Yayyy!! Mindbrews First Edition is now live on Magzter!

Developers & Open Source

How to deploy Kubernetes Dashboard?

This article assumes that you’re already familiar with basics of Kubernetes, and know what kubectl is, and what kubectl apply -f does. If you’re not, I’ll suggest you to go through the basics of Kubernetes First.

In this tutorial I’ll guide you to deploy the Kubernetes Dashboard in a Kubernetes Cluster. But wait, what’s Kubernetes Dashboard? As per their official statement, “Kubernetes Dashboard is a general purpose, web-based UI for Kubernetes clusters. It allows users to manage applications running in the cluster and troubleshoot them, as well as manage the cluster itself.“, as per me, “It gives you a bird eye view of everything in your cluster, so that you don’t have to keep doing kubectl describe resource -n namespace all day!

Pre-requisites

  • A running Kubernetes cluster
  • kubectl configured to use the cluster

Let’s get started

Part 1: Deploying the Dashboard

Deploying the dashboard is pretty much straightforward, you just run the deployment YAML file provided by the kubernetes-dashboard team, and you’re good to go, you can get the latest command or the address of the file incase you want to customize from their official GitHub repository, at the time of writing this article, latest stable version was 2.2.0, and the command to deploy it is:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.2.0/aio/deploy/recommended.yaml

Once you run the command, you can expect to see an output similar to this:

namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

Part 2: Accessing the Dashboard

Once the dashboard is deployed, you can access it via kubectl proxy, to access, run the following command:

Suggested:  Top Highest Paying Jobs For Software Engineers In India

kubectl proxy

and now you can access the dashboard at http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

Tip

kubectl proxy runs on port 8001 by default, in case you want to change the port, you can use –port flag to change the listening port, and –address flag to change the listening IP. The command will become something like: kubectl proxy –address=’0.0.0.0′ –accept-hosts=’.*’ –port 9855

When you access the above address, it’ll present you with 2 options to login, Token and Kubeconfig, to access you would be needing a Authentication Token, to generate token follow the next steps.

Part 2.1 Creating a Sample User

To create a sample user, create a new file roles.yaml and put the content below in it

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

Now apply the file, kubectl apply -f roles.yaml

Part 2.2 Creating the Token for the above created user

To generate a token, run the following command: (P.S. The command is written as per Bash, if you’re using any other shell, feel free to modify it accordingly)

kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

Once you run the command, you should see a really long random text, that’s your token, you can now login to Kubernetes Dashboard via this token.

Suggested:  Shaping The Future With Data Science

Bonus: Creating an Ingress resource to access the dashboard from a public url

Warning

It’s not advised to expose your Kubernetes dashboard outside of secure network, i.e. access to the dashboard should be restricted from selected IP Addresses, or should be behind a firewall.
Also, always use HTTPS while deploying it on public url

If you’ve an ingress controller in your cluster, you can expose your kubernetes dashboard on an easy to remember hostname.

Step 1: Create a SSL Secret

You can skip this part if you don’t want SSL for your dashboard (Not Recommended, also can cause issues). To create a SSL Secret, create a directory certs and paste your certificate cert.crt and private key key.pem in it, and run the following command

kubectl create secret tls ssl-certificate --key certs/key.pem --cert certs/cert.crt -n kubernetes-dashboard

Step 2: Creating the Service and Ingress Resource

Create a file kubernetes-dashboard-service-ingress.yaml and paste the content below,

kind: Service
apiVersion: v1
metadata:
  name: kubernetes-dashboard-svc
  namespace: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
spec:
  ports:
    - protocol: TCP
      port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  type: NodePort
  sessionAffinity: None
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: "nginx"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  labels:
    app: dashboard-ingress
spec:
  tls:
  - hosts:
    - myhostname.com # Replace it with the deployment domain
    secretName: ssl-certificate
  rules:
  - host: myhostname.com # Replace it with your domain
    http:
      paths:
      - backend:
          serviceName: kubernetes-dashboard-svc
          servicePort: 443
        path: /

You should change myhostname.com to whatever domain you want to expose it on and now apply the file using the command kubectl apply -f kubernetes-dashboard-service-ingress.yaml

All done, now you can access the dashboard at myhostname.com

That’s all folks, now you can access the dashboard either via Proxy or via Hostname, let me know if you’ve any queries, or you get stuck somewhere in the comments below! All the best!

Suggested:  How to Filter for Values in a Django QuerySet?
Related posts
Developers & Open Source

How to deploy Nginx Ingress Controller in Kubernetes