Kubernetes Dashboard | Kubernetes Admin GUI | Kubernetes Desktop Client

Share on:

Kubernetes comes really handy with its “Kubernetes Dashboard| Kubernetes Admin GUI|Kubernetes Desktop Client".

kubernetes dashboard is a general purpose web-based UI for managing the Kubernetes cluster.

With the help of Kubernetes dashboard you can manage applications running in the cluster as well as it can help you to debug as well.

In this article we will focus on setting up “Kubernetes Dashboard| Kubernetes Admin GUI|Kubernetes Desktop Client”

  1. On Minikube
  2. On Kubernetes Local cluster
  3. On Google Kubernetes Engine using Google Cloud Platform

1. Setting up kubernetes - dashboard.yaml on Minikube

What you will need?

  1. kubectl - Kubernets v1.14.0
  2. minikube - Minikube v1.1.1

Note - For minikube and kubectl installation please refer – Getting started with Kubernets and minikube

Kubernets provides default yaml configurations for the dashboard.

dashboard.yml can be downloaded from here.

Step 1 - Apply dashboard configuration

Please execute following command to apply dashboard configuration

1$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

Step 2 - Access kubernetes dashboard on your local workstation

To access the dashboard on your local workstation you need to create a secure channel to your Kubernetes cluster.

You can run the following command

1$ kubectl proxy

Now you can access the dashboard using the URL - http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

You should see following on your browser

Note – Kubeconfig Authentication method does not support external identity providers or certificate-based authentication.

Dashboard can only be accessed over HTTPS

Step 3 - Create Service Account : admin-user and namespace : kube-system

Now you need to create a YAML configuration file for adminuser creation.

Create a YAML configuration file - dashboard-adminuser.yaml and put following configuration inside it.

1apiVersion: v1
2kind: ServiceAccount
3metadata:
4  name: admin-user
5  namespace: kube-system

Next you need to apply the adminuser configuration and for that execute the following command.

1$ kubectl apply -f dashboard-adminuser.yaml

Step 4 - Create ClusterRoleBinding for admin-user

In kubernetes ClusterRole admin-Role already exists in the cluster.

We can use it and create only ClusterRoleBinding for our ServiceAccount.

Create one more YAML configuration file with name - adminuser-rolebinding.yaml 

 1apiVersion: rbac.authorization.k8s.io/v1
 2kind: ClusterRoleBinding
 3metadata:
 4  name: admin-user
 5roleRef:
 6  apiGroup: rbac.authorization.k8s.io
 7  kind: ClusterRole
 8  name: cluster-admin
 9subjects:
10- kind: ServiceAccount
11  name: admin-user
12  namespace: kube-system

You need to apply the **adminuser-rolebinding.yaml **configuration and for that execute the following command.

1$ kubectl apply -f adminuser-rolebinding.yaml

Step 5 - Create Access/Bearer Token for admin-user

To login into the kubectl dashboard we need to create acceess token using following command.

1$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

Once you run the above command you should see something like this -

 1kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
 2Name:         admin-user-token-z9phm
 3Namespace:    kube-system
 4Labels:       <none>
 5Annotations:  kubernetes.io/service-account.name: admin-user
 6              kubernetes.io/service-account.uid: 6561d4d0-912d-11e9-b6d7-080027df159a
 7
 8Type:  kubernetes.io/service-account-token
 9
10Data
11====
12ca.crt:     1066 bytes
13namespace:  11 bytes
14token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXo5cGhtIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI2NTYxZDRkMC05MTJkLTExZTktYjZkNy0wODAwMjdkZjE1OWEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.mOfoPCHvpzR6ZY5n4pnVlSgdCs1DS3HKx95-yU_i_tiO415rSZlFqL2Mtam9HByg1bsPiON4OtbxWhQNGJ-JUWeUAKNxwOoXeg0O7RWhs8Qoh6PG7IbkjibPFS4z7NJ7wTQA0pxk22cfR7ccBLnzCwn5K3JecBOyfb-VLhaFkuLrP9EQYs9htII5QHKobn3u_OGQoRN-zqNgicAeM-0UyuI_dlo1tq__0fI4sJJa-zC0rDkDAQ1anoS4ujwGD7z22Rvnpi7HCKyRt7Wsl7hBt6HFCyxsi7Hglo5cgDRhEG47-vzKvcm9nUNNM7TpDxKPKIGeOPlB-loyq9JwhPOtLw

From the above console logs you can look for token. Copy the long token string.

Step 6 - Provide the token to kubernetes dashboard

Go back to browser and open kubernetes dashboard.

Now provide the token which you copied from the previous step here -

Step 7 - kubernetes dashboard

Once you clicked the Sign In then you should see following - Kubernetes Admin GUI

2. Setting up Kubernetes Dashboard on Local Kubernetes cluster using Vagrant on Ubuntu

Before you proceed further, I am assuming you have your kubernetes cluster up and running and you have installed with kubectl on your local development machine.

If you do not have kubernetes cluster up and running then I would recommend to follow this guide for setting up your local kubernetes cluster.

Setting Up Local Kubernetes Cluster This guide will help to setup local kubernetes cluster using Vagrant’s virtual machine on Ubuntu

Step 1 - Setup/install kubernetes dashboard using kubectl.

Now you have your cluster up and running. Use the following command to install the kubernetes dashbaord

1kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
 1namespace/kubernetes-dashboard created
 2serviceaccount/kubernetes-dashboard created
 3service/kubernetes-dashboard created
 4secret/kubernetes-dashboard-certs created
 5secret/kubernetes-dashboard-csrf created
 6secret/kubernetes-dashboard-key-holder created
 7configmap/kubernetes-dashboard-settings created
 8role.rbac.authorization.k8s.io/kubernetes-dashboard created
 9clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
10rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
11clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
12deployment.apps/kubernetes-dashboard created
13service/dashboard-metrics-scraper created
14deployment.apps/dashboard-metrics-scraper created

Step 2 - Start kubernetes API server using kubectl

Now we need to start kubernetes API server, so that we can access the kubernetes dashboard.

Run the following command to start kubernetes API server

1$ kubectl proxy

Now after running the above command we can access the kubernetes dashboard using following URL

1$ https://100.0.0.2:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Once you will open above URL, it will lead you to authentication page. On authenticate page you will be either asked to provide Kubeconfig or Token for the service account.

Since our kubernete cluster is pretty new so we need to create a service account and assign some roles to it.

Step 3 - Create service Account

Use the following command to create a Service Account

1cat <<EOF | kubectl create -f -
2apiVersion: v1
3kind: ServiceAccount
4metadata:
5  name: admin-user
6  namespace: kube-system
7EOF

Step 4 - Create ClusterRoleBinding with the user which we have created in Step 3.

Use the following command to create ClusterRoleBinding

 1cat <<EOF | kubectl create -f -
 2apiVersion: rbac.authorization.k8s.io/v1
 3kind: ClusterRoleBinding
 4metadata:
 5  name: admin-user
 6roleRef:
 7  apiGroup: rbac.authorization.k8s.io
 8  kind: ClusterRole
 9  name: cluster-admin
10subjects:
11- kind: ServiceAccount
12  name: admin-user
13  namespace: kube-system
14EOF

Step 5 - Generate the bearer token/secret token

To authenticate on kubernetes dashboard we need to provide bearer token. Use the following command to generate the bearer token

1$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
 1Name:         admin-user-token-2pt5j
 2Namespace:    kube-system
 3Labels:       <none>
 4Annotations:  kubernetes.io/service-account.name: admin-user
 5              kubernetes.io/service-account.uid: d1db9676-1157-4dd4-8989-c104f56eb4aa
 6
 7Type:  kubernetes.io/service-account-token
 8
 9Data
10====
11namespace:  11 bytes
12token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IkdtcW9vT2VGRVNWa3hmc28zMmVUdlAwMlBpVUstc1ltLUF1dF9TV01fWmsifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLTJwdDVqIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkMWRiOTY3Ni0xMTU3LTRkZDQtODk4OS1jMTA0ZjU2ZWI0YWEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06YWRtaW4tdXNlciJ9.eSjUGVNmuCDVh9mcDOexWW65oOmJlkwExwB1NY4QLyWCkTGKKyjj5VxCHL2M9tfam5aD7JjbBBc9OPMKEsnHTVFoXq4QKJ6kPRCO5sxbOL7cGL9iUqLzVwLkApcKyf9l9oGpDz4Br0iQdjmqi4fDkJVrRAVSdYq2Z8bS7lX7gjOlCqvlduAaaVcXskgtmyJYvbFqAFy641NHnKDTzA_le3wx5ja-1blxsmu3m-McXxVhi4sA6mRlTtxn2d4_2Y5XukYbZ9Xh8kaUrc4h2axrDhvhvtn-WomGvlcV_5kf9EQ1HdW0quDxnzEbq5gVMVsY0KS-hV7x1HXd8E4Ty6TNjw
13ca.crt:     1025 bytes

Step 6 - Sign In to Kubernetes Dashboard

Copy the token and go back to browser (http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/). On the authenticate page select the option token and paste the token.

Click “SIGN IN” and you should be able to see your Kubernetes Dashboard fully operational.

Great now you have your dashboard up and running.

3. Setting Up kubernetes Dashboard on GKE(Google Kubernetes Engine) on GCP(Google Cloud Platform)

Setting the kubernetes dashboard on GKE(Google Kubernetes Engine) is fairly simple as compared to setting it up on local kubernetes cluster or in minikube.id

Before that first thing which we need to do is to setup kubernetes cluster on GKE(Google Kubernetes Engine).

Step 1 - Setup kubernetes cluster on GKE(Google Kubernetes Engine)

Goto - https://cloud.google.com/

(Note - If you do not have Google Cloud Account active then you can use the free credit provided by google to utilize its services. Google provides 300$ credit for 1 year and it is sufficient enough to start working with google cloud services)

So I am assuming now you have Google Cloud account, now you can goto My First Project

Then you can create a New Project

In this case I am creating a sample project with name - jhooq-sprinboot-k8s-demo

Now on the left hand navigation menu search for the menu “Kubernetes Engine” then click on “Clusters"

Now click on Create Cluster then it will show up Cluster Basics form where you need to fill in the Cluster Name.

So in our case I am putting the cluster name as - jhooq-kubernetes-dashboard

And after that click on the create cluster.(Cluster creation generally takes little time so be patient.)

After the cluster creation click on the Connect option to access the Cluster Command Line Console

On console it will by default put an command to get the credentials, so you just need to press enter or execute that command.

Step 2 - Setup dashboard or install dashboard

Now you need to run the dahsboard install command using kubectl

1$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml
 1namespace/kubernetes-dashboard created
 2serviceaccount/kubernetes-dashboard created
 3service/kubernetes-dashboard created
 4secret/kubernetes-dashboard-certs created
 5secret/kubernetes-dashboard-csrf created
 6secret/kubernetes-dashboard-key-holder created
 7configmap/kubernetes-dashboard-settings created
 8role.rbac.authorization.k8s.io/kubernetes-dashboard created
 9clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
10rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
11clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
12deployment.apps/kubernetes-dashboard created
13service/dashboard-metrics-scraper created
14deployment.apps/dashboard-metrics-scraper created

Step 3 - Create service Account

Run the following command on the gcloud terminal for creating service account

1cat <<EOF | kubectl create -f -
2apiVersion: v1
3kind: ServiceAccount
4metadata:
5  name: admin-user
6  namespace: kubernetes-dashboard
7EOF

Step 4 - Create ClusterRoleBinding with the user which we have created in Step 3.

 1cat <<EOF | kubectl create -f -
 2apiVersion: rbac.authorization.k8s.io/v1
 3kind: ClusterRoleBinding
 4metadata:
 5  name: admin-user
 6roleRef:
 7  apiGroup: rbac.authorization.k8s.io
 8  kind: ClusterRole
 9  name: cluster-admin
10subjects:
11- kind: ServiceAccount
12  name: admin-user
13  namespace: kubernetes-dashboard
14EOF

Step 5 - Start kubectl proxy

Now we need to start the kubectl proxy server

1$ kubectl proxy

Step 6 - Generate secret token for accessing dashaboard

Use the following command to generate secret token because we need this token to access the dashboard

1$ kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

It should return something similar

 1Name:         default-token-sv6pq
 2Namespace:    kubernetes-dashboard
 3Labels:       <none>
 4Annotations:  kubernetes.io/service-account.name: default
 5              kubernetes.io/service-account.uid: df19ff8d-b64a-11ea-a6e6-42010a80021d
 6
 7Type:  kubernetes.io/service-account-token
 8
 9Data
10====
11ca.crt:     1119 bytes
12namespace:  20 bytes
13token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJkZWZhdWx0LXRva2VuLXN2NnBxIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImRlZmF1bHQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJkZjE5ZmY4ZC1iNjRhLTExZWEtYTZlNi00MjAxMGE4MDAyMWQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6ZGVmYXVsdCJ9.A2-J2esIQ4f_lyIdSu7R9r2MAMR2DKMoWQw9qg-TJ3Qx3DyQwYdeTi-bPZgV8LDwoT-jM9mkHTkoh2FKM-FFMysY-HYQCz13DoGGOxUSPwNUpc5bNKP0o1dr14QqwV2ePI6ZWZEP6Tl8M_oYScKxara4md2m7CIy40xUwheVxI-rs8f98GGhCwU4m_sD-CJVP3ViGPpD799Qfi2nrY0rpmwJrs1N1Q6Qs8zVHyK9vRfzi1uNU0Y3j3gUgBvdE0xAkj-WGw4pk7elCn-zaI30bRdb55XKfuW8sCPVfN-snKL7LQr-wBILPIs5IK3vRs3aeDnxB22yZYAhrsXRc-iVIw

Step 7 - Access the dashboard

Since you are working on Google Cloud url will be little different for you.

To get the URL first you need to click on the Web Preview option inside the Google Cloud console.

It will open a new tab in the browser with URL which is similar to https://8080-dot-12576724-dot-devshell.appspot.com/?authuser=0

You need to change few thing in the url for accessing the kubernetes dashboard

Change the port from 8080 to 8001 and replace the end url from /?authuser=0 to /api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login

So the final URL should look like this

https://8001-dot-12576724-dot-devshell.appspot.com/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login

Step 8 - Use the token from Step 6

Select the option Token and paste the secret token generated in the Step 6 and then click on sign in.

And you should be able to access the dashboard on Google Kubernetes Engine

Great now you have successfully setup the kubernetes dashboard on Google kubernetes Engine.

Summary

If you are reading this summary it means that you have completed the following tasks -

  1. kubectl installation, minikube installation and dashbaord setup
  2. kubernetes dashboard setup on local kubernetes cluster using Vagrant’s virtual machine on Ubuntu
  3. And finally we tried Setting Up kubernetes Dashboard on GKE(Google Kubernetes Engine) on GCP(Google Cloud Platform)

You can learn more about kubernetes - Getting started with Kubernets and minikube