The Kubernetes Dashboard is a general-purpose web UI for Kubernetes clusters. It gives you a visual overview of workloads, services, pods, config maps, and other resources running in your cluster. Starting with Dashboard v3, the project moved to a Helm-based installation model and introduced a redesigned interface. This guide covers deploying Kubernetes Dashboard v3+ on any Kubernetes cluster, setting up authentication, exposing the dashboard securely, and navigating the interface effectively.
Prerequisites
- A working Kubernetes cluster (v1.28 or newer recommended) – any distribution works (kubeadm, K3s, RKE2, EKS, AKS, GKE)
- kubectl configured and able to reach your cluster
- Helm 3.x installed on your workstation
- Cluster admin privileges for creating ServiceAccounts and ClusterRoleBindings
Verify your cluster is reachable before starting:
kubectl cluster-info
kubectl get nodesBoth commands should return successfully. If kubectl cannot connect, fix your kubeconfig before proceeding.
Step 1 – Deploy Kubernetes Dashboard via Helm
Dashboard v3 is distributed as a Helm chart. Add the Kubernetes Dashboard Helm repository:
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm repo updateInstall the dashboard into its own namespace:
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard \
--create-namespace \
--namespace kubernetes-dashboardWait for all pods to come up:
kubectl get pods -n kubernetes-dashboardYou should see several pods running, including the dashboard web server, API server, metrics scraper, and Kong gateway (which Dashboard v3 uses as its API gateway). All pods should be in Running state before you continue.
Step 2 – Create a ServiceAccount and ClusterRoleBinding
The dashboard does not create an admin user by default. You need a ServiceAccount with appropriate permissions to log in. Create one with cluster-admin privileges (suitable for lab environments):
cat <For production environments, create a more restrictive role that only grants read access or access to specific namespaces. Giving cluster-admin to a dashboard account is a security risk in shared environments.
Step 3 - Generate an Authentication Token
Generate a bearer token for the ServiceAccount you just created:
kubectl -n kubernetes-dashboard create token dashboard-adminThis prints a long JWT token to your terminal. Copy it - you will paste it into the dashboard login page.
If you want a long-lived token (not recommended for production but useful in lab setups), create a Secret bound to the ServiceAccount:
cat <Retrieve the token from the Secret:
kubectl -n kubernetes-dashboard get secret dashboard-admin-token -o jsonpath='{.data.token}' | base64 -dStep 4 - Access the Dashboard
There are three common methods to access the dashboard. Choose the one that fits your environment.
Method 1 - kubectl proxy (Simplest)
This is the quickest way to access the dashboard from your local machine. It creates a secure tunnel through the Kubernetes API server:
kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard-kong-proxy 8443:443Open your browser and navigate to:
https://localhost:8443Accept the self-signed certificate warning, then paste the bearer token you generated earlier. This method only works from the machine running the port-forward command.
Method 2 - NodePort Service
To access the dashboard from other machines on your network, expose it via NodePort. Edit the Kong proxy service:
kubectl -n kubernetes-dashboard edit svc kubernetes-dashboard-kong-proxyChange type: ClusterIP to type: NodePort. Save and exit. Then find the assigned port:
kubectl -n kubernetes-dashboard get svc kubernetes-dashboard-kong-proxyAccess the dashboard at https://NODE_IP:NODEPORT. This approach exposes the dashboard on every node in the cluster, so use it only in trusted network environments.
Method 3 - Ingress with TLS
For production access, create an Ingress resource. This assumes you have an Ingress controller (like nginx-ingress or Traefik) and cert-manager running in your cluster:
cat <Verify the Ingress was created and has an address assigned:
kubectl get ingress -n kubernetes-dashboardNavigating the Dashboard UI
Once logged in, the dashboard organizes information by namespace. Use the namespace dropdown at the top to switch between namespaces or select "All namespaces" for a cluster-wide view.
Key sections in the UI include:
- Workloads - View and manage Deployments, StatefulSets, DaemonSets, ReplicaSets, Jobs, and CronJobs. You can scale deployments, restart pods, and view rollout history directly from here.
- Pods - List all pods with their status, restarts, and resource consumption. Click a pod to see its logs, events, exec into a shell, or view the YAML manifest.
- Services - See all Services and Ingresses. Useful for verifying that your applications are exposed correctly.
- Config and Storage - Browse ConfigMaps, Secrets, PersistentVolumeClaims, and StorageClasses.
- Cluster - View nodes, namespaces, ClusterRoles, and other cluster-level resources.
The dashboard also supports creating resources directly by pasting YAML or JSON manifests. Click the + button in the top-right corner to open the resource creation dialog.
Security Considerations
The Kubernetes Dashboard is a powerful tool, and with that power comes risk if misconfigured:
- Never expose the dashboard to the public internet without strong authentication. A compromised dashboard token gives an attacker full access to your cluster.
- Use RBAC to limit dashboard permissions. Create namespace-scoped ServiceAccounts instead of cluster-admin accounts for regular users.
- Use short-lived tokens. The
kubectl create tokencommand generates tokens that expire (default 1 hour). Avoid creating long-lived Secrets unless absolutely necessary. - Put it behind a VPN or authentication proxy. Tools like OAuth2 Proxy, Authelia, or Pomerium add an extra authentication layer before users even reach the dashboard.
- Audit access. Enable Kubernetes audit logging so you can track who accessed the dashboard and what actions they took.
Alternative - Lens Desktop Application
If you find the web-based dashboard limiting, consider Lens - a standalone desktop application for Kubernetes management. Lens connects directly to your clusters using your kubeconfig file and provides a richer interface with built-in terminal access, Helm chart management, log streaming, and resource editing.
Lens is available for Linux, macOS, and Windows. Install it from the official site or through your package manager. It supports managing multiple clusters simultaneously and includes a built-in Prometheus integration for resource metrics.
The key advantage of Lens over the web dashboard is that it runs locally on your workstation. There is nothing to deploy inside the cluster, no ServiceAccount to manage, and no web endpoint to secure. The trade-off is that each user needs to install the application and have a valid kubeconfig.
Uninstalling the Dashboard
If you need to remove the dashboard, use Helm:
helm uninstall kubernetes-dashboard -n kubernetes-dashboard
kubectl delete namespace kubernetes-dashboardVerify everything is cleaned up:
kubectl get all -n kubernetes-dashboardConclusion
The Kubernetes Dashboard v3 provides a clean, functional web interface for cluster management. The Helm-based installation makes deployment straightforward, and the token-based authentication keeps things secure when configured properly. For quick inspections and basic management tasks, the web dashboard is hard to beat. For power users who manage multiple clusters daily, pairing the dashboard with a desktop tool like Lens gives you the best of both worlds - a browser-based option for quick checks and a full-featured application for deeper work.
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml
error: unable to read URL “https://raw.githubusercontent.com/kubernetes/dashboard/master/aio/deploy/recommended.yaml”, server reported 404 Not Found, status code=404
Use this to apply the latest version:
# VER=$(curl -s https://api.github.com/repos/kubernetes/dashboard/releases/latest|grep tag_name|cut -d ‘”‘ -f 4)
#kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/$VER/aio/deploy/recommended.yaml