You can support us by downloading this article as PDF from the Link below. Download the guide as PDF

Kubernetes dashboard is a web based user interface for deploying containerized applications to a Kubernetes cluster – Deployments, Jobs, StatefulSets, DaemonSets e.t.c, and managing cluster resources while being able to troubleshoot issues that may arise. You can use the Dashboard to get an overview of applications running on your cluster.

Check our guide below on how to deploy Kubernetes dashboard:

How To Install Kubernetes Dashboard with NodePort

This guide will discuss how you can create an admin user who has access to all Kubernetes resources. The admin user can modify objects in all namespaces as well as administer any other components in a cluster.

Step 1: Create Admin service account

Let’s start by creating a Service Account manifest file. I’ll name the service account jmutai-admin.

$ vim admin-sa.yml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jmutai-admin
  namespace: kube-system

Where jmutai-admin is the name of the service account to be created.

After creating a file, apply the manifest to create objects in your kubernetes cluster.

$ kubectl apply -f admin-sa.yml
serviceaccount/jmutai-admin created
clusterrolebinding.rbac.authorization.k8s.io/jmutai-admin created

Step 2: Create a Cluster Role Binding

Next is to assign the service account created a cluster role binding of cluster-admin.

$ vim admin-rbac.yml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jmutai-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: jmutai-admin
    namespace: kube-system

Replace jmutai-admin with the name of the service account you created in step 1.

Apply the file.

$  kubectl apply -f admin-rbac.yml

Step 3: Obtain admin user token

You can print the generated token for a service account by using the kubectl command.

Set a variable to store the name of the service account.

SA_NAME="jmutai-admin"

Then run the command below to print the token for the admin user created.


kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${SA_NAME} | awk '{print $1}')

Output:

Name:         jmutai-admin-token-mm9jd
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: jmutai-admin
              kubernetes.io/service-account.uid: 80fade4b-4270-11ea-9fe4-005056ba45bd

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI9IiJ9.eyJpc7MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUxOiJqa211dGFpLWFkbWluLXRva2VuLW1tOWpkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImprbXV0YWktYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4MGZhZGU0Yi00MjcwLTExZWEtOWZlNC0wMDUwNTZiYTQ1YmQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06amttdXRhaS1hZG1pbiJ9.uMC2ydeHF4jVA5tnKFbBeHRvc4NWqL920jigk2FDeduUdBuFhsNyDcscmL-pBbWHG5KKwOAEuAAeyNaknaHsDadNnbLpp4AMZTTdr22FEp-_v7MfIEQm3QWmq-c0ykpdrzUzGmk5Q3JIpfqeorDI0lZd52-DF4IVMw3VtTNp6ZMHdieQUNRnCEyfs98raCTRAotiXZQaMvmRW5s9peu5hfxM71jufg-Qzmflr9nO-dY2dOHh1WZcKhJqfNfB73GYX2TQlUlurV4Oy0-2CpUUpJ1HAjcSHzKGuSrMUAMAhRwhbZZXhwvbQ6Ei_9Vv2PkD8_Pw9c-k9x-bblFSAqyFhA
ca.crt:     1025 bytes
namespace:  11 bytes

Copy the contents in token key.

Step 4: Accessing Kubernetes Dashboard

Once the token is created, you can access your Kubernetes Dashboard with it. If using the NodePort to access dashboard service, you can obtain port allocated by issuing the command.

$ kubectl get services -n <namespace> | grep dashboard
kubernetes-dashboard   NodePort    10.111.76.69    <none>        443:32254/TCP                   414d

For me I will access the Kubernetes dashboard on any cluster machine IP address on port 32254.

Select Token authentication type and paste your token to access the dashboard.

Best Kubernetes mastery courses.

$14.18
$159.46
in stock
Udemy.com
$15.36
$165.37
in stock
Udemy.com
$14.18
$159.46
in stock
Udemy.com

Step 5: Creating non admin user account

We created an admin user account which has full access to cluster resources. If you would like to grant users access with limit to the namespace, refer to our previous guide below.

Create Kubernetes Service / User Account restricted to one Namespace

More guides on Kubernetes and containers:

Top Minimal Container Operating Systems for running Kubernetes

Join new Kubernetes Worker Node to an existing Cluster

How To Deploy Metrics Server to Kubernetes Cluster

Install and Use Helm 3 on Kubernetes Cluster

Docker vs CRI-O vs Containerd

You can support us by downloading this article as PDF from the Link below. Download the guide as PDF