Kubernetes Dashboard Remote Access

Leave a Comment / Container, Kubernetes / By
Kubernetes dashboard remote access.

If you received an error like below, you need to grant access to Kubernetes dashboard to your cluster.

configmaps is forbidden: User “system:serviceaccount:kube-system:kubernetes-dashboard” cannot list configmaps in the namespace “default”

If you are planning to access to Kubernetes Dashboard via proxy from remote machine, you will need to grant ClusterRole to allow access to dashboard.

Create a Kubernetes Dashboard Service Account

Create a new file and insert the following details.

vi kube-dashboard-service-account.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard

Now we will apply changes to Kubernetes Cluster to create an admin-user service account to access the dashboard.

Note: you can name service account to any name. I am using `admin-user` as an example.

Execute the below command to create a service account.

kubectl create -f kube-dashboard-service-account.yaml

Create a ClusterRoleBinding

Now we will create cluster role binding to add service account to existing role to be able to access the cluster.

vi kube-dashboard-cluster-role.yaml

Insert below in newly created file

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard

Get a Bearer Token for a service account

kubectl -n kubernetes-dashboard create token admin-user

Once you execute the command, it will output a token something like this:

Output:

eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlcm5ldGVzLWRhc2hib2FyZCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi11c2VyLXRva2VuLXY1N253Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImFkbWluLXVzZXIiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiIwMzAzMjQzYy00MDQwLTRhNTgtOGE0Ny04NDllZTliYTc5YzEiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZXJuZXRlcy1kYXNoYm9hcmQ6YWRtaW4tdXNlciJ9.Z2JrQlitASVwWbc-s6deLRFVk5DWD3P_vjUFXsqVSY10pbjFLG4njoZwh8p3tLxnX_VBsr7_6bwxhWSYChp9hwxznemD5x5HLtjb16kI9Z7yFWLtohzkTwuFbqmQaMoget_nYcQBUC5fDmBHRfFvNKePh_vSSb2h_aYXa8GV5AcfPQpY7r461itme1EXHQJqv-SN-zUnguDguCTjD80pFZ_CmnSE1z9QdMHPB8hoB4V68gtswR1VLa6mSYdgPwCHauuOobojALSaMc3RH7MmFUumAgguhqAkX3Omqd3rJbYOMRuMjhANqd08piDC3aIabINX6gP5-Tuuw2svnV6NYQ

Access Kubernetes Dashboard

Execute the below command to open a proxy connection from a local machine:

kubectl proxy

Once you execute the above command, you will receive the below output.

Starting to serve on 127.0.0.1:8001

Browse the dashboard link: http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

Once you open the URL, select Token and click sign in:

Kubernetes Dashboard Login Page

Kubernetes Dashboard Page:

Related Posts

Leave a Comment

Subscribe
Subscribe
Scroll to Top