How to create an admin user to access Kubernetes dashboard

Kubernetes Dashboard is a web-based user interface for deploying containerized applications to Kubernetes clusters-deployment, jobs, StatefulSet, DaemonSets, etc., and manages cluster resources while being able to solve possible problems. You can use the dashboard to provide an overview of the applications running on the cluster.

Review the following guides on how to deploy the Kubernetes dashboard:

How to install Kubernetes dashboard with NodePort

This guide will discuss how to create an admin user who can access all Kubernetes resources. Administrator users can modify objects in all namespaces and can manage any other component in the cluster.

Step 1: Create an administrator service account

First create a service account manifest file. I will name the service account jmutai-admin.

$ vim admin-sa.yml
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: jmutai-admin
  namespace: kube-system

Where jmutai-admin Is the name of the service account to be created.

After creating the file, the application manifest creates objects in the kubernetes cluster.

$ kubectl apply -f admin-sa.yml
serviceaccount/jmutai-admin created
clusterrolebinding.rbac.authorization.k8s.io/jmutai-admin created

Step 2: Create a cluster role binding

Next is the assignment of the cluster role binding created by the service account Cluster administrator.

$ vim admin-rbac.yml
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: jmutai-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: jmutai-admin
    namespace: kube-system

Replace jmutai-admin And the name of the service account you created in step 1.

Application files.

$  kubectl apply -f admin-rbac.yml

Step 3: Obtain an administrator user certificate

You can use to print the generated token for the service account Kubectl command.

Set a variable to store the name of the service account.

SA_NAME="jmutai-admin"

Then run the following command to print the token for the created admin user.


kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${SA_NAME} | awk '{print $1}')

Output:

Name:         jmutai-admin-token-mm9jd
Namespace:    kube-system
Labels:       
Annotations:  kubernetes.io/service-account.name: jmutai-admin
              kubernetes.io/service-account.uid: 80fade4b-4270-11ea-9fe4-005056ba45bd

Type:  kubernetes.io/service-account-token

Data
====
token:      eyJhbGciOiJSUzI1NiIsImtpZCI9IiJ9.eyJpc7MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUxOiJqa211dGFpLWFkbWluLXRva2VuLW1tOWpkIiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZXJ2aWNlLWFjY291bnQubmFtZSI6ImprbXV0YWktYWRtaW4iLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiI4MGZhZGU0Yi00MjcwLTExZWEtOWZlNC0wMDUwNTZiYTQ1YmQiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6a3ViZS1zeXN0ZW06amttdXRhaS1hZG1pbiJ9.uMC2ydeHF4jVA5tnKFbBeHRvc4NWqL920jigk2FDeduUdBuFhsNyDcscmL-pBbWHG5KKwOAEuAAeyNaknaHsDadNnbLpp4AMZTTdr22FEp-_v7MfIEQm3QWmq-c0ykpdrzUzGmk5Q3JIpfqeorDI0lZd52-DF4IVMw3VtTNp6ZMHdieQUNRnCEyfs98raCTRAotiXZQaMvmRW5s9peu5hfxM71jufg-Qzmflr9nO-dY2dOHh1WZcKhJqfNfB73GYX2TQlUlurV4Oy0-2CpUUpJ1HAjcSHzKGuSrMUAMAhRwhbZZXhwvbQ6Ei_9Vv2PkD8_Pw9c-k9x-bblFSAqyFhA
ca.crt:     1025 bytes
namespace:  11 bytes

Copy content to Token key.

Step 4: Visit the Kubernetes dashboard

After the token is created, you can use it to access the Kubernetes dashboard. If you use NodePort to access the dashboard service, you can get the assigned port by issuing a command.

$ kubectl get services -n  | grep dashboard
kubernetes-dashboard   NodePort    10.111.76.69            443:32254/TCP                   414d

For me, I will access the Kubernetes dashboard on the IP address of any cluster computer on the port 32254.

Choose Token Authentication type and paste the token to access the dashboard.

How to create an admin user to access Kubernetes dashboard

Step 5: Create a non-administrator user account

We created an administrator user account that has full access to cluster resources. If you want to grant users access to the namespace, see the previous guide below.

Create a Kubernetes service / user account limited to one namespace

More guides on Kubernetes and containers:

Top minimal container operating system running Kubernetes

Adding new Kubernetes Worker nodes to an existing cluster

How to deploy Metrics Server to a Kubernetes cluster

Install and use Helm 3 on a Kubernetes cluster

Docker vs CRI-O vs Containered

Sidebar