Kubernetes Dashboard Authentication¶

The Kubernetes Dashboard requires authentication to access the web UI, typically managed through ServiceAccounts and bearer tokens.^[02-dashboard__README.md]

User Creation¶

Authentication begins with creating a dedicated ServiceAccount and binding it to a ClusterRole.^[02-dashboard__README.md] This is often done by applying a resource configuration, such as 02-dashboard-account.yaml, which creates the admin-user ServiceAccount and the corresponding clusterrolebinding.^[02-dashboard__README.md]

Token Retrieval¶

To log in, the user must retrieve the authentication token associated with the ServiceAccount.^[02-dashboard__README.md] The specific token secret can be dynamically queried and decoded using kubectl with the following command template^[02-dashboard__README.md]:

[kubectl](<./kubectl.md>) -n kubernetes-dashboard get secret $([kubectl](<./kubectl.md>) -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

This command locates the secret name for the admin-user ServiceAccount and outputs the decoded token string^[02-dashboard__README.md], which resembles a long Base64 encoded string starting with eyJhbGciOiJSUzI1NiIs....^[02-dashboard__README.md]

Access¶

The dashboard is accessed via a specific URL and port (e.g., https://hdss7-11.host.com:31260), where the retrieved token is used as the login credential^[02-dashboard__README.md].

Sources¶

^[02-dashboard__README.md]