The software described in this documentation is either no longer supported or is in extended support.
Oracle recommends that you upgrade to a current supported release.

Chapter 5 Accessing the Kubernetes Dashboard

The Kubernetes Dashboard container is created as part of the kube-system namespace. This provides an intuitive graphical user interface to a Kubernetes cluster that can be accessed using a standard web browser.

The Kubernetes Dashboard is described in the upstream Kubernetes documentation at:

This chapter shows you how to start and connect to the Kubernetes Dashboard.

5.1 Starting the Dashboard

To start the Dashboard, you can run a proxy service that allows traffic on the node where it is running to reach the internal pod where the Dashboard application is running. This is achieved by running the kubectl proxy service:

kubectl proxy
Starting to serve on

The Dashboard is available on the node where the proxy is running for as long as the proxy runs. To exit the proxy, use Ctrl+C.

You can run this as a systemd service and enable it so that it is always available after subsequent reboots:

sudo systemctl enable --now kubectl-proxy.service

This systemd service requires that the /etc/kubernetes/admin.conf is present to run. If you want to change the port that is used for the proxy service, or you want to add other proxy configuration parameters, you can configure this by editing the systemd drop-in file at /etc/systemd/system/kubectl-proxy.service.d/10-kubectl-proxy.conf. You can get more information about the configuration options available for the kubectl proxy service by running:

kubectl proxy --help

5.2 Connecting to the Dashboard

To access the Dashboard, open a web browser on the node where the kubectl proxy service is running and navigate to:


To log in, you must authenticate using a token. For more information on authentication tokens, see the upstream documentation at:

If you have not set up specific tokens for this purpose, you can use a token allocated to a service account, such as the namespace-controller. Run the following command to obtain the token value for the namespace-controller:

kubectl -n kube-system describe $(kubectl -n kube-system \
get secret -n kube-system -o name | grep namespace) | grep token:
token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY ...

Copy and paste the entire value of the token into the token field on the log in page to authenticate.

5.3 Connecting to the Dashboard Remotely

If you need to access the Dashboard remotely, you can use SSH tunneling to do port forwarding from your localhost to the node running the kubectl proxy service. The easiest option is to use SSH tunneling to forward a port on your local system to the port configured for the kubectl proxy service on the node that you want to access. This method retains some security as the HTTP connection is encrypted by virtue of the SSH tunnel and authentication is handled by your SSH configuration. For example, on your local system run:

ssh -L 8001:

Substitute with the IP address of the host where the kubectl proxy service is running. When the SSH connection is established, you can open a browser on your localhost and navigate to:


You should see the Dashboard log in screen for the remote Kubernetes cluster. Use the same token information to authenticate as if you were connecting to the Dashboard locally.