Skip to content




This documentation is deprecated, please check here for its new home

Docker Swarm

Work in progress.


All clusters have the kubernetes dashboard enabled by default.

NOTE: Do the following procedure from your own machine or VM, not from a shared cluster like lxplus. That would expose your cluster

To access it, start by launching a kube proxy on your host:

$ kubectl proxy
Starting to serve on

The dashboard is then accessible by accessing (on your host): http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

It will ask you for a login token that you can get from the admin service account (or by creating another service account).

As an example (use the token value from the output):

$ kubectl -n kube-system describe secret admin-token-67tq5
Name:         admin-token-67tq5
Namespace:    kube-system
Labels:       <none>


ca.crt:     1066 bytes
namespace:  11 bytes
token:      eyJhbGciOiJSUzI1NiIsImtpZCI6IiJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJhZG1pbi10b2tlbi02N3RxNSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJhZG1pbiIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6IjZmM2JmZWNjLWFhZDEtMTFlOC1iZjQwLWZhMTYzZTJlNGQyNSIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTphZG1pbiJ9.f0vwOTlUcjeR0Wr8nxqBysaowRcmipI6s4nHexg2BBKIGUzTiuFP4B3ko9EE4ClBIyRjhhLcOTodCt6J6XSb0XcyD6pFAljwqel6CXJA1sct3n_0zyIP5587E34R4RstQZQBV2lFnTDNm6UZflfaLpBS4cs9uTyGonmj2ZLnvMfHwjBc-JO5rqrk_Y7UDI5WbVB4siIAAbdOabUOowv6oNomDeiDhtr1T32usfxUsVL1_qeLaxwtMsojvcRQprNRSrT3IvHdciSZVdTba6oGwc9yPxZ7kckz-uzzUPirQ2hROMfQcfgLa2RZRFLFi9ZuXzRcJjCjKBXGC1_7LLalA0n0D_k7BoKlRnKdl-0YJUdTd613VjPNozxeiFWipGkyvkZ-1RAJ3SOXk4eNenCx6_H8p9FUZWbSd3c1jQWoOHpUQ99934gHy5J1eYpbU6op3jTBLGxfoL7NP6fXKM_ppk_Mgva7ffL6rYazAxH6XEKVwBtvgY3It15n5ZRkBbPHlMvIhab08UIXrcuXZ8JZ0mj4gJTxJMj2rpVPJ6079x_g_M45M_b3ZzEXPzCoNt5IwdiFkIlo8j2SsCH2KH_V4KK0QZJF2_VS1FO5f_rcHpH_tuPVLkRuQ7-sFXhb3wAWYbFMxaVgh2sSAXvBwOKYxX8Zlu5UIwEnJWY3OtcFfRk
Using traefik ingress

You can also expose kubernetes dashboard through traefik ingress. Using this technique, kubectl proxy won't be needed and you will be able to use all the features provided by traefik such as let's encrypt support. This requires to first follow the steps in the load balancing documentation to setup at least one ingress node.

For the purpose of this tutorial, we will create a new self-signed certificate:

openssl req -newkey rsa:2048 -nodes -keyout tls.key -x509 -days 365 -out tls.crt

For production clusters you will have to replace this certificate with your own valid certificate.

Create a secret containing your certificate and key:

kubectl create secret generic dashboard-ingress-cert -n kube-system --from-file=tls.crt --from-file=tls.key

Update the traefik settings to ignore invalid certificates:

kubectl edit daemonsets ingress-traefik -n kube-system

And add --insecureskipverify under spec.template.spec.containers.args. There should already be some options here such as --logLevel=INFO. After that delete all the pods in the daemonset and wait for them to be re-created.

Create a new ingress for kubernetes dashboard using the following definition:

apiVersion: extensions/v1beta1
kind: Ingress
  name: dashboard-ingress
  namespace: kube-system
  annotations: traefik https https
  - host:
      - backend:
          serviceName: kubernetes-dashboard
          servicePort: 443
        path: /
  - secretName: dashboard-ingress-cert specifies that the frontend should listen for incoming https traffic. specify the protocol used to connect to pods when forwarding traffic. In this setup, we use the Host header to route traffic to the right backend. Here, should be replaced by the landb alias created during the ingress node setup in load balancing.

Last update: June 1, 2022