5 Accessing the Kubernetes Dashboard
The Kubernetes Dashboard container is created as part of the
kubernetes-dashboard
namespace. You can also start the Dashboard using the
kubectl-proxy
service. The Dashboard provides an intuitive graphical user
interface to a Kubernetes cluster that can be accessed using a standard web browser.
The Kubernetes Dashboard is described in the upstream Kubernetes documentation.
This chapter shows you how to start and connect to the Kubernetes Dashboard.
Starting the Dashboard
To start the Dashboard, run a proxy service that allows traffic on the node where it's
running to reach the internal pod where the Dashboard application is running. This is achieved
by running the kubectl proxy
service:
kubectl proxy
The output looks similar to:
Starting to serve on 127.0.0.1:8001
The Dashboard is available on the node where the proxy is running. To exit the proxy, use Ctrl+C. When you exit the proxy, it ends the application, and the Dashboard is no longer available.
You can run this as a systemd
service and enable it so that it's always
available after OS reboots:
sudo systemctl enable --now kubectl-proxy.service
This systemd
service requires that the
/etc/kubernetes/admin.conf
is present to run. To change the port that's
used for the proxy service, or you want to add other proxy configuration parameters, you can
configure this by editing the systemd
drop-in file at
/etc/systemd/system/kubectl-proxy.service.d/10-kubectl-proxy.conf
. You can
get more information about the configuration options available for the kubectl
proxy
service by running:
kubectl proxy --help
Connecting to the Dashboard
To access the Dashboard, open a web browser on the node where the kubectl
proxy
service is running and navigate to:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
To log in, you must authenticate using a token. For more information on authentication tokens, see the upstream Kubernetes documentation.
Set up a token for the admin-user
using:
kubectl --namespace kubernetes-dashboard create token admin-user
Copy and paste the entire value of the token output into the token field on the log in page to authenticate.
Connecting to the Dashboard Remotely
If you need to access the Dashboard remotely, you can use SSH tunneling to do port
forwarding from the localhost to the node running the kubectl proxy
service.
The easiest option is to use SSH tunneling to forward a port on the local system to the port
configured for the kubectl proxy
service on the node that you want to access.
This method retains some security as the HTTP connection is encrypted by virtue of the SSH
tunnel and authentication is handled by the SSH configuration. For example, on the local
system run:
ssh -L 8001:127.0.0.1:8001 192.0.2.10
Substitute 192.0.2.10
with the IP address of the host where the
kubectl proxy
service is running. When the SSH connection is established,
you can open a browser on the localhost and navigate to:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
The Dashboard log in screen is displayed for the remote Kubernetes cluster. Use the same token information to authenticate as if you were connecting to the Dashboard locally.
Connecting to the Dashboard Container
You don't need to start the Dashboard using the kubectl-proxy
service as
it's already running as a container when you install the Kubernetes module. This is another
method to access the Dashboard. To verify the container is running, enter:
kubectl get pods --namespace kubernetes-dashboard
The output looks similar to:
NAME READY STATUS RESTARTS AGE
kubernetes-dashboard-785945dc77-c8l72 1/1 Running 0 19m
A Kubernetes Dashboard service is also deployed. You can show that service using:
kubectl get svc --namespace kubernetes-dashboard
The output looks similar to:
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard ClusterIP 10.100.29.246 <none> 443/TCP 20m
To access this service, assign an external IP address to the ClusterIP, or patch the service to assign an IP address using a NodePort. When you have assigned an external IP address, you can connect to the service using a web browser that has access to that network.