Open in app

Sign in

Write

Sign in

Deploy the Kubernetes Dashboard UI

Yet Another Opportunity of Learning
4 min readAug 24, 2021

--

Step 1:- Install Kubernetes Dashboard Resources
Step 2:- Create a User with Full Access ( Admin Only )
Step 3:- Create a User with Limited Access ( Read-Only )
Step 4:- Access the k8s Dashboard
Step 5:- Remove the Kubernetes Dashboard

Deploy the Kubernetes Dashboard UI

Step 1:- Install Kubernetes Dashboard Resources

The Dashboard UI is not deployed by default. To deploy it, run the following command:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

after you will see the recourses created by commands

Verify all the pods are running or not

Assume your company is having so many different teams and they need to access the Kubernetes dashboard to check the pods and so. you should not provide full access to your Kubernetes cluster. if they delete anything and are not reporting, then finding the issue and resolving it is a very tough job for you.
So we will create two service account
Create a User with Full Access ( Admin Only ) and another one is for Read-only.

Step 2:- Create a User with Full Access ( Admin Only )

$ vi admin-dashboard.yaml

and add the below configuration and save it

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

let's deploy so the service account will create with the cluster role.

$ kubectl apply -f admin-dashboard.yaml

Now try to get the token

$ kubectl get secret -n kubernetes-dashboard $(kubectl get serviceaccount admin-user -n kubernetes-dashboard -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode

Now copy the token which will look like

Please Copy Carefully.

Step 3:- Create a User with Limited Access ( Read-Only )

$ vi read-dashboard.yaml

and add the below configuration and save it

apiVersion: v1
kind: ServiceAccount
metadata:
  name: read-only-account
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
  name: read-only-clusterrole
  namespace: default
rules:
- apiGroups:
  - ""
  resources: ["*"]
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - extensions
  resources: ["*"]
  verbs:
  - get
  - list
  - watch
- apiGroups:
  - apps
  resources: ["*"]
  verbs:
  - get
  - list
  - watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-only-binding
roleRef:
  kind: ClusterRole
  name: read-only-clusterrole
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: read-only-account
  namespace: kubernetes-dashboard

let's deploy so the service account will create with the cluster role.

$ kubectl apply -f read-dashboard.yaml

Now try to get the token

$ kubectl get secret -n kubernetes-dashboard $(kubectl get serviceaccount read-only-account -n kubernetes-dashboard -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode

Now copy the token which will look like

Step 4:- Access the k8s Dashboard

Start a proxy service on the localhost.

$ kubectl proxy

Starting to serve on 127.0.0.1:8001
Open the browser and try to access the below link

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

if you are Configured the Ingress and Cert-manager then you can do one thing you can create a Kubernetes Dashboard Ingress save the below configuration in a file and apply

kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: k8s-dashboard
  namespace: kubernetes-dashboard
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
  tls:
    - hosts:
        - <k8s.google.com>
      secretName: <tls_secret_name>
  rules:
    - host: <k8s.google.com>
      http:
        paths:
          - path: /
            pathType: ImplementationSpecific
            backend:
              serviceName: kubernetes-dashboard
              servicePort: 443

Note: Don’t try to expose a service as a LoadBalancer, Because if you have your cluster set up on a local system/bare metal system, it’s fine. but suppose you have set up on any Cloud Env then once you apply to service as a load balancer cloud will generate additional External link for you, which will charge you around 30 $ or more. so I’ll not recommend you do this one. always Expose as a NodePort.

$ kubectl expose deployment kubernetes-dashboard --type=NodePort --name=kubernetes-dashboard

Step 5:- Remove the Kubernetes Dashboard
Delete the service account which is created before

$ kubectl delete -f read-dashboard.yaml
$ kubectl delete -f admin-dashboard.yaml

after this remove all the resources

$ kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml

Thanks for reading the blog please must try because “Practice make you perfect”

Don’t forget to give us Clap and share with Other’s.

Buy Me a Coffee : — https://www.buymeacoffee.com/YAOL

Previous Blog:- https://medium.com/@Opportunity-of-Learning/installation-of-apache-kafka-with-ssl-on-ubuntu-16-04-18-04-and-20-04-b3bfc7e76696

https://medium.com/@Opportunity-of-Learning/installation-of-apache-kafka-on-ubuntu-16-04-18-04-and-20-04-f5edcc94e8a0

Kubernetes
Kubernetes Dashboard
Kubernetes Cluster
K8s
Kubernetes Operator

--

--

Yet Another Opportunity of Learning

Written by Yet Another Opportunity of Learning

133 Followers

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams