Tutorial: Deploy the Kubernetes Dashboard (web UI) - Amazon EKS
PrerequisitesStep 1: Deploy the Kubernetes dashboardStep 2: Create an eks-admin service account and cluster role bindingStep 3: Connect to the dashboard
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Tutorial: Deploy the Kubernetes Dashboard (web UI)

This tutorial guides you through deploying the Kubernetes Dashboard to your Amazon EKS cluster, complete with CPU and memory metrics. It also helps you to create an Amazon EKS administrator service account that you can use to securely connect to the dashboard to view and control your cluster. If you have issues using the dashboard, you can create an issue or pull request in the project's GitHub repository.

Prerequisites

This tutorial assumes the following:

Step 1: Deploy the Kubernetes dashboard

Download, modify, and apply the dashboard manifest to your cluster.

  1. Download the dashboard manifest file to your device using the command for the version of your cluster.

    • Version 1.22

      Some features of the available versions might not work properly with this Kubernetes version. For more information, see Releases on GitHub.

    • Versions 1.20 and 1.21

      curl -O https://raw.githubusercontent.com/kubernetes/dashboard/v2.4.0/aio/deploy/recommended.yaml

  2. Modify the manifest file.

    1. Identify the container images in the manifest.

      cat recommended.yaml | grep image:

      The example output is as follows.

      image: kubernetesui/dashboard:v2.4.0
image: kubernetesui/metrics-scraper:v1.0.7

    2. Pull the images returned in the previous step and push them to a repository that your nodes have access to. For more information on how to pull, tag, and push an image to your own repository, see Copy a container image from one repository to another repository.

    3. Replace your-registry in the following command with your registry and then run the modified command to replace kubernetesui in the file with your registry.

      sed -i.bak -e 's|kubernetesui|your-registry|' recommended.yaml

    4. Replace your-repository and your-tag in the following command with your repository and tag and then run the modified command to replace dashboard:v2.4.0 in the file with your repository and tag.

      sed -i.bak -e 's|dashboard:v2.4.0|your-repository:your-tag|' recommended.yaml

    5. Replace your-repository and your-tag in the following command with your repository and tag and then run the modified command to replace dashboard:v2.4.0 in the file with your repository and tag.

      sed -i.bak -e 's|metrics-scraper:v1.0.7|your-repository:your-tag|' recommended.yaml

  3. Apply the Kubernetes Dashboard manifest to your cluster.

    kubectl apply -f recommended.yaml

    The example output is as follows.

    namespace/kubernetes-dashboard created
serviceaccount/kubernetes-dashboard created
service/kubernetes-dashboard created
secret/kubernetes-dashboard-certs created
secret/kubernetes-dashboard-csrf created
secret/kubernetes-dashboard-key-holder created
configmap/kubernetes-dashboard-settings created
role.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created
deployment.apps/kubernetes-dashboard created
service/dashboard-metrics-scraper created
deployment.apps/dashboard-metrics-scraper created

Step 2: Create an eks-admin service account and cluster role binding

By default, the Kubernetes Dashboard user has limited permissions. In this section, you create an eks-admin service account and cluster role binding that you can use to securely connect to the dashboard with admin-level permissions. For more information, see Managing Service Accounts in the Kubernetes documentation.

To create the eks-admin service account and cluster role binding
Important

The example service account created with this procedure has full cluster-admin (superuser) privileges on the cluster. For more information, see Using RBAC authorization in the Kubernetes documentation.

  1. Run the following command to create a file named eks-admin-service-account.yaml with the following text. This manifest defines a service account and cluster role binding named eks-admin.

    cat >eks-admin-service-account.yaml <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: eks-admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: eks-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: eks-admin
  namespace: kube-system
EOF

  2. Apply the service account and cluster role binding to your cluster.

    kubectl apply -f eks-admin-service-account.yaml

    The example output is as follows.

    serviceaccount "eks-admin" created
clusterrolebinding.rbac.authorization.k8s.io "eks-admin" created

  3. Starting with Kubernetes version 1.24, secrets for service accounts are no longer autogenerated. You must use the following command to manually create them: 

    kubectl apply -f eks-admin-service-account.yaml << EOF
apiVersion: v1
kind: Secret
metadata:
name: eks-admin
namespace: kube-system
annotations:
kubernetes.io/service-account.name: eks-admin
type: kubernetes.io/service-account-token
EOF

Step 3: Connect to the dashboard

Now that the Kubernetes Dashboard is deployed to your cluster, and you have an administrator service account that you can use to view and control your cluster, you can connect to the dashboard with that service account.

To connect to the Kubernetes dashboard

  1. Retrieve an authentication token for the eks-admin service account.

    kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')

    The example output is as follows.

    Name:         eks-admin-token-b5zv4
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name=eks-admin
              kubernetes.io/service-account.uid=bcfe66ac-39be-11e8-97e8-026dce96b6e8

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      authentication-token

    Copy the authentication-token value from the output. You use this token to connect to the dashboard in a later step.

  2. Start the kubectl proxy.

    kubectl proxy

  3. To access the dashboard endpoint, open the following link with a web browser: http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#!/login.

  4. Choose Token, paste the authentication-token output from the previous command into the Token field, and choose SIGN IN.

    After signing in, you see the dashboard in your web browser.

    Kubernetes Dashboard

    For more information about using the dashboard, see Deploy and Access the Kubernetes Dashboard in the Kubernetes documentation.