Enable Access to Kubernetes Dashboard Without Kubectl Proxy
Enable Access to Kubernetes Dashboard Without Kubectl Proxy
Kubernetes, an open-source platform designed to automate deploying, scaling, and operating application containers, has become a go-to solution for managing containerized applications. One of its most useful features is the Kubernetes Dashboard, a web-based user interface that provides information about the state of the Kubernetes cluster. However, accessing this dashboard often requires the use of kubectl proxy, which can be inconvenient for some users. In this blog post, we’ll explore how to enable access to the Kubernetes Dashboard without using kubectl proxy.
Prerequisites
Before we start, ensure you have the following:
- A Kubernetes cluster up and running.
kubectlinstalled and configured to interact with your cluster.- Kubernetes Dashboard installed on your cluster.
Step 1: Create a Service Account
First, we need to create a service account that will be used to access the dashboard. Save the following YAML to a file named dashboard-adminuser.yaml:
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
Apply the service account to your cluster:
kubectl apply -f dashboard-adminuser.yaml
Step 2: Bind the Service Account to Cluster Role
Next, we need to bind the service account to the cluster role. This will grant the necessary permissions to access the dashboard. Save the following YAML to a file named dashboard-adminuser-role.yaml:
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard
Apply the role binding to your cluster:
kubectl apply -f dashboard-adminuser-role.yaml
Step 3: Retrieve the Bearer Token
To authenticate with the dashboard, we need to retrieve the bearer token for the service account. Run the following command:
kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')
This will output a token. Copy this token as we will use it to log in to the dashboard.
Step 4: Expose the Dashboard Service
Now, we need to expose the dashboard service to the outside world. There are several ways to do this, but one of the simplest is to change the service type to NodePort or LoadBalancer.
For example, to change the service type to NodePort, run the following command:
kubectl -n kubernetes-dashboard edit service kubernetes-dashboard
This will open the service configuration in your default text editor. Change type: ClusterIP to type: NodePort and save the file. This will expose the service on a port on each of your nodes.
Step 5: Access the Dashboard
Finally, you can now access the Kubernetes Dashboard. Open a web browser and navigate to https://<node-ip>:<node-port>/. You will be prompted to enter a token. Paste the token you copied earlier and click “SIGN IN”.
Conclusion
In this blog post, we’ve explored how to enable access to the Kubernetes Dashboard without using kubectl proxy. This can be useful in situations where you want to provide access to the dashboard without giving users access to kubectl. However, remember that exposing the dashboard to the internet can be a security risk, so always ensure you have proper authentication and authorization mechanisms in place.
Remember, Kubernetes is a powerful tool, but with great power comes great responsibility. Always ensure you’re following best practices when it comes to security and access control. Happy Kube-ing!
Tags
Kubernetes, Kubernetes Dashboard, kubectl, Service Account, Cluster Role Binding, Bearer Token, NodePort, LoadBalancer, Security, Access Control
About Saturn Cloud
Saturn Cloud is your all-in-one solution for data science & ML development, deployment, and data pipelines in the cloud. Spin up a notebook with 4TB of RAM, add a GPU, connect to a distributed cluster of workers, and more. Join today and get 150 hours of free compute per month.
