Kubernetes - Dashboard Setup

Kubernetes - Dashboard Setup is a web-based user interface that offers a summary of your Kubernetes cluster. You may manage your resources using a graphical interface and view information about your pods, deployments, services, and more with the dashboard. How do you maintain track of all the containers you deploy using Kubernetes when there are hundreds of them? That won't work with a command-line interface. Everything must be represented visually. Welcome to the Kubernetes dashboard. The official web-based UI for Kubernetes, known as Kubernetes Dashboard, consists of a collection of services that make cluster management easier. You will discover how to set up the Kubernetes Dashboard on an Ubuntu computer step-by-step in this guide.

What is the Kubernetes Dashboard UI (User Interface)?

Kubernetes Dashboard is used to represent all the cluster components and resources in the form of a user interface (UI). Instead of using kubectl (Command line interface) to list the cluster resources, you can use the Kubernetes dashboard and watch in the form of UI. You can view the resources in the cluster and the Kubernetes dashboard will allow you to interact with the resources like pods, services, deployments, and some other resources.

It is not an replacement of kubectl.

Kubernetes Dashboard Basics

The Kubernetes Dashboard is a web-based user interface that allows you to manage and monitor your Kubernetes clusters. It provides an easy-to-use graphical interface where you can view and manage the status of your applications, deploy containerized applications, troubleshoot issues, and manage cluster resources. With the dashboard, you can get insights into your cluster's overall health, view detailed information about your workloads, and access logs to debug and resolve issues. It is a helpful tool for both developers and system administrators to interact with their Kubernetes environment without needing to use the command line.

Kubernetes Dashboard UI Features

1. Manage Pods: You can view the pods and manage the Kubernetes pods. Without the need for Kubectl, you can view the pods manage the ods, and edit the pod's configuration according to your requirement. You can perform most of the operations performed by the Kubernetes kubectl command.
2. Manage Services: Service is the resource used in Kubernetes to expose the pod to the internet from where the end users can access the application. It can be managed with the help of the Kubernetes dashboard. You can create new services, edit the existing services, and changes the configurations.
3. Manage Deployments: You can view the number of deployments that you have deployed so far and also see the current working status of the Kubernetes deployments you have deployed till now. You can also edit the configuration of deployment yaml files, like changing the number of replicas required and so on.
4. Manage Resources: You can manage some other resources which are present in the Kubernetes cluster like
   1. ConfigMaps.
   2. Secrets.
   3. Namespaces.

Other than the features mentioned above you can also you can check the logs and status of the resources which you are using in the kubernetes cluster.

Access the Kubernetes Dashboard UI Using Token

Follow the steps that mentioned below to access the kuebernetes dashboard by the token.

Step 1: First you need to get the token to access the kubernetes dashboard for that using the following command.

kubectl -n kube-system get secret $(kubectl -n kube-system get serviceaccount dashboard -o jsonpath='{.secrets[0].name}') 
-o go template='{{.data.token}}'

Step 2: After getting the access token know copy and paste the token in the kubernetes dashboard Dialuge box from where you can access the kubernetes dashboard.

Deploy and Access the Kubernetes Dashboard

If you want to set up a Kubernetes dashboard for your application then you need to create the following.

1. Deployment.
2. Service.

In this, the deployment is going to take care of the pod and the service is going to take care to expose the pod to the internet. After deploying the Kubernetes dashboard you can access it from the internet by using localhost (http://localhost:8080.)

Deploying Kubernetes Dashboard UI

• First, open your SSH client and connect to your Kubernetes master node.
• To install the Kubernetes dashboard, you can use Kubectl to apply the recommended deployment manifest. kubectl command-line interface tool that manages a Kubernetes Dashboard installation and many other Kubernetes tasks.

Kubernetes Dashboard Authentication and Tokens

Kubernetes Dashboard UI(User Interface) Setup

Save the below code in any file and execute it 

kubectl apply -f (mention file name) 

apiVersion: v1
kind: Namespace
metadata:
 name: kubernetes-dashboard

---

apiVersion: v1
kind: ServiceAccount
metadata:
 labels:
 k8s-app: kubernetes-dashboard
 name: kubernetes-dashboard
 namespace: kubernetes-dashboard

---

kind: Service
apiVersion: v1
metadata:
 labels:
 k8s-app: kubernetes-dashboard
 name: kubernetes-dashboard
 namespace: kubernetes-dashboard
spec:
 ports:
 - port: 443
 targetPort: 8443
 selector:
 k8s-app: kubernetes-dashboard

---

apiVersion: v1
kind: Secret
metadata:
 labels:
 k8s-app: kubernetes-dashboard
 name: kubernetes-dashboard-certs
 namespace: kubernetes-dashboard
type: Opaque

---

apiVersion: v1
kind: Secret
metadata:
 labels:
 k8s-app: kubernetes-dashboard
 name: kubernetes-dashboard-csrf
 namespace: kubernetes-dashboard
type: Opaque
data:
 csrf: ""

---

apiVersion: v1
kind: Secret
metadata:
 labels:
 k8s-app: kubernetes-dashboard
 name: kubernetes-dashboard-key-holder
 namespace: kubernetes-dashboard
type: Opaque

---

kind: ConfigMap
apiVersion: v1
metadata:
 labels:
 k8s-app: kubernetes-dashboard
 name: kubernetes-dashboard-settings
 namespace: kubernetes-dashboard

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
 labels:
 k8s-app: kubernetes-dashboard
 name: kubernetes-dashboard
 namespace: kubernetes-dashboard
rules:
 # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
 - apiGroups: [""]
 resources: ["secrets"]
 resourceNames: ["kubernetes-dashboard-key-holder",
 "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
 verbs: ["get", "update", "delete"]
 # Allow Dashboard to get and update 
 'kubernetes-dashboard-settings' config map.
 - apiGroups: [""]
 resources: ["configmaps"]
 resourceNames: ["kubernetes-dashboard-settings"]
 verbs: ["get", "update"]
 # Allow Dashboard to get metrics.
 - apiGroups: [""]
 resources: ["services"]
 resourceNames: ["heapster", "dashboard-metrics-scraper"]
 verbs: ["proxy"]
 - apiGroups: [""]
 resources: ["services/proxy"]
 resourceNames: ["heapster", "http:heapster:", 
 "https:heapster:", "dashboard-metrics-scraper",
 "http:dashboard-metrics-scraper"]
 verbs: ["get"]

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
 labels:
 k8s-app: kubernetes-dashboard
 name: kubernetes-dashboard
rules:
 # Allow Metrics Scraper to get metrics from the Metrics server
 - apiGroups: ["metrics.k8s.io"]
 resources: ["pods", "nodes"]
 verbs: ["get", "list", "watch"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
 labels:
 k8s-app: kubernetes-dashboard
 name: kubernetes-dashboard
 namespace: kubernetes-dashboard
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: Role
 name: kubernetes-dashboard
subjects:
 - kind: ServiceAccount
 name: kubernetes-dashboard
 namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
 name: kubernetes-dashboard
roleRef:
 apiGroup: rbac.authorization.k8s.io
 kind: ClusterRole
 name: kubernetes-dashboard
subjects:
 - kind: ServiceAccount
 name: kubernetes-dashboard
 namespace: kubernetes-dashboard

---

kind: Deployment
apiVersion: apps/v1
metadata:
 labels:
 k8s-app: kubernetes-dashboard
 name: kubernetes-dashboard
 namespace: kubernetes-dashboard
spec:
 replicas: 1
 revisionHistoryLimit: 10
 selector:
 matchLabels:
 k8s-app: kubernetes-dashboard
 template:
 metadata:
 labels:
 k8s-app: kubernetes-dashboard
 spec:
 containers:
 - name: kubernetes-dashboard
 image: kubernetesui/dashboard:v2.4.0
 imagePullPolicy: Always
 ports:
 - containerPort: 8443
 protocol: TCP
 args:
 - --auto-generate-certificates
 - --namespace=kubernetes-dashboard
 # Uncomment the following line to manually
 specify Kubernetes API server Host
 # If not specified, Dashboard will attempt 
 to auto discover the API server and connect
 # to it. Uncomment only if the default does not work.
 # - --apiserver-host=http://my-address:port
 volumeMounts:
 - name: kubernetes-dashboard-certs
 mountPath: /certs
 # Create on-disk volume to store exec logs
 - mountPath: /tmp
 name: tmp-volume
 livenessProbe:
 httpGet:
 scheme: HTTPS
 path: /
 port: 8443
 initialDelaySeconds: 30
 timeoutSeconds: 30
 securityContext:
 allowPrivilegeEscalation: false
 readOnlyRootFilesystem: true
 runAsUser: 1001
 runAsGroup: 2001
 volumes:
 - name: kubernetes-dashboard-certs
 secret:
 secretName: kubernetes-dashboard-certs
 - name: tmp-volume
 emptyDir: {}
 serviceAccountName: kubernetes-dashboard
 nodeSelector:
 "kubernetes.io/os": linux
 # Comment the following tolerations if Dashboard must not be deployed on master
 tolerations:
 - key: node-role.kubernetes.io/master
 effect: NoSchedule

---

kind: Service
apiVersion: v1
metadata:
 labels:
 k8s-app: dashboard-metrics-scraper
 name: dashboard-metrics-scraper
 namespace: kubernetes-dashboard
spec:
 ports:
 - port: 8000
 targetPort: 8000
 selector:
 k8s-app: dashboard-metrics-scraper

---

kind: Deployment
apiVersion: apps/v1
metadata:
 labels:
 k8s-app: dashboard-metrics-scraper
 name: dashboard-metrics-scraper
 namespace: kubernetes-dashboard
spec:
 replicas: 1
 revisionHistoryLimit: 10
 selector:
 matchLabels:
 k8s-app: dashboard-metrics-scraper
 template:
 metadata:
 labels:
 k8s-app: dashboard-metrics-scraper
 spec:
 securityContext:
 seccompProfile:
 type: RuntimeDefault
 containers:
 - name: dashboard-metrics-scraper
 image: kubernetesui/metrics-scraper:v1.0.7
 ports:
 - containerPort: 8000
 protocol: TCP
 livenessProbe:
 httpGet:
 scheme: HTTP
 path: /
 port: 8000
 initialDelaySeconds: 30
 timeoutSeconds: 30
 volumeMounts:
 - mountPath: /tmp
 name: tmp-volume
 securityContext:
 allowPrivilegeEscalation: false
 readOnlyRootFilesystem: true
 runAsUser: 1001
 runAsGroup: 2001
 serviceAccountName: kubernetes-dashboard
 nodeSelector:
 "kubernetes.io/os": linux
 # Comment the following tolerations if Dashboard must not be deployed on master
 tolerations:
 - key: node-role.kubernetes.io/master
 effect: NoSchedule
 volumes:
 - name: tmp-volume
 emptyDir: {}

This will generate the deployment, service, and secret that are required by Kubernetes for the dashboard to function. After executing the command, kubectl creates a namespace, service account, Kubernetes configMap, pods, cluster role, service, RBAC, and deployments resources representing the Kubernetes dashboard. 

👁 Installing the Kubernetes dashboard by running the kubectl apply

Kubernetes Dashboard UI (User Interface) Resources

After executing the command, kubectl creates a namespace, service account, config map, pods, cluster role, service, RBAC, and deployments resources representing the Kubernetes dashboard.

• Namespace: Within a Kubernetes cluster, a namespace enables resource organization and isolation. The "Kubernetes-dashboard" namespace is established in this instance to house all resources related to the dashboard.
• Service Account: A service account gives a pod or group of pods an identity to communicate with the Kubernetes API server. In this instance, the dashboard pod will utilize the "Kubernetes-dashboard" service account to access the Kubernetes API.
• Secret: In a Kubernetes cluster, private information like TLS keys and certificates is kept in a secret. The TLS certificate and key used by the dashboard pod to secure its web traffic are created in this instance and stored in the "Kubernetes-dashboard-certs" secret
• ConfigMap: A config map is used to store configuration data that can be accessed by a pod or group of pods running in a Kubernetes cluster. In this case, the "Kubernetes-dashboard-settings" config map is created to store the configuration settings for the Kubernetes dashboard.
• Pods: The smallest deployable unit in Kubernetes, or pod, stands for a single instance of a process that is currently operating in a cluster. The Kubernetes dashboard is configured as a pod in this example, running in the "Kubernetes-dashboard" namespace, connecting to the Kubernetes API server using the "Kubernetes-dashboard-certs" secret and the "Kubernetes-dashboard-settings" config map, and being deployed as a pod.
• Cluster Role: A cluster role is used to specify a set of permissions that can be given to a user or group of users throughout the whole Kubernetes cluster. To specify the rights needed by the dashboard to access and manage Kubernetes resources, the "Kubernetes-dashboard" cluster role is created in this instance.
• Services: A group of pods running in a Kubernetes cluster are exposed as a network service using a service. In this instance, the dashboard pod executing in the "Kubernetes-dashboard" namespace is given network access by the "Kubernetes-dashboard" service.
• RBAC: Role-based access control (RBAC) is a method for restricting access to Kubernetes resources based on user roles and permissions. In this instance, the "Kubernetes-dashboard" service account is configured with RBAC rules that allow access to and management of the Kubernetes resources needed by the dashboard.
• Deployments: In a Kubernetes cluster, a deployment is used for handling the scaling, rolling updates, and rollbacks of an assortment of pods. In the present instance, the "Kubernetes-dashboard" deployment is employed to manage the dashboard pod that is operating in the "Kubernetes-dashboard" namespace.

Run the kubectl get command to see if all the resources were successfully installed.

kubectl get all -n Kubernetes-dashboard

👁 Checking namespace

Kubernetes Cluster Role Binding for Kubernetes Dashboard UI (User Interface)

By default, the dashboard has restricted access; you'll have to create a service account and connect a cluster role to give it the necessary features.

 kubectl create serviceaccount dashboard-admin-sa

Next, create a cluster role binding that grants the service account the cluster-admin role:

 kubectl create cluster role binding dashboard-admin-sa \
 --clusterrole=cluster-admin \
 --serviceaccount=default:dashboard-admin-sa

Keeping the token used for dashboard authentication secure will prevent the dashboard from doing any action on your cluster.

👁 Creating role binding

Execute the file on the master node using the below command:

 kubectl apply -f sa-dashboard.yaml

Get the Token for the Service Account

To log in to the dashboard, you will need the token for the service account you created in Step 2. You can retrieve the token using the following command:

• Use the below command to obtain the service account; for reference, check the image below.

kubectl get sa -n kube-system 

👁 Service account

• Use the below command to obtain the secret; for reference, check the image below.

kubectl describe sa dashboard-admin -n kube-system

👁 Secret

• Get the token by using the below command for reference, check the image below.

kubectl describe secret dashboard-admin-token-v5g7h -n kube-system 

👁 Token

• Start Kubernetes proxy in order to access the Kubernetes dashboard from your local machine.

kubectl proxy

This command will create the proxy servers and you can access the dashboard.

Accessing the Kubernetes localhost Dashboard UI

Now that the proxy has been started, you can use your web browser to access the Kubernetes dashboard URL:

http://localhost:8001/api/v1/namespaces/
kubernetes-dashboard/services
/https:kubernetes-dashboard:/proxy/

This URL is for the Kubernetes dashboard login. Enter the token that you receive while login into the dashboard (step 3). Now, the Kubernetes dashboard setup is complete, you can now use it to manage your Kubernetes cluster from GUI.

👁 Kubernetes Dashboard

For security reasons, it is recommended that you access the Kubernetes dashboard over a secure connection (HTTPS) rather than HTTP. To set up HTTPS, you will need to create a TLS certificate and configure your Kubernetes API server to use the certificate. You can find more information on how to set up HTTPS for the Kubernetes dashboard in the official Kubernetes.

Alternative Access to the Dashboard

1. kubectl Proxy: To view the dashboard from your personal machine, start a proxy server. To get to http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/, execute the kubectl proxy instruction to launch your browser.
2. Port Forwarding: To forward a port form your personal machine to a port on the Kubernetes Dashboard service, use kubectl port-forward. For example, execute this command to view it: https://localhost:10443 kubectl port-forward -n kube-system service/kubernetes-dashboard 10443:443.
3. NodePort Service: Employ a NodePort for displaying the dashboard service. Modify the dashboard service YAML file's service type to NodePort, then access it with the node's IP address and its designated NodePort.
4. Ingress: Configure an Ingress resource to ensure you can use a custom domain to access the dashboard. Create an Ingress resource pointing to the dashboard service and configure an Ingress controller.
5. Cloud Provider Specific Methods: Integrated dashboard access is available by several managed Kubernetes services, notably Amazon EKS, Azure AKS, and Google Kubernetes Engine (GKE). Examine the specific documentation supplied by your cloud provider.

Deploying Containerized Applications

Deploying the Dashboard in the form of containerized application on kubernetes will give you the flexibility to scale the application with easier way and the availability of the application is also going to increase.

Specifying Application Details For Kubernetes Dashboard

1. Name: The name of your application.
2. Image: The image that your application is running. (Docker Image).
3. Port: The port that your application is listening on.
4. Replicas: The number of Pods that you want to create for your application.
5. Selector: A label selector that is used to match Pods to your application.
6. Template: The template that is used to create Pods for your application.

How to fix Kubernetes Dashboard Forbidden 403 error

It can be frustrating when you get a "403 Forbidden" error when trying to access the Kubernetes Dashboard. This issue usually indicates you do not have the right sort of liberties to access the dashboard using your user account. Here's an easy instructions for fixing the issue at hand:

• Check User Permissions: Check that you have sufficient rights to access the dashboard using the user or service account you are using. By going at the associated duties and role bindings, you may verify this.
• Create a Service Account: Create a dedicated service account and give the necessary permissions.

kubectl create serviceaccount dashboard-admin -n kube-system

• Bind the Service Account to a ClusterRole: The administrator of the newly developed service account full privileges, bind it to the cluster-admin ClusterRole.

kubectl create clusterrolebinding dashboard-admin-binding \
 --clusterrole=cluster-admin \
 --serviceaccount=kube-system:dashboard-admin

• Retrieve the Bearer Token: Obtain the token to the newly established service account. By the assistance of this token, your access to the dashboard has been verified.
  • Obtain a copy of the output's token.

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard-admin | awk '{print $1}')

• Access the Dashboard: The Kubernetes Dashboard URL typically looks like https://<master-ip>:<port>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/. Open your web browser and visit here.
  • Select the token option and paste the copied token when asked for for authentication.
• Secure Your Setup: While finish permissions have been provided by the cluster-admin role, this configuration might not be the most secure option for production environments. Think considering attaching a custom role to the service account with only the privileges required for your use case.

Kubernetes Dashboard alternatives

• Lens: A sophisticated open-source Kubernetes IDE that makes cluster management easier is called Lens. It offers an in-depth examination on the resources in your cluster and enables tasks like built-in terminal, real-time monitoring, and simple context switching between various clusters.
• K9s: For interacting with your Kubernetes clusters, utilize K9s, a terminal-based graphical user interface. It is quick, light, and filled with abilities that let you oversee, access, and troubleshoot your clusters using the command line.
• Octant: An open-source Kubernetes dashboard named Octant provides comprehensive cluster perceives along with real-time updates. It facilitates the comprehension of complex configurations by offering insights into resource connections along with customization plugins.
• Rancher: Rancher is a packed with features Kubernetes management tool which renders cluster deployment, scaling, and monitoring easier. It provides abilities such as application catalog, access control, and multi-cluster management as well as to a sophisticated web-based dashboard.