Skip to main content

Deploying Dashboard Interface

The Dashboard user interface is not deployed by default. Follow the steps below to deploy:
To protect your cluster data, Dashboard is deployed with at least one RBAC configuration by default. Dashboard only supports login with Bearer Token.
vi dashboard-service.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

vi dashboard-adminuser.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: admin-user
    namespace: kubernetes-dashboard

kubectl apply -f dashboard-service.yaml
kubectl apply -f dashboard-adminuser.yaml
kubectl create clusterrolebinding permissive-binding --clusterrole=cluster-admin --user=admin --user=kubelet --group=system:serviceaccounts
kubectl create clusterrolebinding kubernetes-dashboard -n kube-system --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard

vi dashboard-deployment.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.1.0/aio/deploy/recommended.yaml

NodePort Setting

When Kubernetes dashboard is installed with the steps above, it will open with ClusterIP by default. To access externally, we need to change the value in the Service as follows. 
kubectl -n kubernetes-dashboard edit service kubernetes-dashboard

apiVersion: v1
...
name: kubernetes-dashboard
namespace: kube-system
resourceVersion: "343478"
selfLink: /api/v1/namespaces/kube-system/services/kubernetes-dashboard-head
uid: 8e48f478-993d-11e7-87e0-901b0e532516
spec:
  clusterIP: <YOUR_CLUSTER_IP>
  externalTrafficPolicy: Cluster
  ports:
    - port: 443
      protocol: TCP
      targetPort: 8443
      nodePort: 32100
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}
Then we need to check the port where Dashboard is located. There should be a service view similar to the following. 
kubectl -n kubernetes-dashboard get service kubernetes-dashboard
Example output: 
NAME                   TYPE       CLUSTER-IP   EXTERNAL-IP   PORT(S)         AGE
kubernetes-dashboard   NodePort   <YOUR_CLUSTER_IP>   <none>        443:32100/TCP   13d
Dashboard is displayed on port 32100 (HTTPS). You can now access it from your browser: https://<YOUR_CLUSTER_IP>:32100. Getting Token: 
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | awk '/^deployment-controller-token-/{print $1}') | awk '$1=="token:"{print $2}'