Addon: dashboard

Okay… so I finally got them to go away. After I disabled metrics-server and dashboard they finally went away. I’ll play around with it to see if I can figure out a way to reliably re-create this issue… but I’m 99% certain I disabled correctly yesterday.

Shouldn’t the documentation include instructions about the microk8s.dashboard-proxy command?

1 Like

Hi guys.
I would like to suggest you to add info about RBAC default user setup here instead point to upstream doc, because there the namespace is kubernetes-dashboard instead of kube-system.

microk8s now has the dashboard-proxy verb that does much or all of this for most users. I think it should be mentioned on this page.

Any update on this? I’ve spent a few hours trying to get access to the dashboard without success.

The dashboard opens but it can’t show anything. The following notificaion is shown repeated:

namespaces is forbidden: User “system:serviceaccount:kube-system:default” cannot list resource “namespaces” in API group “” at the cluster scope

Which version are you using? if it is v1.24, you will need to create a ClusterRoleBinding to a proper ClusterRole. If this is your development server, you can create this resource.

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: default
  namespace: kube-system
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccount
    name: default
    namespace: kube-system

Then to get the token do a microk8s kubectl -n kube-system create token default and use the token provided to login.

Again doing this will allow default user to have access to the cluster as administrator, based on the CRB above.

Has the image name for microk8s changed to “microk8s-vm” rather than “MicroK8sVM”?
I copy/paste instructions so I don’t make mistakes, but in this case, it’s a mistake to do that :slight_smile:

In an RBAC enabled setup you need to create a ServiceAccount for the Dashboard dashboard/creating-sample-user.md at master · kubernetes/dashboard · GitHub
then generate the Bearer Token kubectl -n kubernetes-dashboard create token admin-user, the token will expire after a short time. For Newcomers, create the Bearer Token with 99999 hours duration kubectl -n kubernetes-dashboard create token admin-user --duration=999999h