Alexander Zeitler

Alexander Zeitler

Enabling the Kubernetes Dashboard for DigitalOcean Kubernetes

Published on Thursday, January 3, 2019

DigitalOcean recently announced the public availability of it's managed Kubernetes offering and it's pretty awesome.

Once you created your cluster following their quickstart, you might want to open the Kubernetes dashboard using kubectl proxy. But browsing http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ will result in a 404 error.

That's because the Kubernetes dashboard is not deployed by default, so let's do this now using:

kubectl create --kubeconfig="your-digitalocean-kubeconfig.yaml" -f

By the way, if you don't want to always specify the --kubeconfig parameter, you can merge your Cluster configuration into your local Kubernetes Config using this DigitalOcean CLI command (make sure to login first using your DO token) - and I'm assuming this for the next kubectl commands issued in this post:

doctl k8s cluster kubeconfig save <your-do-cluster-name>

Once the configuration is merged, you can list the Kubernetes contexts by issuing this kubectl command

kubectl config get-contexts

Which will output a result similar to this:

CURRENT   NAME                                         CLUSTER                                      AUTHINFO                                           NAMESPACE
do-fra1-k8s-1-12-1-do-2-fra1-xxxxxxxxxx do-fra1-k8s-1-12-1-do-2-fra1-xxxxxxxxxx do-fra1-k8s-1-12-1-do-2-fra1-xxxxxxxxxx-admin
* docker-for-desktop docker-for-desktop-cluster docker-for-desktop

As you can see, the current active context is your local Kubernetes and if you want to issue commands against your DigitalOcean Cluster, you'll have to switch the context to this cluster by running

kubectl config use-context do-fra1-k8s-1-12-1-do-2-fra1-xxxxxxxxxx

If everything went fine, you should be able to list the Nodes of your DigitalOcean cluster:

kubectl get nodes

Fingers crossed 🤞, the output should be similar to this (except for the cluster name, of course):

NAME                   STATUS    ROLES     AGE       VERSION
eloquent-hypatia-h12 Ready <none> 63d v1.12.1

If you try to access your Kubernetes dashboard now by running kubectl proxy and logging in using your Cluster configuration yaml file, you'll get this error:

Not enough data to create auth info structure.

Read on, we're solving this now 💪!

Next, we need to create a Service Account and a ClusterRoleBinding using this serviceaccount.yaml file:

apiVersion: v1
kind: ServiceAccount
name: <ServiceAccountName> # replace this with the username you want to use
namespace: kube-system
kind: ClusterRoleBinding
name: <ServiceAccountName> # replace this with the username you want to use
kind: ClusterRole
name: cluster-admin
- kind: ServiceAccount
name: <ServiceAccountName> # replace this with the username you want to use
namespace: kube-system

Then apply the serviceaccount.yaml using:

kubectl apply -f serviceaccount.yaml

After that, we need to get the access token for the Service Account:

kubectl get secret -n kube-system

This will give you a list like this:

NAME                               TYPE                                  DATA      AGE
csi-do-controller-sa-token-hsgv9 3 62d
csi-do-node-sa-token-vz7wk 3 62d
default-token-tw59l 3 62d
digitalocean Opaque 1 62d
kube-dns-token-7zvjw 3 62d
kubernetes-dashboard-certs Opaque 0 4m
kubernetes-dashboard-key-holder Opaque 2 4m
kubernetes-dashboard-token-fxw8d 3 4m
<ServiceAccountName-token-xxxxx> 3 17s

Finally display your token:

kubectl describe secret <ServiceAccountName-token-xxxxx> -n kube-system
Name:         <ServiceAccountName-token-xxxxx>
Namespace: kube-system
Labels: <none>


ca.crt: 1156 bytes
namespace: 11 bytes
token: <here goes your token>

When running kubectl proxy again, now you can enter your token in the login screen here:

If everything went well, you should be able to browse the Kubernetes dashboard now:

What are your thoughts about "Enabling the Kubernetes Dashboard for DigitalOcean Kubernetes"?
Drop me a line - I'm looking forward to your feedback!
Imprint | Privacy