Getting Started: How to set up Kubernetes dashboard

Getting Started: How to set up Kubernetes dashboard

This tutorial is intended for starting users and will provision a basic Kubernetes dashboard.
Multiple simplifications and shortcut are taken in order to keep this document accessible. The section “Further Considerations” overviews these simplifications

Using “kubectl apply”

Download the configuration and save as “config.yml”

  1. In the Leaseweb Customer Portal, under the Kubernetes section, the existing clusters are visible
image 2023 6 23 8 46 24
  1. Under the ACTIONS field, click the Download kubeconfig link in order to download the yaml file:
download Kubeconfig Button
  1. Save it as config.yml in the current working directory.

Install the dashboard on a Kubernetes cluster

  1. Once the configuration is saved as “config.yml”, This command can be used to setup the dashboard on a Kubernetes cluster:
kubectl --kubeconfig config.yml create -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
  1. If everything is fine, the following command will show the newly created pods:
kubectl --kubeconfig config.yml -n kubernetes-dashboard get pods
NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-5cb4f4bb9c-qqb4p   1/1     Running   0          4m49s
kubernetes-dashboard-6967859bff-knjss        1/1     Running   0          4m50s
  1. It means the dashboard is now hosted on the cluster. In order to access it, a user need to be put in place. See next steps below.

Generate a new user to access the Kubernetes dashboard 

In order to do so, we will need to create a ServiceAccount “admin-user” that will have the necessary access. Permission will be assigned by defining a ClusterRoleBinding giving this account admin authorization on the cluster.

  1. To create the account, save the following content in a file named dashboard‑serviceaccount.yml:
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
  1. Then the following command can be used to create the new user:
kubectl --kubeconfig config.yml create -f dashboard‑serviceaccount.yml
serviceaccount/admin-user created
  1. A “token” will be required in order to be able to login to the dashboard, it can be generated using the following command:
kubectl --kubeconfig config.yml -n kubernetes-dashboard create token admin-user
eyJhbGciOiJSUzI1NiIsImtp...

The part eyJhbGciOiJSUzI1NiIsImtp...  that goes on for multiple lines is the authentication token and must be treated as sensitive information!

Accessing the Kubernetes Dashboard

  1. The following command can be used to access to proxy the dashboard to a browser:
kubectl --kubeconfig config.yml -n kubernetes-dashboard port-forward service/kubernetes-dashboard 8443:443
Forwarding from 127.0.0.1:8443 -> 8443
Forwarding from [::1]:8443 -> 8443
  1. This page will appear when loading the page at the address https://localhost:8443/ in a browser
100597768
  1. Please select “Token” and copy-paste the token generated in the section Generate a new user to access the Kubernetes dashboard
  1. The browser will now be logged-in in the dashboard.

100597769

  1. You can now “take the Dashboard Tour”. On the “namespace” combobox on the top menu, one can select the “kubernetes-dashboard” namespace.

100597770

  1. The Pods associated to the newly created service will be visible in that namespace, such as below:
100597771

Considerations

Installing via helm

A common way to install Kubernetes services is to use a “Helm Chart” in order to configure the service.
The instructions are available on how to install with Kubernetes-dashboard helm chart.

Helm has many advantages, but the most interesting one is that it allows to customize deployments according to a set of pre-defined variables that will allow you to configure the dashboard as you wish.

Once installed, the instructions from how to Generate a new user to access the Kubernetes dashboard can be used to generate a token and accessing the dashboard.

The final dashboard can be accessed using kubectl proxy as stated in the helm chart documentation

Access Control

For the sake of simplicity, here we have generated a token that has cluster-admin Role … meaning that anyone having access to this token may be able to do more than it was intended to do, including destructive actions.
If the token falls into the wrong hand, the cluster will be at risk.
Please take the time to create a new user with limited RBAC rules in order to limit the impact this token may have on the cluster.

For further information on how to create custom users and roles in the official Kubernetes documentation.

Security

The next logical step might seem to be to expose this dashboard to the internet in order to be able to access it easily. But be aware that there are some security considerations that should be taken care of, and this can be dangerous if not put in place properly.
In order to keep things as secure as possible, please do not expose the Kubernetes dashboard publicly and use the kubectl proxy command as demonstrated above in the Accessing the Kubernetes Dashboard section.

Getting Started: How to set up Kubernetes dashboard - Manage