Skip to content

Kubernetes Dashboard recommended.yaml deployment

The Kubernetes Dashboard is an official web-based UI for Kubernetes clusters, designed to manage and troubleshoot cluster resources as well as deploy containerized applications^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]. It serves as a graphical alternative to the kubectl command-line tool, allowing users to visualize service statuses and execute operations through the browser^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

Deployment

The standard deployment method involves applying the official manifest file directly to the cluster.^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]

1. Apply the Recommended Manifest

Execute the following command to download and install the necessary components, which creates the namespace and deploys the Dashboard services:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.1/aio/deploy/recommended.yaml
^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]

2. Verify Deployment

Ensure that the Dashboard pods are running correctly by checking the status within the kubernetes-dashboard namespace^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]:

kubectl get pod -n kubernetes-dashboard

Access

To access the Dashboard, users typically start the Kubernetes API server proxy, which creates a secure tunnel to the cluster^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

Start the Proxy:

kubectl proxy
^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]

Access via URL:

Once the proxy is running (typically listening on 127.0.0.1:8001), the Dashboard can be accessed via a specific proxy URL^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]:

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

This endpoint requires authentication via a Bearer Token^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

Authentication

Because the Dashboard runs with security constraints, a valid service account token is required to log in^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]. A common approach during testing or setup is to grant cluster-admin privileges to a service account and retrieve its token^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

1. Create Admin User and RBAC Binding

Apply a configuration to create a ClusterRoleBinding that grants the default service account in the kube-system namespace administrative privileges^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]:

kubectl apply -f - <<EOF
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kube-system-default
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: default
    namespace: kube-system
EOF

2. Retrieve the Token

After creating the binding, retrieve the authentication token associated with the service account^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

On macOS/Linux, the token can be extracted and printed using:

TOKEN=$(kubectl -n kube-system describe secret default| awk '$1=="token:"{print $2}')
echo $TOKEN
^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md]

Entering this token into the login screen grants access to the Dashboard interface^[400-devops__06-Kubernetes__k8s-ithelp__Day5__README.md].

  • kubectl
  • [[RBAC]]
  • [[Service Account]]

Sources