Deploy the Kubernetes Dashboard UI
Step 1:- Install Kubernetes Dashboard Resources
Step 2:- Create a User with Full Access ( Admin Only )
Step 3:- Create a User with Limited Access ( Read-Only )
Step 4:- Access the k8s Dashboard
Step 5:- Remove the Kubernetes Dashboard
Step 1:- Install Kubernetes Dashboard Resources
The Dashboard UI is not deployed by default. To deploy it, run the following command:
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
after you will see the recourses created by commands
Verify all the pods are running or not
Assume your company is having so many different teams and they need to access the Kubernetes dashboard to check the pods and so. you should not provide full access to your Kubernetes cluster. if they delete anything and are not reporting, then finding the issue and resolving it is a very tough job for you.
So we will create two service account
Create a User with Full Access ( Admin Only ) and another one is for Read-only.
Step 2:- Create a User with Full Access ( Admin Only )
$ vi admin-dashboard.yaml
and add the below configuration and save it
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
let's deploy so the service account will create with the cluster role.
$ kubectl apply -f admin-dashboard.yaml
Now try to get the token
$ kubectl get secret -n kubernetes-dashboard $(kubectl get serviceaccount admin-user -n kubernetes-dashboard -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode
Now copy the token which will look like
Please Copy Carefully.
Step 3:- Create a User with Limited Access ( Read-Only )
$ vi read-dashboard.yaml
and add the below configuration and save it
apiVersion: v1
kind: ServiceAccount
metadata:
name: read-only-account
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
labels:
name: read-only-clusterrole
namespace: default
rules:
- apiGroups:
- ""
resources: ["*"]
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources: ["*"]
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources: ["*"]
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: read-only-binding
roleRef:
kind: ClusterRole
name: read-only-clusterrole
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: read-only-account
namespace: kubernetes-dashboard
let's deploy so the service account will create with the cluster role.
$ kubectl apply -f read-dashboard.yaml
Now try to get the token
$ kubectl get secret -n kubernetes-dashboard $(kubectl get serviceaccount read-only-account -n kubernetes-dashboard -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode
Now copy the token which will look like
Step 4:- Access the k8s Dashboard
Start a proxy service on the localhost.
$ kubectl proxy
Starting to serve on 127.0.0.1:8001
Open the browser and try to access the below link
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
if you are Configured the Ingress and Cert-manager then you can do one thing you can create a Kubernetes Dashboard Ingress save the below configuration in a file and apply
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
name: k8s-dashboard
namespace: kubernetes-dashboard
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
spec:
tls:
- hosts:
- <k8s.google.com>
secretName: <tls_secret_name>
rules:
- host: <k8s.google.com>
http:
paths:
- path: /
pathType: ImplementationSpecific
backend:
serviceName: kubernetes-dashboard
servicePort: 443
Note: Don’t try to expose a service as a LoadBalancer, Because if you have your cluster set up on a local system/bare metal system, it’s fine. but suppose you have set up on any Cloud Env then once you apply to service as a load balancer cloud will generate additional External link for you, which will charge you around 30 $ or more. so I’ll not recommend you do this one. always Expose as a NodePort.
$ kubectl expose deployment kubernetes-dashboard --type=NodePort --name=kubernetes-dashboard
Step 5:- Remove the Kubernetes Dashboard
Delete the service account which is created before
$ kubectl delete -f read-dashboard.yaml
$ kubectl delete -f admin-dashboard.yaml
after this remove all the resources
$ kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml
Thanks for reading the blog please must try because “Practice make you perfect”
Don’t forget to give us Clap and share with Other’s.
Buy Me a Coffee : — https://www.buymeacoffee.com/YAOL
Previous Blog:- https://medium.com/@Opportunity-of-Learning/installation-of-apache-kafka-with-ssl-on-ubuntu-16-04-18-04-and-20-04-b3bfc7e76696