LabEx
Log InJoin For Free

Secure Kubernetes Dashboard Access

KubernetesKubernetesBeginner
Practice Now

Introduction

In this challenge, you will enhance the security of your Kubernetes cluster by creating a read-only service account for the Kubernetes Dashboard, demonstrating your understanding of Role-Based Access Control (RBAC). You will create a new service account, a ClusterRole with read-only permissions, and bind the ClusterRole to the service account. Finally, you will generate a token for the service account to use for Dashboard login.

Skills Graph

%%%%{init: {'theme':'neutral'}}%%%% flowchart RL kubernetes(("Kubernetes")) -.-> kubernetes/BasicCommandsGroup(["Basic Commands"]) kubernetes(("Kubernetes")) -.-> kubernetes/AdvancedCommandsGroup(["Advanced Commands"]) kubernetes/BasicCommandsGroup -.-> kubernetes/get("Get") kubernetes/BasicCommandsGroup -.-> kubernetes/create("Create") kubernetes/AdvancedCommandsGroup -.-> kubernetes/apply("Apply") subgraph Lab Skills kubernetes/get -.-> lab-434106{{"Secure Kubernetes Dashboard Access"}} kubernetes/create -.-> lab-434106{{"Secure Kubernetes Dashboard Access"}} kubernetes/apply -.-> lab-434106{{"Secure Kubernetes Dashboard Access"}} end

Secure Kubernetes Dashboard Access

As a junior DevOps engineer, you'll enhance the security of your Kubernetes cluster by creating a read-only service account for the Kubernetes Dashboard, demonstrating your understanding of Role-Based Access Control (RBAC).

Tasks

  • Create a new service account named read-only-user in the kubernetes-dashboard namespace, using the provided YAML file
  • Create a ClusterRole with read-only permissions for the default namespace, allowing get, list, and watch operations on pods, services, nodes, namespaces, and deployments
  • Bind the ClusterRole to the new service account named read-only-user
  • Generate a token for the service account to use for Dashboard login

Requirements

  • Work in the ~/project directory
  • Use the kubernetes-dashboard namespace for the service account
  • Create a YAML file named read-only-dashboard-access.yaml
  • The service account should have only read permissions
  • Limit the access scope to the default namespace

Provide the YAML file content:

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: read-only-user
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: read-only-dashboard-role
rules:
  - apiGroups: [""]
    resources: ["pods", "services", "nodes", "namespaces", "deployments"]
    verbs: ["get", "list", "watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-only-dashboard-access
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: read-only-dashboard-role
subjects:
  - kind: ServiceAccount
    name: read-only-user
    namespace: kubernetes-dashboard

Examples

Example service account token output:

eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...

Example Dashboard view after login:

  • Visible: Namespace resources, Deployments, Pods
  • Not Visible: Create, Edit, Delete operations

Hints

  • Start Minikube and apply recommended.yaml file from the official Kubernetes Dashboard repository to deploy the Dashboard
  • Use kubectl create and kubectl apply commands
  • Check ClusterRole and ClusterRoleBinding configurations
  • Use kubectl -n kubernetes-dashboard create token read-only-user to generate the token
โœจ Check Solution and Practice

Summary

In summary, this challenge requires you to enhance the security of your Kubernetes cluster by creating a read-only service account for the Kubernetes Dashboard. You will create a new service account, a ClusterRole with read-only permissions, and bind the ClusterRole to the service account. Finally, you will generate a token for the service account to use for Dashboard login.

Related Kubernetes Courses
Quick Start with Kubernetes

Quick Start with Kubernetes

Kubernetes
Beginner
Kubernetes for Noobs

Kubernetes for Noobs

Kubernetes
Beginner