Deploy and Secure the Kubernetes Dashboard

The Kubernetes Dashboard is an open-source, web-based interface that enables you to manage Kubernetes clusters visually. It allows you to deploy applications, monitor workloads, troubleshoot performance, and view real-time cluster activity. The Dashboard supports managing multiple Kubernetes resources such as CronJobs, DaemonSets, Deployments, Pods, ReplicaSets, and StatefulSets, giving you complete visibility and control over your cluster.

This guide explains how to deploy the Kubernetes Dashboard, manage resources through its interface, and configure secure external access using an Ingress Controller.

Prerequisites

Before you begin, ensure you have the following:

• Access to a running Kubernetes cluster.
• Kubectl installed and configured to connect to your cluster.
• Helm installed on your local workstation.

Install Kubernetes Dashboard

You can install the Kubernetes Dashboard using the official Helm repository. Follow these steps to add the repository and deploy the Dashboard to your cluster.

Step 1: Add the Kubernetes Dashboard Helm repository

$ helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/

Step 2: Update Helm repositories

$ helm repo update

Step 3: Install the Kubernetes Dashboard

$ helm install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard

Step 4: Verify the installation

$ kubectl get all -n kubernetes-dashboard

Check that all Pods, Services, and ReplicaSets in the kubernetes-dashboard namespace are running and active.

Configure Access to the Kubernetes Dashboard

By default, the Dashboard uses minimal RBAC permissions and requires a bearer token for authentication. You’ll create a service account with administrative privileges to log in securely.

Step 1: Create the Service Account manifest

$ nano dashboard-admin-user.yml

Step 2: Add the following YAML content

apiVersion: v1
kind: ServiceAccount
metadata:
  name: dashboard-admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: dashboard-admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: dashboard-admin-user
  namespace: kubernetes-dashboard

This configuration creates a dashboard-admin-user ServiceAccount with full administrative privileges. For production, consider assigning more restricted roles.

Step 3: Apply the configuration

$ kubectl apply -f dashboard-admin-user.yml

Step 4: Generate a bearer token

$ kubectl -n kubernetes-dashboard create token dashboard-admin-user

Copy the generated token string to use later for authentication.

Access the Kubernetes Dashboard

Once installed, you can access the Dashboard using port forwarding or an Ingress Controller. The simplest way is through port forwarding.

Step 1: Forward the Dashboard port

$ kubectl port-forward service/kubernetes-dashboard-kong-proxy 8443:443 -n kubernetes-dashboard

Step 2: Access the Dashboard via HTTPS

Open a browser and visit:

https://127.0.0.1:8443

or

https://SERVER-IP:8443

Accept the connection warning, then paste the bearer token you generated earlier and click “Sign in.”

Secure the Kubernetes Dashboard

To enhance security, you can expose the Dashboard through a trusted TLS certificate using an Ingress Controller. This setup allows secure HTTPS access.

Step 1: Install Nginx Ingress Controller

$ helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
$ helm repo update
$ helm install ingress-nginx ingress-nginx/ingress-nginx --namespace ingress-nginx --create-namespace

Step 2: Verify LoadBalancer and DNS setup

$ kubectl get services -n ingress-nginx

Note the external IP of the LoadBalancer and update your domain DNS records accordingly.

Step 3: Install Cert-Manager

$ helm repo add jetstack https://charts.jetstack.io
$ helm repo update
$ helm install cert-manager jetstack/cert-manager --namespace cert-manager --create-namespace --set crds.enabled=true

Step 4: Create a ClusterIssuer

$ nano issuer.yml

Add the following configuration and replace the email with your own:

apiVersion: cert-manager.io/v1
kind: ClusterIssuer
metadata:
  name: tls-certificate-issuer
spec:
  acme:
    server: https://acme-v02.api.letsencrypt.org/directory
    email: admin@example.com
    privateKeySecretRef:
      name: letsencrypt-private-key
    solvers:
      - http01:
          ingress:
            ingressClassName: nginx

Step 5: Apply the issuer configuration

$ kubectl apply -f issuer.yml

Step 6: Create the Dashboard Ingress configuration

$ nano dashboard-ingress.yml

Add the following manifest and replace dashboard.example.com with your actual domain:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubernetes-dashboard-ingress
  namespace: kubernetes-dashboard
  annotations:
    cert-manager.io/cluster-issuer: tls-certificate-issuer
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - dashboard.example.com
      secretName: kubernetes-dashboard-cert
  rules:
    - host: dashboard.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard-kong-proxy
                port:
                  number: 443

Step 7: Apply the Ingress manifest

$ kubectl apply -f dashboard-ingress.yml

Step 8: Verify TLS certificate and access

$ kubectl get certificate -n kubernetes-dashboard
$ kubectl get ingress -n kubernetes-dashboard

Once ready, visit:

https://dashboard.example.com

Deploy Applications via the Kubernetes Dashboard

The Dashboard also allows you to deploy applications directly from YAML manifests or via an intuitive form. Below is an example of deploying an Nginx app.

Step 1: Create a subdomain for your application

Add a DNS record, such as sample-app.example.com, pointing to your Ingress Controller’s external IP.

Step 2: Deploy an application using the Dashboard

Open https://dashboard.example.com and log in using your bearer token. Click + to create a new resource, select Create from form, and provide the following:

• App name: sample-app
• Container image: nginxdemos/hello
• Service type: Internal
• Port and target port: 80

Select the target namespace and click Deploy to start the application.

Step 3: Create an Ingress for the application

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: sample-app-ingress
  annotations:
    cert-manager.io/cluster-issuer: tls-certificate-issuer
spec:
  ingressClassName: nginx
  tls:
    - hosts:
        - sample-app.example.com
      secretName: sample-app-cert
  rules:
    - host: sample-app.example.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: sample-app
                port:
                  number: 80

This configuration routes incoming requests from sample-app.example.com to the sample-app service and automatically generates a TLS certificate for secure HTTPS access.

Conclusion

You have successfully deployed and secured the Kubernetes Dashboard, configured HTTPS access, and deployed a sample Nginx application. The Dashboard now serves as a powerful web-based tool for managing workloads, monitoring performance, and orchestrating resources within your Kubernetes cluster.