LabEx
Log InJoin Free

Secure Kubernetes Dashboard Access

KubernetesBeginner
Practice Now

Introduction

In this challenge, you will enhance the security of your Kubernetes cluster by creating a read-only service account for the Kubernetes Dashboard, demonstrating your understanding of Role-Based Access Control (RBAC). You will create a new service account, a ClusterRole with read-only permissions, and bind the ClusterRole to the service account. Finally, you will generate a token for the service account to use for Dashboard login.

Secure Kubernetes Dashboard Access

As a junior DevOps engineer, you'll enhance the security of your Kubernetes cluster by creating a read-only service account for the Kubernetes Dashboard, demonstrating your understanding of Role-Based Access Control (RBAC).

Tasks

  • Create a new service account named read-only-user in the kubernetes-dashboard namespace, using the provided YAML file
  • Create a ClusterRole with read-only permissions for the default namespace, allowing get, list, and watch operations on pods, services, nodes, namespaces, and deployments
  • Bind the ClusterRole to the new service account named read-only-user
  • Generate a token for the service account to use for Dashboard login

Requirements

  • Work in the ~/project directory
  • Use the kubernetes-dashboard namespace for the service account
  • Create a YAML file named read-only-dashboard-access.yaml
  • The service account should have only read permissions
  • Limit the access scope to the default namespace

Provide the YAML file content:

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: read-only-user
  namespace: kubernetes-dashboard

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: read-only-dashboard-role
rules:
  - apiGroups: [""]
    resources: ["pods", "services", "nodes", "namespaces", "deployments"]
    verbs: ["get", "list", "watch"]

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: read-only-dashboard-access
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: read-only-dashboard-role
subjects:
  - kind: ServiceAccount
    name: read-only-user
    namespace: kubernetes-dashboard

Examples

Example service account token output:

eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9...

Example Dashboard view after login:

  • Visible: Namespace resources, Deployments, Pods
  • Not Visible: Create, Edit, Delete operations

Hints

  • Start Minikube and apply recommended.yaml file from the official Kubernetes Dashboard repository to deploy the Dashboard
  • Use kubectl create and kubectl apply commands
  • Check ClusterRole and ClusterRoleBinding configurations
  • Use kubectl -n kubernetes-dashboard create token read-only-user to generate the token

Summary

In summary, this challenge requires you to enhance the security of your Kubernetes cluster by creating a read-only service account for the Kubernetes Dashboard. You will create a new service account, a ClusterRole with read-only permissions, and bind the ClusterRole to the service account. Finally, you will generate a token for the service account to use for Dashboard login.

✨ Check Solution and Practice
Related Kubernetes Courses
Kubernetes for Beginners

Kubernetes for Beginners

kubernetesdevops
Kubernetes for Noobs

Kubernetes for Noobs

kubernetesdevops