<mohammadrony>

Kubernetes Dashbaord

Installation

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm repo update

helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --namespace kubernetes-dashboard --create-namespace

Dashboard User

TLDR

kubectl -n kubernetes-dashboard create sa admin-user
kubectl create clusterrolebinding admin-user --clusterrole cluster-admin --serviceaccount kubernetes-dashboard:admin-user
kubectl -n kubernetes-dashboard create token admin-user

Create cluster user account

kubectl apply -f cluster-admin-user.yaml
kubectl apply -f cluster-readonly-user.yaml
kubectl apply -f cluster-custom-user.yaml

Create namespace user account

kubectl apply -f ns-admin-user.yaml
kubectl apply -f ns-readonly-user.yaml
kubectl apply -f ns-custom-user.yaml

Update service account secret

kubectl patch serviceaccount cluster-admin-sa -n kubernetes-dashboard -p '{"secrets": [{"name": "cluster-admin-secret"}]}'
kubectl patch serviceaccount cluster-read-only-sa -n kubernetes-dashboard -p '{"secrets": [{"name": "cluster-read-only-secret"}]}'
kubectl patch serviceaccount cluster-custom-sa -n kubernetes-dashboard -p '{"secrets": [{"name": "cluster-custom-secret"}]}'

kubectl patch serviceaccount default-admin-sa -n default -p '{"secrets": [{"name": "default-admin-secret"}]}'
kubectl patch serviceaccount default-read-only-sa -n default -p '{"secrets": [{"name": "default-read-only-secret"}]}'
kubectl patch serviceaccount default-custom-sa -n default -p '{"secrets": [{"name": "default-custom-secret"}]}'

Get service accounts

kubectl get serviceaccounts -n kubernetes-dashboard

kubectl get serviceaccounts

Get service account token from secret

kubectl get secret cluster-admin-secret -n kubernetes-dashboard -o yaml | yq .data.token | base64 -d && echo
kubectl get secret cluster-read-only-secret -n kubernetes-dashboard -o yaml | yq .data.token | base64 -d && echo
kubectl get secret cluster-custom-secret -n kubernetes-dashboard -o yaml | yq .data.token | base64 -d && echo

kubectl get secret default-admin-secret -n default -o yaml | yq .data.token | base64 -d && echo
kubectl get secret default-read-only-secret -n default -o yaml | yq .data.token | base64 -d && echo
kubectl get secret default-custom-secret -n default -o yaml | yq .data.token | base64 -d && echo

Generate new token

kubectl create token cluster-admin-sa -n kubernetes-dashboard
kubectl create token cluster-read-only-sa -n kubernetes-dashboard
kubectl create token cluster-custom-sa -n kubernetes-dashboard

kubectl create token default-admin-sa -n default
kubectl create token default-read-only-sa -n default
kubectl create token default-custom-sa -n default

Expose Service

Proxy service

kubectl proxy --port=8001

Open kubernetes-dashboard link in browser.

Port forwarding

kubectl -n kubernetes-dashboard port-forward service/kubernetes-dashboard-kong-proxy 443:443

Domain setup

  • Save dashboard.conf file in /etc/nginx/sites-available/ and link it to /etc/nginx/sites-enabled/ directory.

  • Create SSL certificate

    sudo certbot --nginx -d dashboard.example.com

  • Expose dashboard ingress

    kubectl apply -f ingress.yaml

  • Open dashboard url dashboard.example.com from browser.