Accessing Dashboard

Note: As of v1.8, Enterprise PKS has been renamed to VMware Tanzu Kubernetes Grid Integrated Edition. Some screenshots in this documentation do not yet reflect the change.

Page last updated:

This topic describes how to access Dashboard, a web-based Kubernetes UI, for your VMware Tanzu Kubernetes Grid Integrated Edition deployment.

WARNING: For security reasons, clusters created with TKGI v1.7 and later do not have Kubernetes Dashboard automatically installed. See the Release Notes for more information.

Overview

Kubernetes provides Dashboard to manage Kubernetes clusters and applications, and to review the state of Kubernetes cluster resources.

Install Dashboard

Install Dashboard on clusters running TKGI by following the Deploying the Dashboard UI instructions in the Kubernetes documentation.

Kubernetes dashboard is automatically installed on clusters created with versions prior to TKGI v1.7.

Access Credentials

You must have either a kubectl Kubeconfig or Bearer Token access credential to access Dashboard.

Configure Kubeconfig Access Credentials

You can use the TKGI CLI to request a Kubeconfig access credential and to save the credential to either a file or environment variable for use as your Dashboard access credential.

To request Kubeconfig credentials use one of the two following methods.

  • Request a Kubeconfig access credential using the TKGI CLI:

    tkgi get-credentials CLUSTER-NAME
    

    Where CLUSTER-NAME is the name of your cluster.

    For example:

    $ tkgi get-credentials tkgi-bosh

    Fetching credentials for cluster tkgi-bosh. Context set for cluster tkgi-bosh.

    Note: If your operator has configured Tanzu Kubernetes Grid Integrated Edition to use a SAML identity provider, you must include an additional SSO flag to use the above command. For information about the SSO flags, see the section for the above command in TKGI CLI. For information about configuring SAML, see Connecting Tanzu Kubernetes Grid Integrated Edition to a SAML Identity Provider

  • Request a Kubeconfig access credential and assign to your Kubernetes configuration:

    KUBECONFIG=CONFIG-FILE tkgi get-credentials CLUSTER-NAME
    

    Where:

    • CONFIG-FILE is the name of the output file which will store the exported access credentials.
    • CLUSTER-NAME is the name of your cluster.

    Note: If your operator has configured Tanzu Kubernetes Grid Integrated Edition to use a SAML identity provider, you must include an additional SSO flag to use the above command. For information about the SSO flags, see the section for the above command in TKGI CLI. For information about configuring SAML, see Connecting Tanzu Kubernetes Grid Integrated Edition to a SAML Identity Provider

Request Bearer Token Access Credentials

You can use kubectl to request a Bearer Token access credential.

  1. To request your Kubernetes user ID, run the following command:

    kubectl config view -o jsonpath='{.contexts[?(@.name == "CLUSTER-NAME")].context.user}'
    

    Where CLUSTER-NAME is the name of your cluster.

    For example:

    $ kubectl config view -o jsonpath='{.contexts[?(@.name == "tkgi-bosh")].context.user}'
    dxbjlm0j-ac11-43f9-99a7-87u5u4fbe44b
    

  2. To derive a Kubeconfig Token use one of the two following methods.

    • Kubectl Get Secret request:

      kubectl describe secret $(kubectl get secret | grep USER-ID | awk '{print $1}') | grep "token:"
      

      Where USER-ID is your Kubernetes User ID.

      For example:

      $ kubectl describe secret $(kubectl get secret | grep dxbjlm0j-ac11-43f9-99a7-87u5u4fbe44b | awk '{print $1}') | grep "token:"
      token:      eyxYzGciOiJSUzI1NiPsIndxbaac0jac11erf999a787e3e4fbe44rgnZ....iI4utgU6-qKDEdwEJw5TQA
      

    • Kubectl Describe Service Accounts request:

      kubectl describe secret $(kubectl describe serviceaccounts USER-ID | grep Tokens | awk '{print $2}') | grep "token:"
      

      Where USER-ID is your Kubernetes User ID.

      For example:

      $ kubectl describe secret $(kubectl describe serviceaccounts dxbjlm0j-ac11-43f9-99a7-87u5u4fbe44b | grep Tokens | awk '{print $2}') | grep "token:"
      token:      eyxYzGciOiJSUzI1NiPsIndxbaac0jac11erf999a787e3e4fbe44rgnZ....iI4utgU6-qKDEdwEJw5TQA
      

Access Dashboard

After you have obtained access credentials you can authenticate into Dashboard.

  1. To start the proxy server run the following:

    kubectl proxy
    
  2. To access the Dashboard UI, open a browser and navigate to the following:

    http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
    
  3. On the Kubernetes Dashboard sign in page select an option based on the type of credential that you prepared in the previous steps.

    • If you prepared a Kubeconfig credential file:
      • Select Kubeconfig.
      • To specify your kubeconfig file select ..., to the right of Choose kubeconfig file.
      • Specify the kubeconfig file location.
    • If you prepared a Kubeconfig token:
      • Select Token.
      • To specify your kubeconfig token, paste your kubeconfig token into the Enter token area.
  4. Click SIGN IN. The Dashboard Overview page is displayed.

Use Dashboard

For information about how to use Dashboard, see Web UI (Dashboard) in the Kubernetes documentation.


Please send any feedback you have to pks-feedback@pivotal.io.