Install Kubernetes Dashboard On Ubuntu: A Step-by-Step Guide

by Team 61 views
Install Kubernetes Dashboard on Ubuntu: A Step-by-Step Guide

Hey guys! Today, we're diving into how to install the Kubernetes Dashboard on Ubuntu. If you're managing Kubernetes clusters, the dashboard is an absolute lifesaver. It gives you a web-based UI to visualize, manage, and monitor your applications. So, let's get started!

Prerequisites

Before we jump into the installation, make sure you have the following:

  • A running Kubernetes cluster: You'll need a Kubernetes cluster up and running. If you don't have one, you can set one up using Minikube, Kind, or a cloud provider like Google Kubernetes Engine (GKE), Amazon EKS, or Azure AKS.
  • kubectl installed: kubectl is the command-line tool for interacting with your Kubernetes cluster. Make sure it's installed and configured to connect to your cluster.
  • Basic knowledge of Kubernetes: Familiarity with Kubernetes concepts like Pods, Services, Deployments, and Namespaces will be helpful.

Step 1: Deploy the Kubernetes Dashboard

The first step is to deploy the Kubernetes Dashboard to your cluster. Kubernetes makes this process straightforward with a few simple commands.

Apply the Dashboard Deployment

To deploy the dashboard, we'll apply the recommended manifest file. This manifest contains all the necessary configurations for the dashboard deployment, service, and other required resources. Open your terminal and run the following command:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

This command fetches the manifest file from the official Kubernetes Dashboard repository and applies it to your cluster. You should see output indicating that several resources, such as serviceaccount, clusterrole, clusterrolebinding, deployment, and service, have been created.

Verify the Deployment

After applying the manifest, it's essential to verify that the dashboard has been deployed successfully. Run the following command to check the status of the dashboard deployment:

kubectl get pods -n kubernetes-dashboard

This command lists all the Pods in the kubernetes-dashboard namespace. You should see a Pod named something like kubernetes-dashboard-<hash>-<hash>, and its status should be Running. If the status is not Running, check the Pod's logs for any errors using kubectl logs <pod-name> -n kubernetes-dashboard.

Step 2: Create an Admin User and Service Account

By default, accessing the Kubernetes Dashboard requires authentication. We'll create an admin user and service account with the necessary permissions to access the dashboard.

Create a Service Account

First, create a service account for the admin user. Create a file named admin-user.yaml with the following content:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

This YAML file defines a service account named admin-user in the kubernetes-dashboard namespace. Apply this file to your cluster using the following command:

kubectl apply -f admin-user.yaml

Create a ClusterRoleBinding

Next, create a ClusterRoleBinding to grant the admin-user service account cluster-admin privileges. This allows the admin user to have full access to the Kubernetes cluster through the dashboard. Create a file named admin-user-role.yaml with the following content:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user-binding
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

This YAML file creates a ClusterRoleBinding named admin-user-binding that binds the cluster-admin role to the admin-user service account in the kubernetes-dashboard namespace. Apply this file to your cluster using the following command:

kubectl apply -f admin-user-role.yaml

Get the Bearer Token

To log in to the Kubernetes Dashboard, you'll need a bearer token associated with the admin-user service account. Retrieve the token using the following command:

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

This command retrieves the details of the secret associated with the admin-user service account and prints the token. Copy the token value; you'll need it to log in to the dashboard.

Step 3: Access the Kubernetes Dashboard

Now that the dashboard is deployed and the admin user is set up, let's access the dashboard.

Start the Kubernetes Proxy

To access the dashboard, you can use the kubectl proxy command. This command creates a proxy server that allows you to access the Kubernetes API server. Run the following command:

kubectl proxy

This command starts the proxy server and listens on localhost:8001. Keep this terminal window open while you're using the dashboard.

Access the Dashboard in Your Browser

Open your web browser and navigate to the following URL:

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

You should see the Kubernetes Dashboard login page. Choose the Token authentication option and paste the bearer token you retrieved earlier. Click Sign in to access the dashboard.

Using NodePort Service

Alternatively, you can expose the Kubernetes Dashboard using a NodePort service, which makes it accessible from outside the cluster network. First, edit the Kubernetes Dashboard service:

kubectl edit service -n kubernetes-dashboard kubernetes-dashboard

Change the type from ClusterIP to NodePort. Save the changes and exit the editor. Then, find out which port was assigned to the NodePort. This can be achieved using:

kubectl get service -n kubernetes-dashboard kubernetes-dashboard

Look for the port under the PORT(S) column. It will be in the format 443:30000/TCP. Now, you can access the dashboard via http://<your-node-ip>:30000 in your browser. Replace <your-node-ip> with the IP address of one of your Kubernetes nodes.

Troubleshooting

Sometimes, things don't go as planned. Here are some common issues and their solutions:

  • Dashboard Pod Not Running: If the dashboard Pod is not running, check the Pod's logs for errors. Use kubectl logs <pod-name> -n kubernetes-dashboard to view the logs. Common issues include image pull errors or configuration problems.
  • Unable to Access the Dashboard: If you can't access the dashboard, ensure that the kubectl proxy command is running and that you're using the correct URL. Also, double-check that the bearer token is correct.
  • Permissions Issues: If you're getting permission errors, make sure that the admin-user service account has the necessary permissions. Verify that the ClusterRoleBinding is correctly configured.

Securing the Kubernetes Dashboard

While the Kubernetes Dashboard is a great tool, it's essential to secure it properly. Here are some tips:

  • Use HTTPS: Always access the dashboard over HTTPS to encrypt the traffic. This is especially important if you're accessing the dashboard from a public network.
  • Enable RBAC: Use Role-Based Access Control (RBAC) to restrict access to the dashboard. Only grant users the permissions they need.
  • Regularly Update: Keep the Kubernetes Dashboard updated to the latest version to ensure that you have the latest security patches.
  • Consider Alternatives: For production environments, consider using more advanced authentication methods, such as OAuth 2.0 or OpenID Connect.

Conclusion

Installing the Kubernetes Dashboard on Ubuntu is a straightforward process that can greatly simplify your Kubernetes management tasks. By following the steps outlined in this guide, you can quickly deploy the dashboard, set up an admin user, and access the dashboard in your browser. Remember to secure the dashboard properly to protect your cluster from unauthorized access. Happy managing, and feel free to reach out with questions or insights!