Belajar Kubernetes - Episode 28 - Pengenalan dan Penjelasan Kubernetes Dashboard

#Pendahuluan

Catatan

Untuk kalian yang ingin membaca episode sebelumnya, bisa click thumbnail episode 27 di bawah ini

Episode 27

Di episode sebelumnya kita sudah belajar tentang StatefulSet untuk managing stateful application dengan stable identity dan persistent storage. Selanjutnya di episode 28 kali ini, kita akan coba bahas Kubernetes Dashboard, web-based UI untuk managing dan monitoring Kubernetes cluster kalian.

Catatan: Disini saya akan menggunakan Kubernetes Cluster yang di install melalui K3s.

Sementara kubectl powerful untuk command-line management, Kubernetes Dashboard menyediakan visual interface untuk viewing cluster resource, deploying application, troubleshooting issue, dan monitoring workload - making cluster management lebih accessible.

#Apa Itu Kubernetes Dashboard?

Kubernetes Dashboard adalah general-purpose, web-based UI untuk Kubernetes cluster. Dia allow user untuk manage application running di cluster, troubleshoot application, dan manage cluster resource.

Bayangkan Dashboard seperti control panel untuk cluster kalian - instead of typing command, kalian bisa click through resource, view log, edit configuration, dan monitor health melalui intuitive interface.

Fitur kunci Kubernetes Dashboard:

• Resource visualization - View semua cluster resource di satu tempat
• Application deployment - Deploy containerized application via UI
• Troubleshooting - View log, event, dan resource status
• Resource management - Create, edit, delete resource
• Monitoring - View CPU/memory usage dan metric
• RBAC integration - Respect Kubernetes permission
• Multi-namespace - Switch between namespace easily
• Real-time update - Live view cluster state

#Kenapa Gunakan Kubernetes Dashboard?

Dashboard solve beberapa challenge:

• Visual management - Lebih mudah daripada memorize kubectl command
• Quick troubleshooting - View log dan event di satu tempat
• Team accessibility - Non-CLI user bisa manage cluster
• Resource discovery - Browse semua resource visually
• Rapid deployment - Deploy app tanpa writing YAML
• Monitoring - Quick overview cluster health
• Learning tool - Understand Kubernetes structure visually
• Audit trail - See what's running di cluster kalian

Tanpa Dashboard, kalian rely entirely on kubectl, yang bisa challenging untuk beginner atau team preferring visual interface.

#Instalasi Kubernetes Dashboard v2.7.0

Mari kita install Dashboard v2.7.0 step by step.

#Step 1: Deploy Dashboard

Apply official Dashboard manifest:

bash

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

Ini create:

• Namespace: kubernetes-dashboard
• ServiceAccount, Secret, ConfigMap
• Deployment: kubernetes-dashboard
• Service: kubernetes-dashboard
• RBAC role dan binding

#Step 2: Verify Installation

Check Dashboard pod:

bash

kubectl get pods -n kubernetes-dashboard

Output:

bash

NAME                                         READY   STATUS    RESTARTS   AGE
dashboard-metrics-scraper-5cb4f4bb9c-xxxxx   1/1     Running   0          1m
kubernetes-dashboard-79cbcf9fb6-xxxxx        1/1     Running   0          1m

Check Dashboard service:

bash

kubectl get svc -n kubernetes-dashboard

Output:

bash

NAME                        TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
dashboard-metrics-scraper   ClusterIP   10.43.xxx.xxx   <none>        8000/TCP   1m
kubernetes-dashboard        ClusterIP   10.43.xxx.xxx   <none>        443/TCP    1m

#Step 3: Create Admin User

Dashboard require authentication. Create ServiceAccount dengan admin privilege.

Create dashboard-admin.yml:

dashboard-admin.yml

apiVersion: v1
kind: ServiceAccount
metadata:
    name: admin-user
    namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
    name: admin-user
roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: cluster-admin
subjects:
    - kind: ServiceAccount
      name: admin-user
      namespace: kubernetes-dashboard

Apply configuration:

bash

kubectl apply -f dashboard-admin.yml

#Step 4: Generate Access Token

Create token untuk admin user:

bash

kubectl -n kubernetes-dashboard create token admin-user

Output (contoh):

bash

eyJhbGciOiJSUzI1NiIsImtpZCI6IjRxN3Z...very-long-token...xyz123

Copy token ini - kalian akan need it untuk log in ke Dashboard.

#Step 5: Access Dashboard

Ada beberapa cara untuk access Dashboard:

#Option 1: kubectl port-forward (Recommended untuk Development)

Forward Dashboard service ke localhost:

bash

kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard 8443:443

Access Dashboard di: https://localhost:8443

Kubernetes Dashboard Login

Kubernetes Dashboard Workload

#Option 2: Edit Service ke NodePort

Edit Dashboard service:

bash

kubectl edit svc kubernetes-dashboard -n kubernetes-dashboard

Change type: ClusterIP ke type: NodePort:

yml

spec:
    type: NodePort  # Changed dari ClusterIP
    ports:
        - port: 443
          targetPort: 8443
          nodePort: 30443  # Optional: specify port

Get NodePort:

bash

kubectl get svc -n kubernetes-dashboard

Access Dashboard di: https://<node-ip>:<node-port>

#Option 3: Ingress (Recommended untuk Production)

Create Ingress resource:

dashboard-ingress.yml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
    name: kubernetes-dashboard
    namespace: kubernetes-dashboard
    annotations:
        nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
        nginx.ingress.kubernetes.io/ssl-redirect: "true"
spec:
    ingressClassName: nginx
    tls:
        - hosts:
              - dashboard.example.com
          secretName: dashboard-tls
    rules:
        - host: dashboard.example.com
          http:
              paths:
                  - path: /
                    pathType: Prefix
                    backend:
                        service:
                            name: kubernetes-dashboard
                            port:
                                number: 443

#Step 6: Login ke Dashboard

1. Open Dashboard URL di browser
2. Kalian akan see certificate warning (self-signed cert) - accept it
3. Select "Token" authentication method
4. Paste token dari Step 4
5. Click "Sign in"

Kalian sekarang logged in ke Kubernetes Dashboard!

#Dashboard Overview

#Main Section

Cluster:

• Node - View cluster node
• Namespace - Browse namespace
• Persistent Volume - Manage storage
• Role - View RBAC role
• Storage Class - View storage class

Workload:

• Deployment - Manage deployment
• Pod - View dan manage pod
• ReplicaSet - View replica set
• StatefulSet - Manage stateful app
• DaemonSet - View daemon set
• Job - View job
• CronJob - Manage scheduled job

Service:

• Service - View service
• Ingress - Manage ingress rule
• Network Policy - View network policy

Config and Storage:

• ConfigMap - Manage configuration
• Secret - View secret (value hidden)
• PersistentVolumeClaim - Manage PVC

Custom Resource:

• Custom Resource Definition - View CRD

#Menggunakan Dashboard

#Viewing Resource

Navigate ke any resource type:

1. Click on resource type di sidebar (e.g., "Pods")
2. Select namespace dari dropdown
3. View list resource
4. Click resource name untuk detail

#Viewing Pod Detail

1. Navigate ke Workload → Pod
2. Click pod name
3. View:
   • Pod status dan condition
   • Container information
   • Event
   • Log (click "Logs" button)
   • YAML definition

#Viewing Log

1. Navigate ke pod detail
2. Click "Logs" icon
3. Select container (jika multi-container)
4. View real-time log
5. Gunakan search dan download feature

#Deploying Application

1. Click "+" icon (top right)
2. Choose method:
   • Create from input (paste YAML)
   • Create from file (upload YAML)
   • Create from form (fill field)
3. Enter configuration
4. Click "Deploy"

Contoh form deployment:

App name: nginx-app
Container image: nginx:1.25
Number of pods: 3
Service: External (NodePort)
Port: 80
Target port: 80

#Editing Resource

1. Navigate ke resource
2. Click resource name
3. Click "Edit" icon (pencil)
4. Modify YAML
5. Click "Update"

#Deleting Resource

1. Navigate ke resource
2. Check checkbox next to resource
3. Click "Delete" icon (trash)
4. Confirm deletion

#Scaling Deployment

1. Navigate ke Deployment
2. Click deployment name
3. Click "Scale" icon
4. Enter desired replica
5. Click "Scale"

#Executing Command di Pod

1. Navigate ke pod detail
2. Click "Exec" icon (terminal)
3. Select container
4. Execute command di shell

#Membuat Long-Lived Token

Untuk persistent access, create Secret-based token.

#Create Secret untuk ServiceAccount

admin-user-secret.yml

apiVersion: v1
kind: Secret
metadata:
    name: admin-user-token
    namespace: kubernetes-dashboard
    annotations:
        kubernetes.io/service-account.name: admin-user
type: kubernetes.io/service-account-token

Apply:

bash

kubectl apply -f admin-user-secret.yml

#Get Token dari Secret

bash

kubectl get secret admin-user-token -n kubernetes-dashboard -o jsonpath="{.data.token}" | base64 --decode

Token ini tidak expire dan bisa used untuk long-term access.

#Membuat Read-Only User

Untuk user yang should only view resource:

dashboard-readonly.yml

apiVersion: v1
kind: ServiceAccount
metadata:
    name: readonly-user
    namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
    name: readonly-user
roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: view
subjects:
    - kind: ServiceAccount
      name: readonly-user
      namespace: kubernetes-dashboard

Apply:

bash

kubectl apply -f dashboard-readonly.yml

Generate token:

bash

kubectl -n kubernetes-dashboard create token readonly-user

#Membuat Namespace-Specific User

Untuk user limited ke specific namespace:

dashboard-namespace-user.yml

apiVersion: v1
kind: ServiceAccount
metadata:
    name: dev-user
    namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
    name: dev-user
    namespace: development
roleRef:
    apiGroup: rbac.authorization.k8s.io
    kind: ClusterRole
    name: edit
subjects:
    - kind: ServiceAccount
      name: dev-user
      namespace: kubernetes-dashboard

User ini hanya bisa access development namespace.

#Troubleshooting Dashboard

#Dashboard Pod Not Running

Check pod status:

bash

kubectl get pods -n kubernetes-dashboard

View pod log:

bash

kubectl logs -n kubernetes-dashboard deployment/kubernetes-dashboard

Describe pod:

bash

kubectl describe pod -n kubernetes-dashboard <pod-name>

#Cannot Access Dashboard

Check service:

bash

kubectl get svc -n kubernetes-dashboard
kubectl describe svc kubernetes-dashboard -n kubernetes-dashboard

Verify port-forward running:

bash

kubectl -n kubernetes-dashboard port-forward svc/kubernetes-dashboard 8443:443

#Token Authentication Failed

Verify ServiceAccount exist:

bash

kubectl get sa admin-user -n kubernetes-dashboard

Verify ClusterRoleBinding:

bash

kubectl get clusterrolebinding admin-user

Generate new token:

bash

kubectl -n kubernetes-dashboard create token admin-user

#Certificate Error

Dashboard gunakan self-signed certificate by default. Untuk production:

1. Create proper TLS certificate
2. Create Secret dengan certificate
3. Update Dashboard deployment untuk use certificate

dashboard-tls-secret.yml

apiVersion: v1
kind: Secret
metadata:
    name: kubernetes-dashboard-certs
    namespace: kubernetes-dashboard
type: kubernetes.io/tls
data:
    tls.crt: <base64-encoded-cert>
    tls.key: <base64-encoded-key>

#Kesalahan Umum dan Pitfall

#Kesalahan 1: Menggunakan cluster-admin untuk Semua User

Problem: Giving everyone full cluster access.

Solusi: Create role-specific user:

yml

# Read-only user
roleRef:
    kind: ClusterRole
    name: view
 
# Edit user (no delete)
roleRef:
    kind: ClusterRole
    name: edit

#Kesalahan 2: Expose Dashboard Publicly Tanpa Authentication

Problem: Dashboard accessible dari internet tanpa proper security.

Solusi: Gunakan salah satu approach ini:

• Keep Dashboard internal-only
• Gunakan VPN untuk access
• Implement additional authentication (OAuth2 proxy)
• Gunakan Ingress dengan authentication

#Kesalahan 3: Tidak Set Resource Limit

Problem: Dashboard pod bisa consume unlimited resource.

Solusi: Edit deployment untuk add limit:

bash

kubectl edit deployment kubernetes-dashboard -n kubernetes-dashboard

Add:

yml

resources:
    requests:
        memory: "128Mi"
        cpu: "100m"
    limits:
        memory: "256Mi"
        cpu: "200m"

#Kesalahan 4: Menggunakan Short-Lived Token di Automation

Problem: Token expire setelah 1 jam.

Solusi: Create Secret-based token untuk automation:

yml

apiVersion: v1
kind: Secret
metadata:
    name: admin-user-token
    annotations:
        kubernetes.io/service-account.name: admin-user
type: kubernetes.io/service-account-token

#Kesalahan 5: Tidak Monitor Dashboard Access

Problem: No audit trail Dashboard usage.

Solusi: Enable audit logging di Kubernetes API server dan monitor Dashboard access pattern.

#Best Practice

#Secure Access

Gunakan strong authentication:

yml

# Minimum privilege principle
roleRef:
    kind: ClusterRole
    name: view  # Not cluster-admin

#Gunakan Ingress dengan TLS

Secure Dashboard dengan proper certificate:

yml

spec:
    tls:
        - hosts:
              - dashboard.example.com
          secretName: dashboard-tls-cert

#Implement Network Policy

Restrict Dashboard network access:

dashboard-netpol.yml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
    name: dashboard-access
    namespace: kubernetes-dashboard
spec:
    podSelector:
        matchLabels:
            k8s-app: kubernetes-dashboard
    policyTypes:
        - Ingress
    ingress:
        - from:
              - namespaceSelector:
                    matchLabels:
                        name: ingress-nginx
          ports:
              - protocol: TCP
                port: 8443

#Set Resource Limit

Prevent resource exhaustion:

yml

resources:
    requests:
        memory: "128Mi"
        cpu: "100m"
    limits:
        memory: "256Mi"
        cpu: "200m"

#Gunakan RBAC Properly

Create role-specific user:

bash

# Admin user - full access
# Developer user - namespace-specific
# Viewer user - read-only

#Regular Token Rotation

Rotate token periodically:

bash

# Delete old token
kubectl delete secret admin-user-token -n kubernetes-dashboard
 
# Create new token
kubectl apply -f admin-user-secret.yml

#Monitor Dashboard Usage

Track who access Dashboard dan what they do:

bash

kubectl logs -n kubernetes-dashboard deployment/kubernetes-dashboard

#Keep Dashboard Updated

Regularly update ke latest version:

bash

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

#Dashboard Alternative

Sementara Dashboard official, consider alternative:

Lens:

• Desktop application
• Multi-cluster management
• Built-in terminal
• Prometheus integration

K9s:

• Terminal-based UI
• Keyboard-driven
• Real-time update
• Resource management

Octant:

• Local web UI
• Plugin system
• Resource visualization
• Developer-focused

Rancher:

• Full platform
• Multi-cluster
• CI/CD integration
• User management

#Melihat Detail Dashboard

#Get Dashboard Resource

bash

kubectl get all -n kubernetes-dashboard

#Check Dashboard Version

bash

kubectl get deployment kubernetes-dashboard -n kubernetes-dashboard -o jsonpath="{.spec.template.spec.containers[0].image}"

#View Dashboard Log

bash

kubectl logs -n kubernetes-dashboard deployment/kubernetes-dashboard -f

#Check Dashboard Service

bash

kubectl describe svc kubernetes-dashboard -n kubernetes-dashboard

#Uninstall Dashboard

#Delete Dashboard

bash

kubectl delete -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

#Delete Admin User

bash

kubectl delete -f dashboard-admin.yml

#Delete Namespace

bash

kubectl delete namespace kubernetes-dashboard

#Penutup

Pada episode 28 ini, kita telah membahas Kubernetes Dashboard secara mendalam. Kita sudah belajar cara install Dashboard v2.7.0, create admin user, access dashboard securely, dan manage cluster resource melalui web interface.

Key takeaway:

• Dashboard menyediakan web-based UI untuk Kubernetes management
• Install dengan single kubectl apply command
• Require authentication via token atau kubeconfig
• Create ServiceAccount dengan appropriate RBAC permission
• Access via port-forward, NodePort, atau Ingress
• cluster-admin role give full access (use carefully)
• view role provide read-only access
• edit role allow modification tanpa delete
• Create long-lived token menggunakan Secret
• Gunakan namespace-specific role untuk limited access
• Selalu gunakan TLS untuk production deployment
• Implement Network Policy untuk restrict access
• Set resource limit pada Dashboard pod
• Monitor Dashboard access dan usage
• Consider alternative seperti Lens, K9s, Octant
• Keep Dashboard updated ke latest version

Kubernetes Dashboard make cluster management accessible melalui intuitive web interface. Dengan memahami Dashboard installation dan security best practice, kalian bisa provide team dengan visual cluster management sambil maintaining proper access control.

Bagaimana, makin jelas kan tentang Kubernetes Dashboard? Jadi, pastikan tetap semangat belajar dan nantikan episode selanjutnya!

Catatan

Untuk kalian yang ingin melanjutkan ke episode selanjutnya, bisa click thumbnail episode 29 di bawah ini

Episode 29