Tutorial: Deploy the Kubernetes Dashboard (web UI) - Amazon EKS

Tutorial: Deploy the Kubernetes Dashboard (web UI)

This tutorial guides you through deploying the Kubernetes Dashboard to your Amazon EKS cluster, complete with CPU and memory metrics. It also helps you to create an Amazon EKS administrator service account that you can use to securely connect to the dashboard to view and control your cluster.

            Kubernetes Dashboard


This tutorial assumes the following:

Step 1: Deploy the Kubernetes Metrics Server

The Kubernetes Metrics Server is an aggregator of resource usage data in your cluster, and it is not deployed by default in Amazon EKS clusters. The Kubernetes Dashboard uses the metrics server to gather metrics for your cluster, such as CPU and memory usage over time.

To deploy the Metrics Server

  1. Deploy the Metrics Server with the following command:

    kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.6/components.yaml
  2. Verify that the metrics-server deployment is running the desired number of pods with the following command.

    kubectl get deployment metrics-server -n kube-system


    NAME READY UP-TO-DATE AVAILABLE AGE metrics-server 1/1 1 1 6m

Step 2: Deploy the Kubernetes dashboard

Complete the instructions for the option that corresponds to the Region that your cluster is in.

  • All Regions other than Beijing and Ningxia China

    kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
  • Beijing and Ningxia China

    1. Download the Kubernetes Dashboard manifest with the following command.

      curl -o recommended.yaml https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta8/aio/deploy/recommended.yaml
    2. Edit the manifest files using the following steps.

      1. View the manifest file or files that you downloaded and note the name of the image. Download the image locally with the following command.

        docker pull image:<tag>
      2. Tag the image to be pushed to an Amazon Elastic Container Registry repository in China with the following command.

        docker tag image:<tag> <aws_account_id>.dkr.ecr.<cn-north-1>.amazonaws.com/image:<tag>
      3. Push the image to a China Amazon ECR repository with the following command.

        docker push image:<tag> <aws_account_id>.dkr.ecr.<cn-north-1>.amazonaws.com/image:<tag>
      4. Update the Kubernetes manifest file or files to reference the Amazon ECR image URL in your region.

    3. Apply the manifest to your cluster with the following command.

      kubectl apply -f recommended.yaml


namespace/kubernetes-dashboard created serviceaccount/kubernetes-dashboard created service/kubernetes-dashboard created secret/kubernetes-dashboard-certs created secret/kubernetes-dashboard-csrf created secret/kubernetes-dashboard-key-holder created configmap/kubernetes-dashboard-settings created role.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard created rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created deployment.apps/kubernetes-dashboard created service/dashboard-metrics-scraper created deployment.apps/dashboard-metrics-scraper created

Step 3: Create an eks-admin service account and cluster role binding

By default, the Kubernetes Dashboard user has limited permissions. In this section, you create an eks-admin service account and cluster role binding that you can use to securely connect to the dashboard with admin-level permissions. For more information, see Managing Service Accounts in the Kubernetes documentation.

To create the eks-admin service account and cluster role binding


The example service account created with this procedure has full cluster-admin (superuser) privileges on the cluster. For more information, see Using RBAC authorization in the Kubernetes documentation.

  1. Create a file called eks-admin-service-account.yaml with the text below. This manifest defines a service account and cluster role binding called eks-admin.

    apiVersion: v1 kind: ServiceAccount metadata: name: eks-admin namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRoleBinding metadata: name: eks-admin roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: cluster-admin subjects: - kind: ServiceAccount name: eks-admin namespace: kube-system
  2. Apply the service account and cluster role binding to your cluster.

    kubectl apply -f eks-admin-service-account.yaml


    serviceaccount "eks-admin" created clusterrolebinding.rbac.authorization.k8s.io "eks-admin" created

Step 4: Connect to the dashboard

Now that the Kubernetes Dashboard is deployed to your cluster, and you have an administrator service account that you can use to view and control your cluster, you can connect to the dashboard with that service account.

To connect to the Kubernetes dashboard

  1. Retrieve an authentication token for the eks-admin service account. Copy the <authentication_token> value from the output. You use this token to connect to the dashboard.

    kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep eks-admin | awk '{print $1}')


    Name: eks-admin-token-b5zv4 Namespace: kube-system Labels: <none> Annotations: kubernetes.io/service-account.name=eks-admin kubernetes.io/service-account.uid=bcfe66ac-39be-11e8-97e8-026dce96b6e8 Type: kubernetes.io/service-account-token Data ==== ca.crt: 1025 bytes namespace: 11 bytes token: <authentication_token>
  2. Start the kubectl proxy .

    kubectl proxy
  3. To access the dashboard endpoint, open the following link with a web browser: http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#!/login.

  4. Choose Token, paste the <authentication_token> output from the previous command into the Token field, and choose SIGN IN.

                        Kubernetes token auth

    It may take a few minutes before CPU and memory metrics appear in the dashboard.

Step 5: Next steps

After you have connected to your Kubernetes Dashboard, you can view and control your cluster using your eks-admin service account. For more information about using the dashboard, see the project documentation on GitHub.