How to Sign In to the Kubernetes Dashboard
The Kubernetes Dashboard is a web-based UI that lets you manage and monitor your cluster visually. Signing in for the first time can be confusing, especially with the different authentication methods available. In this guide, you'll learn how to access the dashboard, generate a login token, and follow best practices for secure access.
Prerequisites
You'll need:
- Access to a running Kubernetes cluster
kubectl
installed and configured- The Kubernetes Dashboard deployed in your cluster
Step 1: Deploy the Kubernetes Dashboard (if needed)
If you haven't already installed the dashboard, you can deploy it with:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml
This creates the dashboard and its required resources in the kubernetes-dashboard
namespace.
Step 2: Start the Proxy
To access the dashboard securely from your local machine, start the kubectl proxy
:
kubectl proxy
This command creates a secure tunnel to your cluster. The dashboard will be available at:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
Step 3: Create a Service Account and ClusterRoleBinding
The dashboard requires a token for authentication. Create a service account and bind it to the cluster-admin
role (for demo or admin use):
kubectl create serviceaccount dashboard-admin-sa -n kubernetes-dashboard
kubectl create clusterrolebinding dashboard-admin-sa \
--clusterrole=cluster-admin \
--serviceaccount=kubernetes-dashboard:dashboard-admin-sa
Step 4: Get the Login Token
Retrieve the token for your service account with:
kubectl -n kubernetes-dashboard create token dashboard-admin-sa
Copy the output - this is your login token.
Step 5: Sign In to the Dashboard
- Open the dashboard URL in your browser.
- Select the Token option.
- Paste the token you copied earlier and click Sign In.
You should now have full access to the dashboard.
Troubleshooting Login Issues
- If you see a permissions error, double-check your service account and role binding.
- Make sure the dashboard pod is running:
kubectl get pods -n kubernetes-dashboard
- If you can't access the dashboard URL, confirm that
kubectl proxy
is running and your firewall allows local connections.
Security Best Practices
- Only use
cluster-admin
for testing or admin tasks. For production, create a service account with limited permissions. - Never expose the dashboard directly to the internet without authentication and network controls.
- Regularly rotate your tokens and review access logs.
Next Steps
Explore the dashboard's features, or set up role-based access control (RBAC) for more granular permissions. For production clusters, consider integrating with your organization's authentication provider for single sign-on and audit logging.
Found an issue?