Kubernetes Dashboard - User Authentication using Nginx [ Step by step ]

Would you like to learn how to install the Kubernetes Dashboard, configure Nginx as a proxy, and control the user authentication using Nginx? In this tutorial, we are going to show you how to install the Kubernetes Dashboard and enable the use of Nginx as the authentication proxy on a computer running Ubuntu Linux.

• Ubuntu 20
• Ubuntu 19
• Ubuntu 18
• Kubernetes 1.18

This tutorial will install a single-node Kubernetes cluster.

In our example, The Kubernetes master node IP address is 192.168.15.200.

Kubernetes – Tutorials

On this page, we offer quick access to a list of tutorials related to Kubernetes.

Tutorial Kubernetes – Master node Installation

Install the list of required packages.

Copy to Clipboard

Install the Docker service.

Copy to Clipboard

Enable the Docker service during boot.

Copy to Clipboard

Edit the Docker service configuration file.

Copy to Clipboard

Add the following configuration at the end of the item named: EXECSTART

Copy to Clipboard

Here is the file before our configuration.

Copy to Clipboard

Here is the file after our configuration.

Copy to Clipboard

Create a System configuration file.

Copy to Clipboard

Here is the file content.

Copy to Clipboard

Enable the System configuration file.

Copy to Clipboard

Edit the configuration file named: MODULES.CONF

Copy to Clipboard

Add the following configuration at the end of this file.

Copy to Clipboard

Edit the FSTAB configuration file and disable the use of Swap memory.

Copy to Clipboard

Here is the file before our configuration.

Copy to Clipboard

Here is the file after our configuration.

Copy to Clipboard

Set a unique hostname.

Copy to Clipboard

Create a file to configure the required environment variables.

Copy to Clipboard

Here is the file content.

Copy to Clipboard

Reboot the computer.

Copy to Clipboard

Download and install the Kubernetes repository key.

Copy to Clipboard

Add the official Kubernetes repository.

Copy to Clipboard

Install the Kubernetes packages.

Copy to Clipboard

Download the required Kubernetes images.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Initialize the Kubernetes cluster.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Take note of the command to add nodes to the Kubernetes cluster.

Copy to Clipboard

Set the correct file permission on the Kubernetes configuration file.

Copy to Clipboard

Install the required network configuration.

Copy to Clipboard

By default, the Kubernetes master node is not allowed to run PODS.

Optionally, enable the Kubernetes master node to run PODS.

Copy to Clipboard

In our example, we are using a single-node Kubernetes cluster.

Tutorial – Kubernetes Dashboard installation

Install the list of required packages.

Copy to Clipboard

Download the required YAML file.

Copy to Clipboard

Install the Kubernetes Dashboard.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Create a service account for the Dashboard.

Copy to Clipboard

Configure the Cluster admin role to the Dashboard service account.

Copy to Clipboard

Create a service account for the Nginx proxy.

Copy to Clipboard

Configure the Cluster admin role to the Nginx proxy account.

Copy to Clipboard

List the Nginx secret available on the Kubernetes server.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Notice that your secret’s name will not be the same as ours.

Get the Nginx secret token value.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Name:         nginx-proxy-token-h6f4l
Namespace:    kube-system
Labels:       <none>
Annotations:  kubernetes.io/service-account.name: nginx-proxy
              kubernetes.io/service-account.uid: cdd45665-99dd-49f7-8801-f33110c30209

Type:  kubernetes.io/service-account-token

Data
====
ca.crt:     1025 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6InhrMHFrdEdYQ1gxVlRqZjBpN1hxdEgwaTlRRENMWmhUdC1IMC13OTgyM28ifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuZ2lueC1wcm94eS10b2tlbi1oNmY0bCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJuZ2lueC1wcm94eSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImNkZDQ1NjY1LTk5ZGQtNDlmNy04ODAxLWYzMzExMGMzMDIwOSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpuZ2lueC1wcm94eSJ9.l8fOU4_NTvYvJW3sAznwLxV6EGUhJPidCge2qCbJMoYJ1vkRc2dLkPxZebjx-_mnYYf5vP7jVCR2RlHV_ozHV31YFQrkOIs09JmMIXmSoN6jWfxkePIeWW33WVP2h836fmNChM8XWthVgKq5bfNav83q-lyHnFZbfnsZiJ2TTxJPAhlsZETuhx2szhN9qfFIoQMU357QO5pepkomXRLvPnMSLnsFarx2_0tLZ36OqPCs0L8czikKqtWu-6bwKuNdSNf-iZEnSoSakWvG2i_51tjskt4aFjNyamIEzXj-w11Dka6WB-0Lgz5cwBtBAOjHiPLmFM8mGGBhQomRJKEdVA

Take note of the Nginx token value.

In our example, this is the token value:

Copy to Clipboard

List the Dashboard service cluster IP address.

Copy to Clipboard

Here is the command output.

Copy to Clipboard

Take note of the cluster IP address and TCP port.

In our example, the Dashboard cluster is using the TCP port 443 and the IP address 10.107.55.24.

You have finished the required Dashboard configuration.

Kubernetes Proxy – Basic user authentication using Nginx

On the Master node, install the Nginx server.

Copy to Clipboard

Create the Nginx password file and add the first user account.

Copy to Clipboard

The system will request you to enter the password to the new user account.

Copy to Clipboard

Here is the file content.

Copy to Clipboard

To create additional user accounts, use the following command.

Copy to Clipboard

Create a private key and the certificate using the OpenSSL command.

Copy to Clipboard

Enter the requested information.

Copy to Clipboard

On the option named COMMON_NAME, you need to enter the IP address or hostname.

In our example, we used the IP address: 192.168.15.200

Edit the Nginx configuration file for the default website.

Copy to Clipboard

Here is the file, before our configuration.

Copy to Clipboard

Here is the file, after our configuration.

Copy to Clipboard

server {
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        ssl_certificate /etc/nginx/certificate/nginx-certificate.crt;
        ssl_certificate_key /etc/nginx/certificate/nginx.key;
        root /var/www/html;
        index index.html index.htm index.nginx-debian.html;
        server_name _;
        auth_basic "Secure area - Authentication required";
        auth_basic_user_file /etc/nginx/.htpasswd;
        location / {
                proxy_pass https://10.107.55.24:443;
                proxy_ssl_certificate     /etc/kubernetes/pki/front-proxy-client.crt;
                proxy_ssl_certificate_key     /etc/kubernetes/pki/front-proxy-client.key;
                proxy_ssl_trusted_certificate  /etc/kubernetes/pki/ca.crt;
                proxy_set_header Authorization "Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6InhrMHFrdEdYQ1gxVlRqZjBpN1hxdEgwaTlRRENMWmhUdC1IMC13OTgyM28ifQ.eyJpc3Mi iJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2V cmV0Lm5hbWUiOiJuZ2lueC1wcm94eS10b2tlbi1oNmY0bCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJuZ2lueC1wcm94eSIsImt1YmVybmV0ZXMuaW vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImNkZDQ1NjY1LTk5ZGQtNDlmNy04ODAxLWYzMzExMGMzMDIwOSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3Rlb puZ2lueC1wcm94eSJ9.l8fOU4_NTvYvJW3sAznwLxV6EGUhJPidCge2qCbJMoYJ1vkRc2dLkPxZebjx-_mnYYf5vP7jVCR2RlHV_ozHV31YFQrkOIs09JmMIXmSoN6jWfxkePIeWW33WVP2h836fmNChM8 WthVgKq5bfNav83q-lyHnFZbfnsZiJ2TTxJPAhlsZETuhx2szhN9qfFIoQMU357QO5pepkomXRLvPnMSLnsFarx2_0tLZ36OqPCs0L8czikKqtWu-6bwKuNdSNf-iZEnSoSakWvG2i_51tjskt4aFjNyam EzXj-w11Dka6WB-0Lgz5cwBtBAOjHiPLmFM8mGGBhQomRJKEdVA";
        }
}

Change the IP address of the configuration item named PROXY_PASS to your Dashboard cluster IP address.

Change the token value of the configuration item named PROXY_SET_HEADER to your previously created Nginx secret token value.

In our example, we enabled the use of HTTPS using self-signed certificates.

Copy to Clipboard

In our example, we configured the use of Nginx basic authentication.

Copy to Clipboard

Nginx will proxy the HTTPS communication between the user and the Dashboard cluster IP address.

Copy to Clipboard

Nginx will use a certificate and key automatically created during the Kubernetes server installation to perform mutual TLS authentication to the Dashboard.

Copy to Clipboard

The Nginx server will add a header to all the packets sent to the Dashboard.

This header is named AUTHORIZATION BEARER and contains the secret token previously created to the Nginx proxy.

Copy to Clipboard

Restart the Nginx service.

Copy to Clipboard

Open your browser and access the HTTPS version of the Nginx server IP address.

In our example, the following URL was entered in the Browser:

• https://192.168.15.200

The Nginx server will require you to perform the user authentication.

Kubernetes Dashboard Proxy Authentication

After a successful login, the Kubernetes Dashboard should be presented.

The Nginx proxy will automatically perform the authentication on the Kubernetes dashboard using the feature named: AUTH HEADER.

Kubernetes dashboard Authorization bearer

You successfully finished the configuration of Nginx as a proxy to the Kubernetes Dashboard.

Kubernetes Dashboard – User Authentication using Nginx