Starting the Kubernetes Dashboard

Kubernetes Dashboard is a web-based user interface that you can use as an alternative to the Kubernetes kubectl command line tool to:

  • deploy containerized applications to a Kubernetes cluster
  • troubleshoot your containerized applications

You use the Kubernetes Dashboard to get an overview of applications running on a cluster, as well as to create or modify individual Kubernetes resources. The Kubernetes Dashboard also reports the status of Kubernetes resources in the cluster, and any errors that have occurred.

In contrast to the Kubernetes Dashboard, Container Engine for Kubernetes enables you to create and delete Kubernetes clusters and node pools, and to manage the associated compute, network, and storage resources.

Before you can use the Kubernetes Dashboard to access a cluster, you need to specify the cluster on which to perform operations by setting up the cluster's kubeconfig file.

Note that an Oracle Cloud Infrastructure CLI command in the kubeconfig file generates authentication tokens that are short-lived, cluster-scoped, and specific to individual users. As a result, you cannot share kubeconfig files between users to access Kubernetes clusters. The generated authentication tokens are also unsuitable if you want other processes and tools to access the cluster, such as continuous integration and continuous delivery (CI/CD) tools. In this case, consider creating a Kubernetes service account and adding its associated authentication token to the kubeconfig file. For more information, see Adding a Service Account Authentication Token to a Kubeconfig File.


  • You cannot run the Kubernetes Dashboard in Cloud Shell.
  • You can only use the Kubernetes Dashboard if it was enabled when the cluster was initially created.

To start the Kubernetes Dashboard:

  1. If you haven't already done so, follow the steps to set up the cluster's kubeconfig configuration file and (if necessary) set the KUBECONFIG environment variable to point to the file. Note that you must set up your own kubeconfig file. You cannot access a cluster using a kubeconfig file that a different user set up. See Setting Up Cluster Access.

  2. In a text editor, create a file (for example, called oke-admin-service-account.yaml) with the following content:

    apiVersion: v1
    kind: ServiceAccount
      name: oke-admin
      namespace: kube-system
    kind: ClusterRoleBinding
      name: oke-admin
      kind: ClusterRole
      name: cluster-admin
    - kind: ServiceAccount
      name: oke-admin
      namespace: kube-system

    The file defines an administrator service account and a clusterrolebinding, both called oke-admin.

  3. Create the service account and the clusterrolebinding in the cluster by entering:

    $ kubectl apply -f <filename>

    where <filename> is the name of the file you created earlier. For example:

    $ kubectl apply -f oke-admin-service-account.yaml

    The output from the above command confirms the creation of the service account and the clusterrolebinding:

    serviceaccount "oke-admin" created "oke-admin" created

    You can now use the oke-admin service account to view and control the cluster, and to connect to the Kubernetes dashboard.

  4. Obtain an authentication token for the oke-admin service account by entering:

    $ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep oke-admin | awk '{print $1}')

    The output from the above command includes an authentication token (a long alphanumeric string) as the value of the token: element, as shown below:

    Name:         oke-admin-token-gwbp2
    Namespace:    kube-system
    Labels:       <none>
    Annotations: oke-admin 3a7fcd8e-e123-11e9-81ca-0a580aed8570
    ca.crt:     1289 bytes
    namespace:  11 bytes
    token:      eyJh______px1Q

    In the example above, eyJh______px1Q (abbreviated for readability) is the authentication token.

  5. Copy the value of the token: element from the output. You will use this token to connect to the dashboard.

  6. In a terminal window, enter kubectl proxy to start the Kubernetes Dashboard.
  7. Open a browser and go to http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login to display the Kubernetes Dashboard.
  8. In the Kubernetes Dashboard, select Token and paste the value of the token: element you copied earlier into the Token field.

  9. In the Kubernetes Dashboard, click Sign In, and then click Overview to see the applications deployed on the cluster.