Generate Access Token for Kubernetes Dashboard
To securely log in to the Kubernetes Dashboard, you need to authenticate using a bearer token. This guide walks you through generating an access token using a service account with the appropriate permissions.
π€ Step 1: SSH into the Controller Nodeβ
Use your private SSH key and connect to the controller node via the Virtual Router:
ssh -i <ssh-private.key> -p 2222 cloud@<Public-IP-of-Virtual-Router>
π§ Step 2: Create a Service Accountβ
Run the following command to create a new service account in the kubernetes-dashboard namespace:
kubectl create serviceaccount admin-user -n kubernetes-dashboard
π Step 3: Bind the Service Account to Cluster Adminβ
This grants full access to the dashboard:
kubectl create clusterrolebinding admin-user-binding \
--clusterrole=cluster-admin \
--serviceaccount=kubernetes-dashboard:admin-user
π§ͺ Step 4: Generate the Access Tokenβ
You can now retrieve the token to use for dashboard login:
kubectl -n kubernetes-dashboard create token admin-user
tip
π Copy the output token and use it to authenticate via the βTokenβ option on the Kubernetes Dashboard login screen.
β Login Using the Tokenβ
- Open the dashboard URL in your browser:
https://<Public-IP-of-Virtual-Router>:30001
- Select Token as the login method.
- Paste the copied token into the input field and click Sign In.
π Best Practicesβ
- Do not share tokens publicly.
- Revoke tokens when no longer needed by deleting the service account.
- Use role-based access (RBAC) to define more granular access policies for production environments.