5 Accessing the Kubernetes Dashboard
Important:
The software described in this documentation is either in Extended Support or Sustaining Support. See Oracle Open Source Support Policies for more information.
We recommend that you upgrade the software described by this documentation as soon as possible.
The Kubernetes Dashboard container is created as part of the
kubernetes-dashboard
namespace. You can also start the Dashboard using the
kubectl-proxy
service. The Dashboard provides an intuitive graphical user
interface to a Kubernetes cluster that can be accessed using a standard web browser.
The Kubernetes Dashboard is described in the upstream Kubernetes documentation at:
https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
This chapter shows you how to start and connect to the Kubernetes Dashboard.
Starting the Dashboard
To start the Dashboard, you can run a proxy service that allows
traffic on the node where it is running to reach the internal pod
where the Dashboard application is running. This is achieved by
running the kubectl proxy
service:
kubectl proxy Starting to serve on 127.0.0.1:8001
The Dashboard is available on the node where the proxy is running for as long as the proxy runs. To exit the proxy, use Ctrl+C.
You can run this as a systemd
service and
enable it so that it is always available after subsequent reboots:
sudo systemctl enable --now kubectl-proxy.service
This systemd
service requires that the
/etc/kubernetes/admin.conf
is present to run.
If you want to change the port that is used for the proxy service,
or you want to add other proxy configuration parameters, you can
configure this by editing the systemd
drop-in
file at
/etc/systemd/system/kubectl-proxy.service.d/10-kubectl-proxy.conf
.
You can get more information about the configuration options
available for the kubectl proxy
service by
running:
kubectl proxy --help
Connecting to the Dashboard
To access the Dashboard, open a web browser on the node where the kubectl
proxy
service is running and navigate to:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
To log in, you must authenticate using a token. For more information on authentication tokens, see the upstream documentation at:
https://github.com/kubernetes/dashboard/blob/master/docs/user/access-control/README.md
If you are running Kubernetes 1.24.x or later, you can set up a token for the
admin-user
using:
kubectl -n kubernetes-dashboard create token admin-user
If you are running Kubernetes 1.23.x, and have not set up specific tokens for this
purpose, you can use a token allocated to a service account, such as the
namespace-controller
. Run the following command to obtain the token value
for the namespace-controller
:
kubectl -n kube-system describe $(kubectl -n kube-system \
get secret -n kube-system -o name | grep namespace) | grep token:
Copy and paste the entire value of the token output by either of these commands into the token field on the log in page to authenticate.
Connecting to the Dashboard Remotely
If you need to access the Dashboard remotely, you can use SSH tunneling to do port
forwarding from your localhost to the node running the kubectl proxy
service. The easiest option is to use SSH tunneling to forward a port on your local system to
the port configured for the kubectl proxy
service on the node that you want
to access. This method retains some security as the HTTP connection is encrypted by virtue of
the SSH tunnel and authentication is handled by your SSH configuration. For example, on your
local system run:
ssh -L 8001:127.0.0.1:8001 192.0.2.10
Substitute 192.0.2.10
with the IP address of the host where the
kubectl proxy
service is running. When the SSH connection is established,
you can open a browser on your localhost and navigate to:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
You should see the Dashboard log in screen for the remote Kubernetes cluster. Use the same token information to authenticate as if you were connecting to the Dashboard locally.
Connecting to the Dashboard Container
You do not need to start the Dashboard using the kubectl-proxy
service as it
is already running as a container when you install the Kubernetes module. This is another
method to access the Dashboard. To verify the container is running, enter:
kubectl get pods --namespace kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-785945dc77-c8l72 1/1 Running 0 19m
There is also a Kubernetes Dashboard service. You can show that service using:
kubectl get svc --namespace kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard ClusterIP 10.100.29.246 <none> 443/TCP 20m
To access this service, you should assign an external IP address to the ClusterIP, or patch the service to assign an IP address using a NodePort. When you have assigned an external IP address, you can connect to the service using a web browser that has access to that network.