kubectl proxy for dashboard access¶

kubectl proxy is a command-line utility used to access the Kubernetes Dashboard and other API resources from a local workstation without exposing the API server to the public internet^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

Overview¶

The Kubernetes Dashboard is a web-based UI that provides a visual overview of container service states and allows users to execute kubectl commands via a graphical interface^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]. To access this UI securely, the kubectl proxy command creates an API server proxy that listens on your local machine, typically on port 8001^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

Configuration and Access¶

1. Deployment¶

Before running the proxy, the Dashboard must be deployed to the cluster. This is typically done by applying the official recommended manifest^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

[kubectl](<./kubectl.md>) apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml

2. Verification¶

Ensure the Dashboard pods are running in the kubernetes-dashboard namespace^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

[kubectl](<./kubectl.md>) get pod -n kubernetes-dashboard

3. Running the Proxy¶

Execute the following command to start the proxy server^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

[kubectl proxy](<./kubectl-proxy.md>)

Upon successful execution, the terminal will display a message indicating the service is running^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]:

Starting to serve on 127.0.0.1:8001

4. Accessing the UI¶

Once the proxy is active, the Dashboard can be accessed via the following URL^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]:

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

5. Authentication¶

Accessing the URL presents a login screen requiring a Token^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]. To log in, a user must create a service account with appropriate permissions (e.g., cluster-admin), generate a secret, and retrieve the authentication token^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

Benefits¶

Using kubectl proxy is considered the standard method for local access because it leverages your existing kubeconfig credentials and does not require opening additional firewall ports or setting up complex Ingress rules for administrative access^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

Related Concepts¶

• Kubernetes Dashboard
• kubectl
• [[Service Account]]

Sources¶

^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]