hobbled this guide together though trial, error, and much documentation diving. Have fun!