The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.
Chapter 5 Accessing the Kubernetes Dashboard
The Kubernetes Dashboard container is created as part of the
kube-system namespace. This provides an intuitive
graphical user interface to a Kubernetes cluster that can be accessed
using a standard web browser.
The Kubernetes Dashboard is described in the upstream Kubernetes documentation at:
https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
This chapter shows you how to start and connect to the Kubernetes Dashboard.
5.1 Starting the Dashboard
To start the Dashboard, you can run a proxy service that allows
traffic on the node where it is running to reach the internal pod
where the Dashboard application is running. This is achieved by
running the kubectl proxy service:
kubectl proxy
Starting to serve on 127.0.0.1:8001
The Dashboard is available on the node where the proxy is running
for as long as the proxy runs. To exit the proxy, use
Ctrl+C.
You can run this as a systemd service and
enable it so that it is always available after subsequent reboots:
sudo systemctl enable --now kubectl-proxy.service
This systemd service requires that the
/etc/kubernetes/admin.conf is present to run.
If you want to change the port that is used for the proxy service,
or you want to add other proxy configuration parameters, you can
configure this by editing the systemd drop-in
file at
/etc/systemd/system/kubectl-proxy.service.d/10-kubectl-proxy.conf.
You can get more information about the configuration options
available for the kubectl proxy service by
running:
kubectl proxy --help
5.2 Connecting to the Dashboard
To access the Dashboard, open a web browser on the node where the
kubectl proxy service is running and navigate
to:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
To log in, you must authenticate using a token. For more information on authentication tokens, see the upstream documentation at:
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/README.md
If you have not set up specific tokens for this purpose, you can
use a token allocated to a service account, such as the
namespace-controller. Run the following command
to obtain the token value for the
namespace-controller:
kubectl -n kube-system describe $(kubectl -n kube-system \ get secret -n kube-system -o name | grep namespace) | grep token:
token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY ...
Copy and paste the entire value of the token into the token field on the log in page to authenticate.
5.3 Connecting to the Dashboard Remotely
If you need to access the Dashboard remotely, you can use SSH
tunneling to do port forwarding from your localhost to the node
running the kubectl proxy service. The easiest
option is to use SSH tunneling to forward a port on your local
system to the port configured for the kubectl
proxy service on the node that you want to access. This
method retains some security as the HTTP connection is encrypted
by virtue of the SSH tunnel and authentication is handled by your
SSH configuration. For example, on your local system run:
ssh -L 8001:127.0.0.1:8001 192.0.2.10
Substitute 192.0.2.10 with the IP address of
the host where the kubectl proxy service is
running. When the SSH connection is established, you can open a
browser on your localhost and navigate to:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
You should see the Dashboard log in screen for the remote Kubernetes cluster. Use the same token information to authenticate as if you were connecting to the Dashboard locally.