DEV Community

Jonathan Kaftzan
Jonathan Kaftzan

Posted on • Originally published at armosec.io

How to Deploy the Kubernetes Dashboard

Kubernetes clusters consist of multiple resources and API objects interacting dynamically—which typically makes cluster management via the CLI overwhelming. Kubernetes Dashboard was built to simplify cluster operations by providing a unified, human-friendly interface. The web-based dashboard enables cluster operators to deploy applications, access running workloads, and correlate logs with cluster events. This article demonstrates how to install and use Kubernetes Dashboard.

What Is the Kubernetes Dashboard?

Kubernetes Dashboard offers a web-based UI to manage your Kubernetes resources and applications. It displays various macro details of a cluster including nodes, namespaces, volumes, job details, roles, and deployments.

The dashboard presents an intuitive interface to interact with the cluster’s API server, enabling various functions, which we discuss below.

Deploying Applications

Kubernetes Dashboard provides a wizard to deploy containerized workloads within a deployment. The wizard allows for manual specification of the deployment’s details; you can also automate this by uploading manifest files.

Managing Cluster Resources

The admin overview displays all namespaces, persistent volumes, and nodes running in the cluster. Each resource of the cluster is displayed alongside associated metrics, specifications, and events.

The dashboard includes separate views for: workloads, services, storage, ConfigMaps, secrets, and logs, allowing cluster operations teams to drill down into specific information for container resource management.

Troubleshooting Kubernetes Workloads

The dashboard offers insights into the cluster state, any errors that may have occurred, and their related events. It also provides a log viewer linked to detail pages and pod lists. You can use this to measure performance benchmarks and workload bottlenecks at the container level.

Although Kubernetes Dashboard stands out as a resourceful platform for beginner practitioners running test clusters, it is considered inefficient for complex production clusters since it lacks extensible authentication support. In large clusters with multiple deployments and namespaces, the dashboard performs sub-optimally and requires a larger memory allocation.

Kubernetes Dashboard Alternatives and Integrations

As previously mentioned, Kubernetes’ integrated dashboard does not scale well to provide security guarantees for large production clusters. The tools below can be used to extend the dashboard or provide dashboard-like capabilities for enterprise workloads.

Prometheus

Prometheus is one of the most popular open-source monitoring platforms that collects metrics from various sources (e.g., databases, API servers, etc.), stores them in a time-series database for historical representation, and exposes them via HTTP endpoints. Although the platform is designed to be easy to use, it is powerful enough to provide deep insights into how your applications are performing.

Prometheus is often used with Grafana for comprehensive monitoring of distributed systems. While Prometheus collects, aggregates, and stores metrics about the state of your system, Grafana is an open-source web interface for visualizing cluster health and performance bottlenecks in real time.

Commonly considered the default alternative to Kubernetes Dashboard, the Prometheus-Grafana stack can be installed in a few simple steps through either Helm charts or the Prometheus Operator. The Operator further simplifies the deployment while offering different configuration options for the observability of varying cluster complexities.

ContainIQ

The ContainIQ monitoring and tracing solution monitors cluster events, metrics latency, and logs. It ships with pre-built dashboards to expedite cluster health monitoring, while the Kubernetes events monitoring dashboard keeps a historical record of all cluster events and provides alerts for common events like pod eviction and CrashLoopBackOff.

ContainIQ also allows cluster operators to search and filter logs by timestamp, message, cluster, or pod depending on the level of granularity required.

Portainer

Portainer’s Kubernetes management platform provides a central environment to configure, manage, and secure Kubernetes clusters. The intuitive, open-source tool includes native Kubernetes RBAC support with five predefined roles that administrators can assign to users. Portainer also ships with a quota feature that simplifies the assignment of CPU, RAM, and network capacity limits for fair resource allocation.

Key features of Portainer that make it a suitable alternative to Kubernetes Dashboard include:

GitOps automation

Cluster segmentation
Option to allow/disable access to a default namespace
Permissions for administrators to enable/disable resource over-commitment
Lens IDE
Lens is an integrated development environment that provides complete situational awareness for resources and workloads running in Kubernetes. Lens Kubernetes offers managed dev clusters that offload most of the operations required to keep workloads running. Lens desktop provides a way for offloading local clusters to the cloud without any difference in user experience.

The service also includes an intelligent auto-shutdown feature that reduces cost of ownership by terminating idle resources. Operators can additionally deploy self-managed clusters using Lens, enabling flexibility while guaranteeing high security and availability.

Kubescape

Kubescape is an open-source Kubernetes platform that offers a CLI or a web-based interface for securing, monitoring and managing Kubernetes environments like clusters, manifest files (e.g. YAML, Helm), code repositories, container image registries etc. Along with enabling comprehensive monitoring of cluster health, the platform also helps extract detailed information about each cluster node at the granular level.

Kubescape offers a single-pane-of-glass view of K8s components, including pods, services, deployments, ReplicaSets, ingresses, etcd servers, and much more. Through a web interface to the cluster API, Kubescape also allows you to perform common operations such as creating/deleting nodes and scaling up or down. While Kubescape offers rich features in monitoring and managing cluster components, the platform is primarily used for vulnerability assessment, compliance, identifying configuration drifts, and automated security scanning.

K9s

K9s is a powerful terminal UI that makes it easy to navigate, observe, and manage containerized Kubernetes workloads. The platform allows developers and administrators to define command shortcuts via hotkeys and aliases to expedite cluster management processes. Via pulses and XRay view, the UI offers granular visualization of resources when orchestrating a cluster.

K9s ships with built-in performance benchmarking to ensure pods and services are assigned with optimum resources and limits.

Steps to Deploy Kubernetes Dashboard

Although this demo uses a lightweight minikube setup for the installation and use of Kubernetes Dashboard for cluster resource management, you can follow the same steps for a production-grade Kubernetes cluster. As a prerequisite, the demo requires access to the kubectl CLI to deploy the dashboard’s manifest and enable authenticated access.

Deploying the Dashboard Using a Manifest

Connect with the Kubernetes cluster using one of the CLI client terminals, and deploy the recommended configuration for the dashboard by running the command:

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml

Upon successful application, the terminal will display the following output:

namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

Confirm the deployment of dashboard resources by listing the pods running within the cluster using the command:

$ kubectl get pods -A

Which returns a response similar to:

NAMESPACE NAME READY STATUS RESTARTS AGE
ingress-nginx ingress-nginx-admission-create--1-mzfh6 0/1 Completed 0 17m
ingress-nginx ingress-nginx-admission-patch--1-2ccwx 0/1 Completed 0 17m
ingress-nginx ingress-nginx-controller-5f66978484-8rmlp 1/1 Running 0 17m
kube-system coredns-78fcd69978-996nt 1/1 Running 0 20m
kube-system etcd-minikube 1/1 Running 0 21m
kube-system kube-apiserver-minikube 1/1 Running 0 21m
kube-system kube-controller-manager-minikube 1/1 Running 1 (21m ago) 21m
kube-system kube-proxy-2ffz6 1/1 Running 0 20m
kube-system kube-scheduler-minikube 1/1 Running 0 20m
kube-system storage-provisioner 1/1 Running 0 20m
kubernetes-dashboard dashboard-metrics-scraper-c45b7869d-rp4gl 1/1 Running 0 12m

Authenticating to Kubernetes Dashboard

The default setting for Kubernetes Dashboard is only minimally configured for RBAC. To log into the dashboard, Kubernetes supports the use of a bearer token, which you can generate by first creating a user service account with administrative privileges. Create the user by specifying the ServiceAccount and ClusterRoleBinding in a file named dashboard-user.yaml with specifications similar to:

`


apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard



`
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
– kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard

Apply the above configuration to the cluster:

$ kubectl apply -f dashboard-user.yaml

`
`
Which returns a response similar to:

`

`
serviceaccount/admin-user created
clusterrolebinding.rbac.authorization.k8s.io/admin-user created

Then, generate the bearer token by running the command:

$ kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa/admin-user -o jsonpath=”{.secrets[0].name}”) -o go-template=”{{.data.token | base64decode}}”
`
`

Which outputs a token similar to the code in the image below (NB: Parts of the output have been omitted for brevity):

Copy this token and store it safely, as it will be used to access the web UI.

Accessing Your Kubernetes Dashboard

First, expose the cluster dashboard to your local machine by running the command:

$ kubectl proxy

Which returns a response of the form:

Starting to serve on 127.0.0.1:8001

The above output implies that the dashboard is accessible through the URL:

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

Copy and paste this link into the browser to access the dashboard login page. The page will prompt you for the access token:

Paste the bearer token into the Enter token section and then click Sign in.

Using Kubernetes Dashboard

A successful login will redirect you to a welcome page of the Kubernetes cluster. Note that initially there will be no resources to display:

Deploying a Containerized Application

To deploy a new containerized application, click on the + sign toward the top-right area of the dashboard. This offers three options:

  • Create from input uses a YAML file pasted directly into the console.
  • Create from file uses a YAML/JSON file uploaded to the dashboard
  • Create from form allows for the creation of deployment objects by entering values into a form. This is an intuitive UI workflow, and the one we will use for this demo.

Click on Create from form to open the interactive deployment UI:

Create a simple app running an Nginx image with three replicas by inputting the values shown below:

Once the details are confirmed, click on Deploy to deploy the workload into the cluster.

Navigating the Dashboard

After deploying the application, the dashboard populates the Workloads view with the list of pods, replicas, and deployments, as shown:

Navigating to specific workloads involves a simple, click-based workflow. For instance, to access deployments, select the Deployments option from the Workloads menu:

To access the pods, select the Pods menu from the Workloads menu:

You can also use the dashboard to access, observe, and manage Services, Application Details, Cluster Events, and several other key metrics for observing the performance of a Kubernetes cluster:

Summary
Kubernetes Dashboard provides an intuitive, web-based UI that simplifies the deployment and management of your Kubernetes applications. It enables quick visibility and a click-based workflow for easier cluster management by users of all proficiency levels.

While the default dashboard offers basic features for smaller, non-production cluster management, observability tools such as Lens, ContainIQ, K9s, and Portainer extend the functionality of Kubernetes Dashboard, simplifying the monitoring, deployment, and management of production-grade, complex clusters at a global scale.

Top comments (0)