Skip to content

Kubernetes Dashboard

The Kubernetes Dashboard is a general-purpose, web-based User Interface (UI) for Kubernetes clusters^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]. It allows users to manage and troubleshoot applications running in the cluster, as well as manage the cluster itself^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

Deployment Methods

The Dashboard is not deployed by default and must be installed manually^[400-devops-06-kubernetes-k8s-learning-01dashboard-dashboatdinstall.md]. It can be deployed via raw manifest files or packaged as a Helm chart.

Via kubectl

To deploy using the standard Kubernetes recommended configuration: 

[kubectl](<./kubectl.md>) apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml
^[400-devops-06-kubernetes-k8s-learning-01dashboard-dashboatdinstall.md]

Via Helm

The chart is hosted in the kubernetes-dashboard repository^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

  1. Add the repository: 
    [Helm](<./helm.md>) repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
  2. Install the chart: 
    [Helm](<./helm.md>) install kubernetes-dashboard/kubernetes-dashboard --name my-release
    ^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]

Configuration parameters (such as replicaCount, image.tag, or protocolHttp) can be customized using --set flags or a values.yaml file^[400-devops__06-Kubernetes-devops-helm-terraform-helm-helm-readme.md].

Accessing the Dashboard

There are several methods to access the Dashboard UI depending on the service configuration.

NodePort

By modifying the service type to NodePort, the Dashboard can be accessed via the IP address of any node in the cluster and the exposed port^[400-devops-06-kubernetes-k8s-learning-01dashboard-dashboatdinstall.md]. 

[kubectl](<./kubectl.md>) edit svc kubernetes-dashboard -n kubernetes-dashboard
# Set Type: [NodePort](<./nodeport.md>)
^[400-devops-06-kubernetes-k8s-learning-01dashboard-dashboatdinstall.md]

kubectl Proxy

When using kubectl proxy, the service name must be kubernetes-dashboard for the automatic address expansion to work correctly^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md]. If installing via Helm, this requires setting fullnameOverride: 'kubernetes-dashboard'^[400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md].

Ingress

Ingress can be used to expose the dashboard. If HTTPS is required, specific annotations may be needed for Ingress controllers like nginx or GKE^[400-devops-06-kubernetes-devops-helm-terraform-helm-helm-readme.md].

Authentication and Access Control

Because the Dashboard requires authentication, proper setup of Role-Based Access Control (RBAC) is critical^[400-devops-06-kubernetes-devops-helm-terraform-helm-helm-readme.md]. It is highly recommended to use RBAC with the minimal privileges needed^[400-devops-06-kubernetes-devops-helm-terraform-helm-helm-readme.md].

Creating a User

To log in, a user typically creates a [[Service Account]] and binds it to a ClusterRole (such as the default cluster-admin or a custom read-only role)^[400-devops-06-kubernetes-k8s-learning-01dashboard-dashboatdinstall.md].

  1. Create a Service Account: 
    [kubectl](<./kubectl.md>) create sa <username> -n <namespace>
  2. Create a ClusterRoleBinding: This links the ServiceAccount to a ClusterRole (e.g., cluster-admin)^[400-devops-06-kubernetes-k8s-learning-01dashboard-dashboatdinstall.md]. 
    kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: admin-user-binding
roleRef:
  kind: ClusterRole
  name: cluster-admin
  apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
  name: <username>
  namespace: <namespace>

Retrieving the Token

Once the ServiceAccount is created, the login token can be retrieved by decoding the secret associated with the account^[400-devops-06-kubernetes-k8s-learning-linux-03-dashboard-readme.md]. 

[kubectl](<./kubectl.md>) -n <namespace> get secret $([kubectl](<./kubectl.md>) -n <namespace> get sa/<username> -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"
^[400-devops-06-kubernetes-k8s-learning-linux-03-dashboard-readme.md]

Upgrading Considerations

When upgrading to major versions (e.g., 1.x to 2.x), breaking changes often require manual intervention, such as removing deprecated parameters like clusterAdminRole or enableSkipLogin and reinstalling the chart^[400-devops-06-kubernetes-devops-helm-terraform-helm-helm-readme.md].

Sources

  • 400-devops__06-Kubernetes__devops-helm__terraform-helm__helm__README.md
  • 400-devops-06-kubernetes-k8s-learning-01dashboard-dashboatdinstall.md
  • 400-devops-06-kubernetes-k8s-learning-linux-03-dashboard-readme.md
  • 400-devops-06-kubernetes-devops-helm-terraform-helm-helm-readme.md