Skip to content

Kubernetes Dashboard Deployment

Kubernetes Dashboard Deployment refers to the process of installing and configuring the web-based UI for Kubernetes clusters. The Dashboard is not deployed by default and must be installed manually^[dashboatd.install.md].

Installation Methods

There are two primary methods for deploying the dashboard described in the source materials: using a direct Kubernetes manifest (kubectl) or using the Helm package manager.

Method 1: Kubernetes Manifest

To deploy the dashboard using the official recommended configuration, you can apply the manifest directly from the Kubernetes GitHub repository^[dashboatd.install.md].

[kubectl](<./kubectl.md>) apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

Method 2: Helm

The dashboard can also be deployed using Helm. This involves adding the official Kubernetes Dashboard repository and then installing the chart^[terraform-helm__README.md].

# Add repository
[Helm](<./helm.md>) repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/

# Install the chart
[Helm](<./helm.md>) install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard

This method can also be automated using Terraform with the Helm provider^[terraform-helm__README.md].

Accessing the Dashboard

By default, the Dashboard service may not be exposed externally. Access typically requires modifying the service type or port-forwarding^[dashboatd.install.md].

  • Port Forwarding: You can access the dashboard locally by port-forwarding the Pod to localhost:8443^[dashboatd.install.md].
  • NodePort: Alternatively, you can edit the service to use NodePort type to expose it via a specific port on the cluster nodes^[dashboatd.install.md]. 
    [kubectl](<./kubectl.md>) edit svc kubernetes-dashboard -n kubernetes-dashboard
    Once modified, the URL can be accessed via https://<NODE_IP>:<NODE_PORT>^[dashboatd.install.md].

Authentication and Authorization

To log in to the dashboard, you typically need a Service Account token with appropriate permissions (RBAC)^[dashboatd.install.md].

1. Create Service Account and Role Binding

You must bind a Service Account to a ClusterRole (such as the built-in cluster-admin) to grant permissions^[dashboatd.install.md].

# dashboard-user.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: cluster-admin-binding
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: cluster-admin-tommy
  namespace: kube-system

Apply this configuration to create the binding^[dashboatd.install.md].

2. Retrieve the Token

Once the Service Account is created, Kubernetes generates a secret containing the authentication token. You can retrieve the decoded token using the following command^[dashboatd.install.md]:

[kubectl](<./kubectl.md>) get secret <service-account-token-name> -o jsonpath={.data.token} -n kube-system | base64 -d

This token can then be used on the Dashboard login screen^[dashboatd.install.md].

Sources

  • dashboatd.install.md
  • terraform-helm__README.md