Web UI Dashboard for Kubernetes

Kubernetes dashboard provides a web-based UI for the cluster. One can deploy applications on the cluster using the dashboard as well as troubleshoot the existing applications in the cluster. The dashboard also provides insight into the resources in the cluster. The dashboard is officially provided by Kubernetes. One can create, modify, update and delete Kubernetes objects using the dashboard. 

In this article, we will install the official dashboard provided by Kubernetes and set up a service account to access it. Before proceeding with this article, it is assumed that you are familiar with Kubernetes and have a Kubernetes Cluster.

Pre-requisites

  1. Kubernetes Cluster with at least 1 worker node.
    If you want to learn to create a Kubernetes Cluster, click here. This guide will help you create a Kubernetes cluster with 1 Master and 2 Worker Nodes on AWS Ubuntu 18.04 EC2 Instances.
  2. Basic understanding of Kubernetes. 

 What will we do?

  1. Deploy the Kubernetes Dashboard.
  2. Set up a ServiceAccount to access the Kubernetes Dashboard.
  3. Access the Kubernetes Dashboard.

Deploy the Kubernetes Dashboard

To deploy the Kubernetes dashboard, we can download its object file from Github. Use the following command to download the object file. This file contains definitions for Namespace, ServiceAccount, Service, Secret, ConfigMap, Role, ClusterRole, RoleBinding, ClusterRoleBinding, Deployment, and Service. 

pwd
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml

Download templates

Rename the file and change the service type to NodePort. Refer to the following screenshot.

mv recommended.yaml kubernetes-dashboard-deployment.yml
vim kubernetes-dashboard-deployment.yml

Change Service Type to NodePort

Once you have changed the service type to NodePort, it is time to create all the objects responsible to deploy the Kubernetes dashboard. 

kubectl apply -f kubernetes-dashboard-deployment.yml

Check the deployment, Pod, and Service which has been created by the above command. The above command also creates Namespace, ServiceAccount, Service, Secret, ConfigMap, Role, ClusterRole, RoleBinding, ClusterRoleBinding, Deployment, and Service.

kubectl get deployments -n kubernetes-dashboard
kubectl get svc
kubectl get pods
kubectl get pods -n kubernetes-dashboard
kubectl get svc -n kubernetes-dashboard

Create Kubernetes objects for the dashboard

In the above screenshot, you can see that the Kubernetes Dashboard Service with the type "NodePort" has been created. It means the dashboard will be available on any of the IPs of the nodes on NodePort "32304". You may see a different port for the service on your cluster.

Use the following command to get the IPs of your nodes which you will need in the later steps.

kubectl get nodes -o wide

Setup a ServiceAccount to access the Kubernetes Dashboard

To access the Kubernetes Dashboard you need to have a token. To create a token we first need to create a ServiceAccount

Create a new file and add the following content to it to create a ServiceAccount. You can also download the object file from my Github repo.

vim admin-sa.yml
cat admin-sa.yml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: rahul-admin
  namespace: kube-system

Once you have the object file, execute the following command to create a ServiceAccount.

kubectl apply -f admin-sa.yml

Create a Service Account

Now you need to associate the ServiceAccount "rahul-admin" to the cluster role "cluster-admin". Create a new file with the following content to create a ClusterRoleBinding or click here to download the object file from my Github repo.

vim admin-rbac.yml
cat admin-rbac.yml
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: rahul-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: rahul-admin
    namespace: kube-system

Execute the following command to create a "ClusterRoleBinding".

kubectl apply -f admin-rbac.yml

Create a ClusterRoleBinding

Now we have a "ClusterRole" --> "cluster-admin"  bound to the "ServiceAccount" --> "rahul-admin".

We are now ready to fetch the token to be used to login into the Kubernetes dashboard. To fetch the token, execute the following commands.

SA_NAME="rahul-admin"
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${SA_NAME} | awk '{print $1}')

Get the Token

In the above screenshot, you can see a token to be used to login into the Kubernetes dashboard. Copy this token and hit the dashboard URL on "NodeIP:NodePort". 

Here, NodeIP is the IP of any of the nodes in the cluster and NodePort is the Port(in this case it is 32304, in your case you may have a different port) of the service we created. 

Once you hit the URL "NodeIP:NodePort", you will see a screen as follows. Here, select the "Token" option, enter the Token we fetched in the above step and click on the "Sign in" button.

Access the Kubernetes Dashboard

Access the Dashboard on IP:NodePort

Once you successfully sign in, you should see the Kubernetes Dashboard as follows.

The Dashboard - Default Namespace

At the top of the screen, you can even change the Namespace and see resources in it. Now you are all set to explore the Kubernetes Dashboard.

The Dashboard - kubernetes-dashboard Namespace

Conclusion

In this article, we deployed all the necessary Kubernetes objects to have the Dashboard in the cluster. We created a ServiceAccount and ClusterRoleBinding to have a Token to access the Kubernetes Dashboard as it cannot be accessed simply. The dashboard can help you get an understanding of the cluster and see all objects it has in it.

Share this page:

0 Comment(s)