Kubernetes – Dashboard Setup

Kubernetes – Dashboard Setup is a web-based user interface that offers a summary of your Kubernetes cluster. You may manage your resources using a graphical interface and view information about your pods, deployments, services, and more with the dashboard. How do you maintain track of all the containers you deploy using Kubernetes when there are hundreds of them? That won’t work with a command-line interface. Everything must be represented visually. Welcome to the Kubernetes dashboard. The official web-based UI for Kubernetes, known as Kubernetes Dashboard, consists of a collection of services that make cluster management easier. You will discover how to set up the Kubernetes Dashboard on an Ubuntu computer step-by-step in this guide.

Kubernetes Dashboard is used to represent all the cluster components and resources in the form of a user interface (UI). Instead of using kubectl (Command line interface) to list the cluster resources, you can use the Kubernetes dashboard and watch in the form of UI. You can view the resources in the cluster and the Kubernetes dashboard will allow you to interact with the resources like pods, services, deployments, and some other resources.

It is not an replacement of kubectl.

The Kubernetes Dashboard is a web-based user interface that allows you to manage and monitor your Kubernetes clusters. It provides an easy-to-use graphical interface where you can view and manage the status of your applications, deploy containerized applications, troubleshoot issues, and manage cluster resources. With the dashboard, you can get insights into your cluster’s overall health, view detailed information about your workloads, and access logs to debug and resolve issues. It is a helpful tool for both developers and system administrators to interact with their Kubernetes environment without needing to use the command line.

1. Manage Pods: You can view the pods and manage the Kubernetes pods. Without the need for Kubectl, you can view the pods manage the ods, and edit the pod’s configuration according to your requirement. You can perform most of the operations performed by the Kubernetes kubectl command.
2. Manage Services: Service is the resource used in Kubernetes to expose the pod to the internet from where the end users can access the application. It can be managed with the help of the Kubernetes dashboard. You can create new services, edit the existing services, and changes the configurations.
3. Manage Deployments: You can view the number of deployments that you have deployed so far and also see the current working status of the Kubernetes deployments you have deployed till now. You can also edit the configuration of deployment yaml files, like changing the number of replicas required and so on.
4. Manage Resources: You can manage some other resources which are present in the Kubernetes cluster like
   1. ConfigMaps.
   2. Secrets.
   3. Namespaces.

Other than the features mentioned above you can also you can check the logs and status of the resources which you are using in the kubernetes cluster.

Follow the steps that mentioned below to access the kuebernetes dashboard by the token.

Step 1: First you need to get the token to access the kubernetes dashboard for that using the following command.

kubectl -n kube-system get secret $(kubectl -n kube-system get serviceaccount dashboard -o jsonpath='{.secrets[0].name}') 
-o go template='{{.data.token}}'

Step 2: After getting the access token know copy and paste the token in the kubernetes dashboard Dialuge box from where you can access the kubernetes dashboard.

If you want to set up a Kubernetes dashboard for your application then you need to create the following.

1. Deployment.
2. Service.

In this, the deployment is going to take care of the pod and the service is going to take care to expose the pod to the internet. After deploying the Kubernetes dashboard you can access it from the internet by using localhost (http://localhost:8080.)

• First, open your SSH client and connect to your Kubernetes master node.
• To install the Kubernetes dashboard, you can use Kubectl to apply the recommended deployment manifest. kubectl command-line interface tool that manages a Kubernetes Dashboard installation and many other Kubernetes tasks.

Kubernetes Dashboard UI(User Interface) Setup

Save the below code in any file and execute it 

kubectl apply -f (mention file name) 

apiVersion: v1
kind: Namespace
metadata:
  name: kubernetes-dashboard

---

apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-certs
  namespace: kubernetes-dashboard
type: Opaque

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-csrf
  namespace: kubernetes-dashboard
type: Opaque
data:
  csrf: ""

---

apiVersion: v1
kind: Secret
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-key-holder
  namespace: kubernetes-dashboard
type: Opaque

---

kind: ConfigMap
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard-settings
  namespace: kubernetes-dashboard

---

kind: Role
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
rules:
  # Allow Dashboard to get, update and delete Dashboard exclusive secrets.
  - apiGroups: [""]
    resources: ["secrets"]
    resourceNames: ["kubernetes-dashboard-key-holder",
     "kubernetes-dashboard-certs", "kubernetes-dashboard-csrf"]
    verbs: ["get", "update", "delete"]
    # Allow Dashboard to get and update 
    'kubernetes-dashboard-settings' config map.
  - apiGroups: [""]
    resources: ["configmaps"]
    resourceNames: ["kubernetes-dashboard-settings"]
    verbs: ["get", "update"]
    # Allow Dashboard to get metrics.
  - apiGroups: [""]
    resources: ["services"]
    resourceNames: ["heapster", "dashboard-metrics-scraper"]
    verbs: ["proxy"]
  - apiGroups: [""]
    resources: ["services/proxy"]
    resourceNames: ["heapster", "http:heapster:", 
    "https:heapster:", "dashboard-metrics-scraper",
     "http:dashboard-metrics-scraper"]
    verbs: ["get"]

---

kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
rules:
  # Allow Metrics Scraper to get metrics from the Metrics server
  - apiGroups: ["metrics.k8s.io"]
    resources: ["pods", "nodes"]
    verbs: ["get", "list", "watch"]

---

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: Role
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: kubernetes-dashboard
subjects:
  - kind: ServiceAccount
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: kubernetes-dashboard
  template:
    metadata:
      labels:
        k8s-app: kubernetes-dashboard
    spec:
      containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.4.0
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            - --auto-generate-certificates
            - --namespace=kubernetes-dashboard
            # Uncomment the following line to manually
             specify Kubernetes API server Host
            # If not specified, Dashboard will attempt 
            to auto discover the API server and connect
            # to it. Uncomment only if the default does not work.
            # - --apiserver-host=http://my-address:port
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
              # Create on-disk volume to store exec logs
            - mountPath: /tmp
              name: tmp-volume
          livenessProbe:
            httpGet:
              scheme: HTTPS
              path: /
              port: 8443
            initialDelaySeconds: 30
            timeoutSeconds: 30
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule

---

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  ports:
    - port: 8000
      targetPort: 8000
  selector:
    k8s-app: dashboard-metrics-scraper

---

kind: Deployment
apiVersion: apps/v1
metadata:
  labels:
    k8s-app: dashboard-metrics-scraper
  name: dashboard-metrics-scraper
  namespace: kubernetes-dashboard
spec:
  replicas: 1
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      k8s-app: dashboard-metrics-scraper
  template:
    metadata:
      labels:
        k8s-app: dashboard-metrics-scraper
    spec:
      securityContext:
        seccompProfile:
          type: RuntimeDefault
      containers:
        - name: dashboard-metrics-scraper
          image: kubernetesui/metrics-scraper:v1.0.7
          ports:
            - containerPort: 8000
              protocol: TCP
          livenessProbe:
            httpGet:
              scheme: HTTP
              path: /
              port: 8000
            initialDelaySeconds: 30
            timeoutSeconds: 30
          volumeMounts:
          - mountPath: /tmp
            name: tmp-volume
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
            runAsUser: 1001
            runAsGroup: 2001
      serviceAccountName: kubernetes-dashboard
      nodeSelector:
        "kubernetes.io/os": linux
      # Comment the following tolerations if Dashboard must not be deployed on master
      tolerations:
        - key: node-role.kubernetes.io/master
          effect: NoSchedule
      volumes:
        - name: tmp-volume
          emptyDir: {}

This will generate the deployment, service, and secret that are required by Kubernetes for the dashboard to function. After executing the command, kubectl creates a namespace, service account, Kubernetes configMap, pods, cluster role, service, RBAC, and deployments resources representing the Kubernetes dashboard. 

After executing the command, kubectl creates a namespace, service account, config map, pods, cluster role, service, RBAC, and deployments resources representing the Kubernetes dashboard.

• Namespace: Within a Kubernetes cluster, a namespace enables resource organization and isolation. The “Kubernetes-dashboard” namespace is established in this instance to house all resources related to the dashboard.
• Service Account: A service account gives a pod or group of pods an identity to communicate with the Kubernetes API server. In this instance, the dashboard pod will utilize the “Kubernetes-dashboard” service account to access the Kubernetes API.
• Secret: In a Kubernetes cluster, private information like TLS keys and certificates is kept in a secret. The TLS certificate and key used by the dashboard pod to secure its web traffic are created in this instance and stored in the “Kubernetes-dashboard-certs” secret
• ConfigMap: A config map is used to store configuration data that can be accessed by a pod or group of pods running in a Kubernetes cluster. In this case, the “Kubernetes-dashboard-settings” config map is created to store the configuration settings for the Kubernetes dashboard.
• Pods: The smallest deployable unit in Kubernetes, or pod, stands for a single instance of a process that is currently operating in a cluster. The Kubernetes dashboard is configured as a pod in this example, running in the “Kubernetes-dashboard” namespace, connecting to the Kubernetes API server using the “Kubernetes-dashboard-certs” secret and the “Kubernetes-dashboard-settings” config map, and being deployed as a pod.
• Cluster Role: A cluster role is used to specify a set of permissions that can be given to a user or group of users throughout the whole Kubernetes cluster. To specify the rights needed by the dashboard to access and manage Kubernetes resources, the “Kubernetes-dashboard” cluster role is created in this instance.
• Services: A group of pods running in a Kubernetes cluster are exposed as a network service using a service. In this instance, the dashboard pod executing in the “Kubernetes-dashboard” namespace is given network access by the “Kubernetes-dashboard” service.
• RBAC: Role-based access control (RBAC) is a method for restricting access to Kubernetes resources based on user roles and permissions. In this instance, the “Kubernetes-dashboard” service account is configured with RBAC rules that allow access to and management of the Kubernetes resources needed by the dashboard.
• Deployments: In a Kubernetes cluster, a deployment is used for handling the scaling, rolling updates, and rollbacks of an assortment of pods. In the present instance, the “Kubernetes-dashboard” deployment is employed to manage the dashboard pod that is operating in the “Kubernetes-dashboard” namespace.

Run the kubectl get command to see if all the resources were successfully installed.

kubectl get all -n Kubernetes-dashboard

By default, the dashboard has restricted access; you’ll have to create a service account and connect a cluster role to give it the necessary features.

 kubectl create serviceaccount dashboard-admin-sa

Next, create a cluster role binding that grants the service account the cluster-admin role:

 kubectl create cluster role binding dashboard-admin-sa \
 --clusterrole=cluster-admin \
 --serviceaccount=default:dashboard-admin-sa

Keeping the token used for dashboard authentication secure will prevent the dashboard from doing any action on your cluster.

Execute the file on the master node using the below command:

 kubectl apply -f sa-dashboard.yaml

Get the Token for the Service Account

To log in to the dashboard, you will need the token for the service account you created in Step 2. You can retrieve the token using the following command:

• Use the below command to obtain the service account; for reference, check the image below.

kubectl get sa -n kube-system 

• Use the below command to obtain the secret; for reference, check the image below.

kubectl describe sa dashboard-admin -n kube-system

• Get the token by using the below command for reference, check the image below.

kubectl describe secret dashboard-admin-token-v5g7h -n kube-system 

• Start Kubernetes proxy in order to access the Kubernetes dashboard from your local machine.

kubectl proxy

This command will create the proxy servers and you can access the dashboard.

Now that the proxy has been started, you can use your web browser to access the Kubernetes dashboard URL:

http://localhost:8001/api/v1/namespaces/
kubernetes-dashboard/services
/https:kubernetes-dashboard:/proxy/

This URL is for the Kubernetes dashboard login. Enter the token that you receive while login into the dashboard (step 3). Now, the Kubernetes dashboard setup is complete, you can now use it to manage your Kubernetes cluster from GUI.

For security reasons, it is recommended that you access the Kubernetes dashboard over a secure connection (HTTPS) rather than HTTP. To set up HTTPS, you will need to create a TLS certificate and configure your Kubernetes API server to use the certificate. You can find more information on how to set up HTTPS for the Kubernetes dashboard in the official Kubernetes.

1. kubectl Proxy: To view the dashboard from your personal machine, start a proxy server. To get to http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/, execute the kubectl proxy instruction to launch your browser.
2. Port Forwarding: To forward a port form your personal machine to a port on the Kubernetes Dashboard service, use kubectl port-forward. For example, execute this command to view it: https://localhost:10443 kubectl port-forward -n kube-system service/kubernetes-dashboard 10443:443.
3. NodePort Service: Employ a NodePort for displaying the dashboard service. Modify the dashboard service YAML file’s service type to NodePort, then access it with the node’s IP address and its designated NodePort.
4. Ingress: Configure an Ingress resource to ensure you can use a custom domain to access the dashboard. Create an Ingress resource pointing to the dashboard service and configure an Ingress controller.
5. Cloud Provider Specific Methods: Integrated dashboard access is available by several managed Kubernetes services, notably Amazon EKS, Azure AKS, and Google Kubernetes Engine (GKE). Examine the specific documentation supplied by your cloud provider.

Deploying the Dashboard in the form of containerized application on kubernetes will give you the flexibility to scale the application with easier way and the availability of the application is also going to increase.

Specifying Application Details  For Kubernetes Dashboard

1. Name: The name of your application.
2. Image: The image that your application is running. (Docker Image).
3. Port: The port that your application is listening on.
4. Replicas: The number of Pods that you want to create for your application.
5. Selector: A label selector that is used to match Pods to your application.
6. Template: The template that is used to create Pods for your application.

It can be frustrating when you get a “403 Forbidden” error when trying to access the Kubernetes Dashboard. This issue usually indicates you do not have the right sort of liberties to access the dashboard using your user account. Here’s an easy instructions for fixing the issue at hand:

• Check User Permissions: Check that you have sufficient rights to access the dashboard using the user or service account you are using. By going at the associated duties and role bindings, you may verify this.
• Create a Service Account: Create a dedicated service account and give the necessary permissions.

kubectl create serviceaccount dashboard-admin -n kube-system

• Bind the Service Account to a ClusterRole: The administrator of the newly developed service account full privileges, bind it to the cluster-admin ClusterRole.

kubectl create clusterrolebinding dashboard-admin-binding \
  --clusterrole=cluster-admin \
  --serviceaccount=kube-system:dashboard-admin

• Retrieve the Bearer Token: Obtain the token to the newly established service account. By the assistance of this token, your access to the dashboard has been verified.
  • Obtain a copy of the output’s token.

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep dashboard-admin | awk '{print $1}')

• Access the Dashboard: The Kubernetes Dashboard URL typically looks like https://<master-ip>:<port>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/. Open your web browser and visit here.
  • Select the token option and paste the copied token when asked for for authentication.
• Secure Your Setup: While finish permissions have been provided by the cluster-admin role, this configuration might not be the most secure option for production environments. Think considering attaching a custom role to the service account with only the privileges required for your use case.

• Lens: A sophisticated open-source Kubernetes IDE that makes cluster management easier is called Lens. It offers an in-depth examination on the resources in your cluster and enables tasks like built-in terminal, real-time monitoring, and simple context switching between various clusters.
• K9s: For interacting with your Kubernetes clusters, utilize K9s, a terminal-based graphical user interface. It is quick, light, and filled with abilities that let you oversee, access, and troubleshoot your clusters using the command line.
• Octant: An open-source Kubernetes dashboard named Octant provides comprehensive cluster perceives along with real-time updates. It facilitates the comprehension of complex configurations by offering insights into resource connections along with customization plugins.
• Rancher: Rancher is a packed with features Kubernetes management tool which renders cluster deployment, scaling, and monitoring easier. It provides abilities such as application catalog, access control, and multi-cluster management as well as to a sophisticated web-based dashboard.

Kubernetes Dashboard for Helm

A general-purpose web-based UI for managing Kubernetes clusters is called Kubernetes Dashboard. Helm chart management is one of its possible uses, however this is not its intended usage.

The community-maintained Helm Dashboard project offers a user-friendly interface for controlling Helm charts. Users may examine chart information, search charts, manage chart dependencies, and install, uninstall, update, and rollback charts.

Kubernetes Dashboard UI(User Interface) for Grafana

Together, Kubernetes Dashboard and Grafana can offer Kubernetes clusters a complete monitoring solution. Grafana may be used to visualise cluster metrics and other data, while Kubernetes Dashboard can be used to see and manage clusters and resources.

How do I monitor Kubernetes pods with Grafana?

To monitor Kubernetes pods with Grafana, deploy the Prometheus Operator to collect metrics, then configure Grafana to visualize these metrics by adding Prometheus as a data source and importing Kubernetes-specific dashboards.

How to access Kubernetes dashboard using ingress?

To access the Kubernetes Dashboard using Ingress, create an Ingress resource that routes traffic to the Dashboard service, ensuring you have an Ingress controller like NGINX installed. Configure the Ingress with proper rules and TLS settings to securely expose the Dashboard.

How to setup Kubernetes dashboard for eks cluster?

To set up the Kubernetes Dashboard for an EKS cluster, deploy the recommended Kubernetes Dashboard manifest and create a service account with the appropriate permissions. Then, access the dashboard through the kubectl proxy command and log in using a token from the created service account.

How to view Kubernetes dashboard on Docker desktop?

To view the Kubernetes dashboard on Docker Desktop, enable Kubernetes in Docker Desktop settings, then run kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.3.1/aio/deploy/recommended.yaml to deploy the dashboard. Access it using kubectl proxy and navigating to http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/.