Docker Community Forums

Share and learn in the Docker community.

Docker for Mac Kubernetes Dashboard

(Brendanthompson) #1

Hi there,

Just a quick one Minikube comes with the Kubernetes dashboard baked into it, just wondering if D4MK also has this?

(Sgandon) #2

no it does not have it baked in but the install is very easy
kubectl create -f

and then you can access to it
[modified] : I think you need to launch kubectl proxy before accessing the dashboard.

(Bajohns) #3

@sgandon the install is easy but the dashboard requires an auth token. How do we get that token for the docker-for-mac cluster?!/login

(Sgandon) #4

If I rember well you can skip the token authentication part. This is not required.

(Bajohns) #5

Authentication is required. Each URL I navigate to redirects me to auth:!/login

I will search on the VM to see if the token is available.

(Kevin Printz) #6

Hey guys,
For development purpose only on your Mac, you can use the following solution (using unsecured Kubernetes dashboard) :

kevin@mbp-de-kevin ~> kubectl apply -f

Then, find the k8s dashboard pod name:

kevin@mbp-de-kevin ~> kubectl get pod --namespace=kube-system | grep dashboard
kubernetes-dashboard-57b79cdfb5-5bj6m        1/1       Running   0          19m

And add a local port forwarding:

kevin@mbp-de-kevin ~> kubectl port-forward kubernetes-dashboard-57b79cdfb5-5bj6m 9090:9090 --namespace=kube-system
Forwarding from -> 9090

Then, open your browser on and the dashboard should work without any authentification!

Another solution, you can use a Kubernetes ingress controller in case you will have multiple services with frontend access.

So first, deploy a Kubernetes ingress controller (Traefik here):

kevin@mbp-de-kevin ~> kubectl apply -f
clusterrole "traefik-ingress-controller" created
clusterrolebinding "traefik-ingress-controller" created


kevin@mbp-de-kevin ~> kubectl apply -f
serviceaccount "traefik-ingress-controller" created
deployment "traefik-ingress-controller" created
service "traefik-ingress-service" created

Once traefik is deployed, you can already access to the admin GUI, to retreive the port, run the following command:

kevin@mbp-de-kevin ~> kubectl describe svc -n kube-system traefik-ingress-service
Name:                     traefik-ingress-service
Namespace:                kube-system
Labels:                   <none>
Annotations:    {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"name":"traefik-ingress-service","namespace":"kube-system"},"spec":{"ports":[{"name":"...
Selector:                 k8s-app=traefik-ingress-lb
Type:                     NodePort
Port:                     web  80/TCP
TargetPort:               80/TCP
NodePort:                 web  32277/TCP
Port:                     admin  8080/TCP
TargetPort:               8080/TCP
NodePort:                 admin  31000/TCP
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

You have to note two differents ports here:

  • The first one, the GUI admin port NodePort: admin 31000/TCP. Open your browser and reach http://localhost:31000 it’s empty for now, but keep your browser tab open for later.
  • The second one, the port for your services : NodePort: web 32277/TCP means you will access your services GUI through the port 32277

Now, we still use the unsecured version of the dashboard:

kevin@mbp-de-kevin ~> kubectl apply -f

Finally, we need to create an entry in our ingress controller, so create the following file: dashboard.yaml

apiVersion: extensions/v1beta1
kind: Ingress
  name: kubernetes-dashboard
  namespace: kube-system
  annotations: traefik
   traefik.frontend.rule.type: PathPrefixStrip
  - host: localhost
      - path: /dashboard
          serviceName: kubernetes-dashboard
          servicePort: 80

Then execute:

kevin@mbp-de-kevin ~> kubectl create -f dashboard.yaml
ingress "kubernetes-dashboard" created

Now, try to reach the following URL: http://localhost:32277/dashboard/ you should see the K8S dasboard (final / in mandatory due to a K8S issue)

If you go back to previous tab, you should see the entry in the Traefik admin UI.
With this solution, you can create multiple entries in your ingress controller to have url path routing!

Don’t hesitate to reply if you have any issue with it :slight_smile:

(B.) #7

I had the same problem:

 kubectl describe secret kubernetes-dashboard --namespace=kube-system

Will give you the token to login.