This post summarizes the steps from the official Kubernetes dashboard git repo.

At first we have to deploy the dashboard on our cluster.

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

To run the proxy for accessing the dasboard run the following command. You can use the –address and –port flag for changing ip and port bindings. 127.0.0.1 and 8001 are anyway the default values.

kubectl proxy --address 127.0.0.1 --port 8001

Now you can access the dasboard at http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/.

Note that the dashboard is only availabe via localhost because it will not be possible to sign in. See the documentation on github.

NOTE: Dashboard should not be exposed publicly using kubectl proxy command as it only allows HTTP connection. For domains other than localhost and 127.0.0.1 it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.

You can access the dashboard using a secure tunnel.

ssh -L 8001:127.0.0.1:8001 -N username@192.168.1.254

To sign in we need to create a service accout and a role binding.

admin-user.yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kube-system

kubectl create -f admin-user.yaml

Or just

kubectl create serviceaccount --namespace kube-system admin-user

cluster-role-binding.yaml

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kube-system

kubectl create -f cluster-role-binding.yaml

Or just

kubectl create clusterrolebinding admin-user --clusterrole=cluster-admin --serviceaccount=kube-system:admin-user

You can get the token with the following command.

kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')

With this token you can sign in as the user admin-user.

For more details about creating a service accound and a cluster role binding see the documentation on github.