Addon: dashboard

Okay… so I finally got them to go away. After I disabled metrics-server and dashboard they finally went away. I’ll play around with it to see if I can figure out a way to reliably re-create this issue… but I’m 99% certain I disabled correctly yesterday.

Shouldn’t the documentation include instructions about the microk8s.dashboard-proxy command?

Hi guys.
I would like to suggest you to add info about RBAC default user setup here instead point to upstream doc, because there the namespace is kubernetes-dashboard instead of kube-system.

microk8s now has the dashboard-proxy verb that does much or all of this for most users. I think it should be mentioned on this page.

Any update on this? I’ve spent a few hours trying to get access to the dashboard without success.

The dashboard opens but it can’t show anything. The following notificaion is shown repeated:

namespaces is forbidden: User “system:serviceaccount:kube-system:default” cannot list resource “namespaces” in API group “” at the cluster scope

Which version are you using? if it is v1.24, you will need to create a ClusterRoleBinding to a proper ClusterRole. If this is your development server, you can create this resource.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: default
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: default
    namespace: kube-system

Then to get the token do a microk8s kubectl -n kube-system create token default and use the token provided to login.

Again doing this will allow default user to have access to the cluster as administrator, based on the CRB above.

Has the image name for microk8s changed to “microk8s-vm” rather than “MicroK8sVM”?
I copy/paste instructions so I don’t make mistakes, but in this case, it’s a mistake to do that :slight_smile:

In an RBAC enabled setup you need to create a ServiceAccount for the Dashboard dashboard/creating-sample-user.md at master · kubernetes/dashboard · GitHub
then generate the Bearer Token kubectl -n kubernetes-dashboard create token admin-user, the token will expire after a short time. For Newcomers, create the Bearer Token with 99999 hours duration kubectl -n kubernetes-dashboard create token admin-user --duration=999999h

The documentation for on this page for Linux says that after enabling the dashboard addon, with microk8s 1.24+ you need to run the following command to generate a dashboard token:

microk8s kubectl create token default

When I tried this on Ubuntu 22.04 with microk8s 1.27.3 from the 1.27-strict/stable channel, it appears that all the required setup (including RBAC roles) is now done automatically, and the output from the enable command says:

If RBAC is not enabled access the dashboard using the token retrieved with:

microk8s kubectl describe secret -n kube-system microk8s-dashboard-token

Use this token in the https login UI of the kubernetes-dashboard service.

Note – it also might be nice to mention that the dashboard by default uses a self-signed cert, and that this may require extra steps (browser dependent) to access the UI.

1 Like

Thanks for spotting this - i will take a few run throughs in different scenarios and make sure the page gets updated