Addon: dashboard

The standard Kubernetes Dashboard is a convenient way to keep track of the
activity and resource use of MicroK8s.

On all platforms, you can install the dashboard with one command:

microk8s enable dashboard

To access the installed dashboard, you’ll need to follow the guide for the relevant platform:

On Linux

To log in to the Dashboard, you will need the access token (unless RBAC has
also been enabled). This is generated randomly on deployment, so a few commands
are needed to retrieve it:

For MicroK8s 1.24 or newer

microk8s kubectl create token default

For MicroK8s 1.23 or older

token=$(microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)
microk8s kubectl -n kube-system describe secret $token

In an RBAC enabled setup (microk8s enable rbac) you need to create a user with
restricted permissions as detailed in the
upstream Dashboard access control documentation .

Next, you need to connect to the dashboard service. While the MicroK8s snap will
have an IP address on your local network (the Cluster IP of the kubernetes-dashboard service),
you can also reach the dashboard by forwarding its port to a free one on your host with:

microk8s kubectl port-forward -n kube-system service/kubernetes-dashboard 10443:443

You can then access the Dashboard at https://127.0.0.1:10443.

For more information on port-forward, see the kubectl documentation.

On MacOS and Windows

To log in to the Dashboard, you will need the access token (unless RBAC has
also been enabled). This is generated randomly on deployment, so we can get it with this command:

multipass exec MicroK8sVM -- sudo /snap/bin/microk8s kubectl -n kube-system describe secret $(multipass exec MicroK8sVM -- sudo /snap/bin/microk8s kubectl -n kube-system get secret | grep default-token | cut -d " " -f1)

In an RBAC enabled setup (microk8s enable rbac) you need to create a user with
restricted permissions as detailed in the
upstream Dashboard access control documentation .

Because you are running MicroK8s in a VM and you need to expose the Dashboard to other hosts, you
should also use the --address [IP_address_that_your_browser's_host_has] option. Set this option
to --address 0.0.0.0 to make the Dashboard public. For example:

multipass exec MicroK8sVM -- sudo /snap/bin/microk8s kubectl port-forward -n kube-system service/kubernetes-dashboard 10443:443 --address 0.0.0.0

Leave the proxy running and get the VM’s IP address:

multipass info MicroK8sVM | grep IPv4 | awk '{ print $2 }'

You can then access the Dashboard at https://$CONTAINER_IP:10443.

Upstream Documentation

Visit the upstream dashboard documentation to find out other ways to reach the Dashboard.

1 Like

Hi, I followed this guide and got the following error:

error: unable to forward port because pod is not running. Current status=Failed

Running the microk8s dashboard-proxy didn’t work either. Any idea?

Hi @saxenarajat, what is the out put of microk8s kubectl get all -A? I wonder if downloading the dashboard image took long enough so that by the time you tried to reach it the pod was not ready.

Hi,
When enabling Dashboard on my Linux Ubuntu 18.04 box, a service listening on 443 is created.
kubectl -n kube-system get services gives:
kubernetes-dashboard ClusterIP 10.152.183.49 443/TCP 105m
It looks correct.
But the command
kubectl port-forward -n kube-system service/kubernetes-dashboard 10443:443
returns
Forwarding from 127.0.0.1:10443 -> 8443
Forwarding from [::1]:10443 -> 8443
and hangs. The port is not published.
Looks strange, any advice is welcome.
GB

hi @geekbot - does the port forwarding work for you? I.e. can you connect to the dashboard from that URL?

The port-forward subcommand runs as a foreground task - it won’t return until you kill it (Ctrl-C etc). It will however emit status, for example:

Forwarding from 127.0.0.1:10443 -> 8443
Forwarding from [::1]:10443 -> 8443
Handling connection for 10443
Handling connection for 10443
Handling connection for 10443
Handling connection for 10443

Hello,
I have not managed to make it working. I changed my mind and decided to access it through an ingress. Here is the ingress manifest which works in my case.

apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: dashboard-ingress
namespace: kube-system
annotations:
kubernetes.io/ingress.class: nginx
nginx.ingress.kubernetes.io/backend-protocol: “HTTPS”
nginx.ingress.kubernetes.io/rewrite-target: /$1
spec:
tls:

  • hosts:
    secretName: ingress-secret
    rules:
  • host:
    http:
    paths:
    • backend:
      serviceName: kubernetes-dashboard
      servicePort: 443
      path: /dashboard/(.*)

HTH
GB

Thanks for your answer,
no I didn’t get Handling connection … messages
Best regards
GB

@geekbot @kjackal sorry it doesn’t seem like it works for you. I can confirm that the instructions work in our tests, so there may be a bug
Thanks for the ingress recipe, we’ll maybe add that to the docs as an alternative :slight_smile:

I am having errors.

ckrause@wolf:~$ microk8s kubectl get all -A
NAMESPACE        NAME                                            READY   STATUS    RESTARTS   AGE
ingress          pod/nginx-ingress-microk8s-controller-r5ks4     1/1     Running   0          35m
kube-system      pod/coredns-588fd544bf-b6f6m                    1/1     Running   2          39m
kube-system      pod/dashboard-metrics-scraper-59f5574d4-46xmg   1/1     Running   3          80m
kube-system      pod/hostpath-provisioner-75fdc8fccd-b5r47       1/1     Running   2          39m
kube-system      pod/kubernetes-dashboard-6d97855997-xpmp6       1/1     Running   3          80m
kube-system      pod/metrics-server-c65c9d66-vw28r               1/1     Running   4          80m
metallb-system   pod/controller-5f98465b6b-ctdh5                 1/1     Running   2          38m
metallb-system   pod/speaker-gc9bt                               1/1     Running   2          38m

NAMESPACE     NAME                                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
default       service/kubernetes                  ClusterIP   10.152.183.1     <none>        443/TCP                  3h48m
kube-system   service/dashboard-metrics-scraper   ClusterIP   10.152.183.169   <none>        8000/TCP                 80m
kube-system   service/kube-dns                    ClusterIP   10.152.183.10    <none>        53/UDP,53/TCP,9153/TCP   39m
kube-system   service/kubernetes-dashboard        ClusterIP   10.152.183.11    <none>        443/TCP                  80m
kube-system   service/metrics-server              ClusterIP   10.152.183.216   <none>        443/TCP                  80m

NAMESPACE        NAME                                               DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
ingress          daemonset.apps/nginx-ingress-microk8s-controller   1         1         1       1            1           <none>                        35m
metallb-system   daemonset.apps/speaker                             1         1         1       1            1           beta.kubernetes.io/os=linux   38m

NAMESPACE        NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
kube-system      deployment.apps/coredns                     1/1     1            1           39m
kube-system      deployment.apps/dashboard-metrics-scraper   1/1     1            1           80m
kube-system      deployment.apps/hostpath-provisioner        1/1     1            1           39m
kube-system      deployment.apps/kubernetes-dashboard        1/1     1            1           80m
kube-system      deployment.apps/metrics-server              1/1     1            1           80m
metallb-system   deployment.apps/controller                  1/1     1            1           38m

NAMESPACE        NAME                                                  DESIRED   CURRENT   READY   AGE
kube-system      replicaset.apps/coredns-588fd544bf                    1         1         1       39m
kube-system      replicaset.apps/dashboard-metrics-scraper-59f5574d4   1         1         1       80m
kube-system      replicaset.apps/hostpath-provisioner-75fdc8fccd       1         1         1       39m
kube-system      replicaset.apps/kubernetes-dashboard-6d97855997       1         1         1       80m
kube-system      replicaset.apps/metrics-server-c65c9d66               1         1         1       80m
metallb-system   replicaset.apps/controller-5f98465b6b                 1         1         1       38m
ckrause@wolf:~$ 
(base) chaimkrause@macmini ~ % kubectl get all -A
NAMESPACE        NAME                                            READY   STATUS    RESTARTS   AGE
ingress          pod/nginx-ingress-microk8s-controller-r5ks4     1/1     Running   0          36m
kube-system      pod/coredns-588fd544bf-b6f6m                    1/1     Running   2          41m
kube-system      pod/dashboard-metrics-scraper-59f5574d4-46xmg   1/1     Running   3          81m
kube-system      pod/hostpath-provisioner-75fdc8fccd-b5r47       1/1     Running   2          41m
kube-system      pod/kubernetes-dashboard-6d97855997-xpmp6       1/1     Running   3          81m
kube-system      pod/metrics-server-c65c9d66-vw28r               1/1     Running   4          81m
metallb-system   pod/controller-5f98465b6b-ctdh5                 1/1     Running   2          40m
metallb-system   pod/speaker-gc9bt                               1/1     Running   2          40m

NAMESPACE     NAME                                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
default       service/kubernetes                  ClusterIP   10.152.183.1     <none>        443/TCP                  3h49m
kube-system   service/dashboard-metrics-scraper   ClusterIP   10.152.183.169   <none>        8000/TCP                 81m
kube-system   service/kube-dns                    ClusterIP   10.152.183.10    <none>        53/UDP,53/TCP,9153/TCP   41m
kube-system   service/kubernetes-dashboard        ClusterIP   10.152.183.11    <none>        443/TCP                  81m
kube-system   service/metrics-server              ClusterIP   10.152.183.216   <none>        443/TCP                  81m

NAMESPACE        NAME                                               DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR                 AGE
ingress          daemonset.apps/nginx-ingress-microk8s-controller   1         1         1       1            1           <none>                        36m
metallb-system   daemonset.apps/speaker                             1         1         1       1            1           beta.kubernetes.io/os=linux   40m

NAMESPACE        NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
kube-system      deployment.apps/coredns                     1/1     1            1           41m
kube-system      deployment.apps/dashboard-metrics-scraper   1/1     1            1           81m
kube-system      deployment.apps/hostpath-provisioner        1/1     1            1           41m
kube-system      deployment.apps/kubernetes-dashboard        1/1     1            1           81m
kube-system      deployment.apps/metrics-server              1/1     1            1           81m
metallb-system   deployment.apps/controller                  1/1     1            1           40m

NAMESPACE        NAME                                                  DESIRED   CURRENT   READY   AGE
kube-system      replicaset.apps/coredns-588fd544bf                    1         1         1       41m
kube-system      replicaset.apps/dashboard-metrics-scraper-59f5574d4   1         1         1       81m
kube-system      replicaset.apps/hostpath-provisioner-75fdc8fccd       1         1         1       41m
kube-system      replicaset.apps/kubernetes-dashboard-6d97855997       1         1         1       81m
kube-system      replicaset.apps/metrics-server-c65c9d66               1         1         1       81m
metallb-system   replicaset.apps/controller-5f98465b6b                 1         1         1       40m
(base) chaimkrause@macmini ~ % kubectl proxy
Starting to serve on 127.0.0.1:8001

What version of kubectl do you have?
Can you try kubectl version and paste it here? As far as i know client and server versions must be the same.
Or use port-forward is what i normally do.

ckrause@wolf:~$ microk8s kubectl version
Client Version: version.Info{Major:"1", Minor:"18+", GitVersion:"v1.18.6-1+64f53401f200a7", GitCommit:"64f53401f200a7a5977955a74ad3f997302774ca", GitTreeState:"clean", BuildDate:"2020-07-15T19:58:09Z", GoVersion:"go1.14.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18+", GitVersion:"v1.18.6-1+64f53401f200a7", GitCommit:"64f53401f200a7a5977955a74ad3f997302774ca", GitTreeState:"clean", BuildDate:"2020-07-15T19:59:02Z", GoVersion:"go1.14.5", Compiler:"gc", Platform:"linux/amd64"}
ckrause@wolf:~$ 

Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.3", GitCommit:"2e7996e3e2712684bc73f0dec0200d64eec7fe40", GitTreeState:"clean", BuildDate:"2020-05-20T12:52:00Z", GoVersion:"go1.13.9", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"18+", GitVersion:"v1.18.6-1+64f53401f200a7", GitCommit:"64f53401f200a7a5977955a74ad3f997302774ca", GitTreeState:"clean", BuildDate:"2020-07-15T19:59:02Z", GoVersion:"go1.14.5", Compiler:"gc", Platform:"linux/amd64"}
(base) chaimkrause@macmini ~ %
(base) chaimkrause@macmini ~ % brew info kubectl
kubernetes-cli: stable 1.18.6 (bottled), HEAD
Kubernetes command-line interface
https://kubernetes.io/
Not installed
From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/kubernetes-cli.rb
License: Apache-2.0
==> Dependencies
Build: go ✘
==> Options
--HEAD
	Install HEAD version
==> Analytics
install: 62,801 (30 days), 202,797 (90 days), 888,600 (365 days)
install-on-request: 43,899 (30 days), 142,378 (90 days), 627,502 (365 days)
build-error: 0 (30 days)
(base) chaimkrause@macmini ~ % brew install kubectl
Updating Homebrew...
==> Auto-updated Homebrew!
Updated 2 taps (homebrew/core and homebrew/cask).
==> New Formulae
acl2                 cgl                  charge               eleventy             gostatic             kondo                pandocomatic
==> Updated Formulae
Updated 11 formulae.
==> Updated Casks
adobe-acrobat-reader          alt-tab                       fontforge                     retroarch                     uu-booster
alfred                        emacs                         kitty                         retroarch-metal               visual-studio

==> Downloading https://homebrew.bintray.com/bottles/kubernetes-cli-1.18.6.catalina.bottle.tar.gz
==> Downloading from https://d29vzk4ow07wi7.cloudfront.net/edd1688fe0f1d752df1d71e559839e50bf6b6ef78cd03ceac197c079c2465c8e?response-content-dispositi
######################################################################## 100.0%
==> Pouring kubernetes-cli-1.18.6.catalina.bottle.tar.gz
Error: The `brew link` step did not complete successfully
The formula built, but is not symlinked into /usr/local
Could not symlink bin/kubectl
Target /usr/local/bin/kubectl
already exists. You may want to remove it:
  rm '/usr/local/bin/kubectl'

To force the link and overwrite all conflicting files:
  brew link --overwrite kubernetes-cli

To list all files that would be deleted:
  brew link --overwrite --dry-run kubernetes-cli

Possible conflicting files are:
/usr/local/bin/kubectl
==> Caveats
Bash completion has been installed to:
  /usr/local/etc/bash_completion.d

zsh completions have been installed to:
  /usr/local/share/zsh/site-functions
==> Summary
🍺  /usr/local/Cellar/kubernetes-cli/1.18.6: 232 files, 49.2MB
(base) chaimkrause@macmini ~ % rm /usr/local/bin/kubectl
(base) chaimkrause@macmini ~ % brew link --overwrite --dry-run kubernetes-cli
Would remove:
(base) chaimkrause@macmini ~ % brew link --overwrite kubernetes-cli
Linking /usr/local/Cellar/kubernetes-cli/1.18.6... 228 symlinks created
(base) chaimkrause@macmini ~ % kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.6", GitCommit:"dff82dc0de47299ab66c83c626e08b245ab19037", GitTreeState:"clean", BuildDate:"2020-07-16T00:04:31Z", GoVersion:"go1.14.4", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"18+", GitVersion:"v1.18.6-1+64f53401f200a7", GitCommit:"64f53401f200a7a5977955a74ad3f997302774ca", GitTreeState:"clean", BuildDate:"2020-07-15T19:59:02Z", GoVersion:"go1.14.5", Compiler:"gc", Platform:"linux/amd64"}
(base) chaimkrause@macmini ~ % kubectl proxy
Starting to serve on 127.0.0.1:8001

Is there something in terms of SSH tunneling that I can use to test if things are working at all?

You tried using port-forward with kubectl?

I don’t believe I have. Where can I find the format info for that? My brain is fried at this point.

What I have done is, on the server:

ckrause@wolf:~$ microk8s kubectl port-forward -n kube-system service/kubernetes-dashboard 10443:443
Forwarding from 127.0.0.1:10443 -> 8443
Forwarding from [::1]:10443 -> 8443
Handling connection for 10443
Handling connection for 10443
Handling connection for 10443
Handling connection for 10443

So I see it getting fed, But I get a certificate error on my local machine for https://localhost:10443. I have tried trusting the certificate, but that doesn’t help.

You cannot visit localhost right now because the website sent scrambled credentials that Google Chrome cannot process.

At least, I think, that is progress.

I didn’t install an cert myself. I just let microk8s do it’s default thing.

What should I try next?

I discovered something by poking around.

I run kubectl proxy on my client and go to http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/ and I get a response. But no services are listed.

(base) chaimkrause@macmini ~ % kubectl -n kube-system get services
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
dashboard-metrics-scraper   ClusterIP   10.152.183.169   <none>        8000/TCP                 14h
kube-dns                    ClusterIP   10.152.183.10    <none>        53/UDP,53/TCP,9153/TCP   14h
kubernetes-dashboard        ClusterIP   10.152.183.11    <none>        443/TCP                  14h
metrics-server              ClusterIP   10.152.183.216   <none>        443/TCP                  14h

screenshot


For those people following along…

The documentation that I was using, direct from the Kubernetes website, was leading me astray.

If you are running microk8s, instead of the URL in the documentation you need the following URL:

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

So, on your client run kubectl proxy and then open that URL on your client.

1 Like

I’ve been using the dashboard and it has been great, but after I disable it, the pods never go away. If I try and delete the manually they just come back. I don’t see any obvious errors when I run “microk8s disable dashboard” and it shows disabled. This is on Ubuntu 20.04.

My guess is that there is another dashboard deployment running.

What is the output of microk8s kubectl get deployment -A

The MicroK8s dashboard is installed in the kube-system namespace.

output:

NAMESPACE     NAME                        READY   UP-TO-DATE   AVAILABLE   AGE
cloud         elasticsearch               0/0     0            0           5d1h
cloud         thehive                     0/0     0            0           2d23h
kube-system   coredns                     1/1     1            1           15d
kube-system   dashboard-metrics-scraper   1/1     1            1           15d
kube-system   hostpath-provisioner        1/1     1            1           15d
kube-system   kubernetes-dashboard        1/1     1            1           15d
kube-system   metrics-server              1/1     1            1           15d

I have a pretty simple setup, definitely didn’t install any other type of outside dashboard. You see my two pods in the cloud namespace, originally installed microk8s via snap install microk8s --classic