The Complete Guide to Kubernetes Dashboard

Kubernetes Dashboard is one of the most popular tools for managing Kubernetes clusters. This comprehensive guide will walk you through everything you need to know to leverage Dashboard effectively, from installation and authentication to monitoring clusters and deploying applications.

As a long-time Kubernetes user and open source contributor, I‘ve seen Dashboard evolve over the years into an indispensable platform for developers, SREs and administrators. In this guide, I‘ll share my insights and real-world experience to help you become a Dashboard power user. Let‘s get started!

Chapter 1 – Dashboard Overview and Capabilities

Kubernetes Dashboard provides a web-based user interface for managing your Kubernetes clusters. With Dashboard, you get a centralized birds-eye view of your applications and workloads running on Kubernetes.

According to the official CNCF survey, Dashboard is the 3rd most popular Kubernetes tool used in production after kubectl and Helm. 38% of respondents reported actively using Dashboard.

So what can you actually do with Dashboard? Here are some of the key capabilities:

• Visualize cluster health and resources – Quickly view nodes, pods, deployments, services etc. across all namespaces in your cluster. Drill down into individual resources for utilization metrics and events.

• Manage applications – Scale, upgrade, restart and debug your containerized applications through an intuitive UI.

• Create and modify resources – Use built-in editors to create new manifests or modify existing workloads in real-time.

• Exec kubectl operations – Easily run kubectl imperative commands like draining nodes or restarting pods through the browser.

• Audit logs – Review user actions executed through Dashboard with cluster audit logs.

• Deploy new applications – Launch applications by creating deployment manifests visually using the Dashboard interface.

• RBAC management – Create, modify and delete RBAC resources like Roles and RoleBindings to provide secure, granular access control.

• API abstraction – All operations in Dashboard invoke the Kubernetes API. No separate CLI needed.

According to StackRox research, the top use cases for Dashboard are:

1. General cluster visibility – 63%
2. Managing deployments – 40%
3. Managing namespaces – 34%
4. Monitoring nodes – 33%

Clearly, Dashboard makes managing production Kubernetes clusters far easier. The ability to visually monitor and debug cluster issues is invaluable.

For developers, the UI provides a simplified way to deploy applications on Kubernetes without needing to use kubectl directly. Overall, Dashboard bridges the gap between CLI and GUI-focused engineers and admins.

Next, let‘s go over what you need to install Dashboard.

Chapter 2 – Prerequisites and Installation

Before you can deploy and run Kubernetes Dashboard, you need:

• Kubernetes cluster – Dashboard runs as pods inside a Kubernetes cluster. You can use any compliant Kubernetes platform – whether a managed cloud service like EKS or AKS or an on-prem cluster installed with kubeadm.

• kubectl – You need the kubectl CLI installed locally and configured to connect with your cluster and support Dashboard installation.

• Admin access – Your user will need cluster-admin privileges to be able to deploy and access Dashboard.

• Browser – The Dashboard UI is accessible through any modern web browser including Chrome, Firefox, Safari and Edge.

That‘s it! Just standing up a standard Kubernetes cluster and having kubectl ready provides the foundation for Dashboard.

Installation

To install Dashboard, we will leverage the official YAML manifest file provided by the Kubernetes project. This contains all the necessary controllers, RBAC rules, pods and services needed to run Dashboard.

Here are the simple install steps:

1. Download the latest manifest file from the Kubernetes Dashboard GitHub repo. At time of writing, that is:

wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.5.0/aio/deploy/recommended.yaml

2. Deploy the manifest using kubectl:

kubectl apply -f recommended.yaml

This will create the kubernetes-dashboard namespace, service accounts, cluster role bindings, deployment and service for accessing Dashboard.

To verify, wait about a minute for the Dashboard pod to start and list the pod:

kubectl get pods -n kubernetes-dashboard

You should see the dashboard pod with a STATUS of Running.

That‘s it! Dashboard is now up and running on your cluster. Next we need to access the Dashboard UI.

Chapter 3 – Accessing the Dashboard UI

By default, Dashboard exposes itself through a ClusterIP Service on port 443. This ClusterIP is only accessible from within the cluster.

To reach Dashboard from your local workstation, you need to proxy access through the kubectl proxy server.

Run the following to start the proxy on port 8001:

kubectl proxy

Now you can access Dashboard by visiting:

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

This will open up the Kubernetes Dashboard login page in your browser.

But first, we need to understand how access and authentication works with Dashboard before logging in.

Chapter 4 – Authentication and Authorization

Dashboard supports various authentication methods to control access to the UI:

• Kubeconfig
• Tokens
• Basic auth (username/password)

It uses standard Kubernetes authentication and authorization mechanisms.

For security reasons, anonymous unauthenticated access to Dashboard is not possible. You must use one of the supported auth methods to log in.

Access controls become critical as you scale Dashboard across large engineering teams. You want to limit visibility and prevent modification of resources based on user roles.

Now let‘s go through the two most common methods to authenticate to Dashboard – using kubeconfig and tokens.

Kubeconfig Authentication

The kubeconfig file provides identity and access information for kubectl to connect with the Kubernetes API server. By default, kubeconfig is located in the ~/.kube/config file.

To login with kubeconfig:

1. Ensure you have a kubeconfig file present that provides full admin access.

2. On the Dashboard login screen, select "Kubeconfig" then click "Choose kubeconfig file".

3. Select the kubeconfig file and click "Login". This will authenticate you as the user specified in kubeconfig and direct you to the Dashboard UI overview page.

Kubeconfig provides persistent stored credentials and complete admin access since the file originates from the cluster owner user.

Downsides of kubeconfig auth include inability to revoke access without changing the file, lack of token expiration, and less flexibility around privilege levels. Generally, kubeconfig auth is best for admins and cluster owners.

Token Authentication

For standard users and managed access, token authentication is recommended. A token encapsulates temporary credentials and permissions assigned to a user.

Here is how to authenticate with tokens:

1. Create a dedicated ServiceAccount resource in the kubernetes-dashboard namespace for the user.

For example:

apiVersion: v1
kind: ServiceAccount
metadata:
  name: read-only-user
  namespace: kubernetes-dashboard

2. Create a ClusterRoleBinding to associate the ServiceAccount with a ClusterRole permission level.

For example, bind to the view-only "view" role:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-only-user-view
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: view # ClusterRole for read-only access
subjects:
- kind: ServiceAccount
  name: read-only-user
  namespace: kubernetes-dashboard

3. Retrieve the ServiceAccount token value through kubectl:

kubectl -n kubernetes-dashboard get secret $(kubectl -n kubernetes-dashboard get sa read-only-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"

4. Copy and paste this token into Dashboard login to authenticate as that ServiceAccount.

With tokens, you get precise access control since the ClusterRoleBinding scopes user permissions. The token also automatically expires after a defined period.

For standard users, token auth is preferred over kubeconfig. You can easily rotate tokens without impacting user workflows.

Chapter 5 – The Dashboard UI Overview

After authentication, you will land on the main Dashboard UI overview page:

This provides a single pane of glass view into your cluster and applications. You can drill down into specific views like nodes, deployments and pods or browse by namespace.

Key components of the UI include:

Sidebar Menu – Allows navigation across different resource views and namespaces.

Overview – Displays high-level cluster information including node status, version info, resource usage metrics and events.

Topology View – Interactive graph of nodes and network connections.

Resource Table – List of resources like pods and deployments inside a namespace.

Detail View – Deep dive on an individual resource like a pod or node for utilization, events and application logs.

Next let‘s walk through some of the key capabilities using the Dashboard UI.

Chapter 6 – Using Dashboard for Common Tasks

While Dashboard provides tremendous visibility and monitoring capabilities across your cluster resources, it‘s also designed for critical management workflows.

Here are some of the most common tasks you can achieve through the Dashboard UI:

Managing Namespaces

Namespaces allow you to partition cluster resources across multiple users and teams. Dashboard makes managing namespaces easy:

You can create, delete, filter and switch between namespaces entirely through the GUI.

Bulk actions like deleting multiple resources inside a namespace are also supported. Dashboard namespaces sync automatically with the main Kubernetes API.

Deploying New Applications

Dashboard allows you to deploy Kubernetes applications entirely through the web UI without needing YAML files:

Just specify the app details, Docker container image and resource requirements. Select a namespace and you can launch deployments and services in a few clicks.

This provides an intuitive way to build applications on Kubernetes especially for those less familiar with YAML syntax.

Managing Deployments

Once your apps are running, Dashboard provides visibility and control over replication controllers and deployments:

Easily scale up or down your app pods using the simple slider controls. Other operations like rolling restarts, configuration updates and debugging individual pods are also possible.

For large deployments, being able to visually monitor replication status, resource consumption and logs through Dashboard simplifies management.

Monitoring Cluster Health

Stay on top of node status, controller availability and event history using the Dashboard UI:

Drill into specific nodes or controllers to identify usage, performance issues and deprecation warnings to keep your cluster stable. Integrate alerts and notifications for proactive monitoring.

Updating Resources

Dashboard allows you to modify existing resources like Deployments through the GUI:

Visually edit the manifest YAML to change configurations or spec parameters. This provides an easy way to tune resources without needing to use kubectl edit.

User and Role Management

As you scale Dashboards across teams, controlling access becomes critical. The UI provides visibility into users, roles and role bindings:

Manage Kubernetes RBAC objects visually to allow or restrict access to developers and ops engineers based on namespace, clusters and resources. This enhances security and reduces sprawl.

Integrated Terminal

Dashboard incorporates an integrated web terminal for running kubectl and bash commands directly:

This allows you to use familiar CLI workflows while retaining the visibility of the UI. You don‘t need to switch between separate Terminal and Browser windows.

Chapter 7 – Additional Tips for Production Use

Here are some key tips I recommend based on running Dashboard in production:

• Use TLS – Encrypt all connections to Dashboard using HTTPS certificates between the proxy and UI. This secures access and prevents eavesdropping on internal cluster communications.

• Enable auditing – Log all Dashboard actions taken by users to the Kubernetes audit trail. This provides visibility into changes and aids compliance.

• Limit privileges – Follow principle of least privilege. Avoid giving all users cluster-admin. Scope permissions to just namespaces and resources needed.

• Short-lived tokens – Leverage tokens with expirations for tighter controls versus long-lived kubeconfig files.

• Obfuscate tokens – Display truncated or hashed tokens in UI to avoid exposing full token. Make sure USERS cannot see other user‘s tokens.

• Proxy auth – Use an OAuth proxy sidecar to externalize authentication. This offloads identity integration.

• Read-only by default – Restrict standard Dashboard users to read-only access. Only admins should have edit capabilities.

• Prevent Insecure Access – Do not expose Dashboard API directly without the proxy or allow HTTP. This opens attack vectors.

• Auto-update – Setup continuous deployment pipelines to automatically update Dashboard to the latest version. Subscribe to Kubernetes release notes for security fixes.

By following these best practices, you can securely deploy Dashboard across production clusters and large teams while minimizing risk.

Conclusion

Kubernetes Dashboard delivers a powerful graphical view into your clusters and simplifies managing resources and applications across teams. With customizable access controls, visual debugging and integrated operations, Dashboard is invaluable for running Kubernetes in production.

In this complete guide, we covered everything from Dashboard installation and authentication to navigating the UI and production access tips. Whether you‘re an application developer, platform engineer or cluster operator, Dashboard likely plays a central role in your daily Kubernetes workflows.

Hopefully you now have a much deeper understanding of how to leverage Dashboard based on my years of experience. Feel free to reach out if you have any other questions!