How To Setup Kubernetes Dashboard On EKS
This example shows how to install Kubernetes Dashboard and expose it over the Application Load Balancer (ALB) Ingress Controller, providing a seamless and secure way to access the dashboard from the internet.
Install Kubernetes Dashboard
# Add kubernetes-dashboard repository
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
# Deploy a Helm Release named "kubernetes-dashboard" using the kubernetes-dashboard chart
helm upgrade \
--install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard \
--create-namespace \
--namespace kubernetes-dashboardConfigure Kubernetes Dashboard to use NodePort for ALB
kubectl - namespace kubernetes-dashboard patch svc kubernetes-dashboard-kong-proxy -p '{"spec": {"type": "NodePort"}}'Create a `admin-user` for the Kubernetes Dashboard
cat kubernetes-dashboard-adminuser.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
---
kubectl apply -f ./kubernetes-dashboard-adminuser.yamlGetting a Bearer Token
kubectl -n kubernetes-dashboard create token admin-userCopy of the generated token, we will use it the next step.
Test Kubernetes Dashboard Setup
You can check your Kubernetes Dashboard through `https://localhost:8443` by executing:
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443Setup ALB via ALB Controller
cat kubernetes-dashboard-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
alb.ingress.kubernetes.io/certificate-arn: <YOUR CERTIFICATE ARN>
alb.ingress.kubernetes.io/load-balancer-name: <YOUR EXISTING ALB>
alb.ingress.kubernetes.io/scheme: internet-facing
external-dns.alpha.kubernetes.io/hostname: <YOUR HOSTNAME>
alb.ingress.kubernetes.io/listen-ports: '[{"HTTP": 80}, {"HTTPS":443}]'
alb.ingress.kubernetes.io/ssl-redirect: '443'
alb.ingress.kubernetes.io/backend-protocol: HTTPS
alb.ingress.kubernetes.io/target-type: instance
alb.ingress.kubernetes.io/group.name: "<YOUR GROUP NAME>"
finalizers:
- ingress.k8s.aws/resources
name: kubernetes-dashboard-ingress
namespace: kubernetes-dashboard
spec:
ingressClassName: alb
rules:
- host: <YOUR HOSTNAME>
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard-kong-proxy
port:
number: 443
kubectl apply -f kubernetes-dashboard-ingress.yamlWe are reusing an existing ALB with multiple Ingresses by applying alb.ingress.kubernetes.io/group.name annotation.
Conclusion
Setting up the Kubernetes Dashboard on EKS and exposing it through an ALB Ingress Controller involves several steps, including installing the dashboard via Helm, configuring NodePort, creating administrative user access, and setting up ALB Ingress rules. Following these steps ensures a secure and seamless way to manage your Kubernetes cluster. Securing these endpoints with a VPN using IPsec is highly recommended for enhanced security, especially in enterprise environments. This setup provides a robust and user-friendly interface to monitor and manage your Kubernetes resources efficiently.
