A brief history of my experiences in programming & system operations

Simple Secure Access to the Kubernetes Dashboard with RBAC

Posted at — Feb 13, 2018

The kubectl command line is great, but sometimes it’s nice to have a dashboard to click around and see basic graphs, view logs, etc. Out of the box, new Kubernetes clusters (I am using Google Kubernetes Engine here) have legacy authentication disabled, and RBAC is required. Having used Kubernetes prior to this, it wasn’t clear to me how to access the dashboard with RBAC.

Starting out

To begin, simply spin up the Kubernetes Proxy with kubectl proxy. Then, access http://localhost:8001/ui in your browser.


If you’re using a modern version of Kubernetes Dashboard (>= 1.8), you’ll be greeted by this screen: {<1>}dashboard login So, once you get to this screen you need to pick a method. It wasn’t obvious to me which one to pick, or where to get the information from, which is why I’m writing this post.


I tried using my local Kubernetes config ~/.kube/config, but it didn’t work for some reason. Also, this might be undesirable if you have multiple clusters, since you don’t want to share your access tokens with a single dashboard instance running on a single cluster.


The Token option is the option I went with, but from the docs it isn’t clear what to actually do here. Luckily, the answer is simple. If you want to use your personal credentials to access the dashboard (and for the various API actions it can take), you just need to copy the access token from your ~/.kube/config file. The access-token is in the users section of the kubeconfig file:

- name: gke_mycluster
        access-token: <token-is-here>
        cmd-args: config config-helper --format=json
        cmd-path: /Users/bbhoss/google-cloud-sdk/bin/gcloud
        expiry: 2018-02-13T18:40:29Z
        expiry-key: '{.credential.token_expiry}'
        token-key: '{.credential.access_token}'
      name: gcp

Simply copy and paste this into the browser after selecting the Token option, and you’ll be logged in to the Dashboard with your personal RBAC credentials. Enjoy!

comments powered by Disqus