My new cluster is coming along, next on the list is deploying the Kubernetes Dashboard through Argo and Kustomize with ingress and a service account.

I am managing my cluster using Argo CD and, so far, primarily using Kustomize. Next on my list of things to get in the cluster is the dashboard. I like to see what is going on in my cluster.

I am adding 2 things to my deployment. First is an ingress so I can access it without using the proxy from kubectl. That is just annoying. The second is a service account that I can use to access the dashboard.

There are 3 files in the following layout.

- ingress.yaml
- serviceaccount-admin.yaml

The ingress.yaml file contains the ingress object. The serviceaccount-admin.yaml file contains the admin service account and cluster role binding object so it can access the cluster. kustomization.yaml contains my Kustomize configuration and glues it all together.

The namespace I am using is kubernetes-dashboard. If you want to use a different namespace you will need to update it in the cluster role binding in serviceaccount-admin.yaml.


For the ingress to work you need to tell it to communicate to the backend as https. I am currently using the NGINX ingress controller with defaults, so the property annotation is set to HTTPS. Your environment may be different.

Here is the full contents:

kind: Ingress
  name: kubernetes-dashboard
  annotations: 100M "/" "HTTPS"
  - host:
      - backend:
            name: kubernetes-dashboard
              number: 443
        path: /
        pathType: ImplementationSpecific
  - hosts:


This contains our service account for the token and the cluster role binding to give it permissions to the cluster so you can see and do everything in the dashboard.

apiVersion: v1
kind: ServiceAccount
  name: dashboard-admin-sa
kind: ClusterRoleBinding
  name: dashboard-admin-sa
  kind: ClusterRole
  name: cluster-admin
- kind: ServiceAccount
  name: dashboard-admin-sa
  namespace: kubernetes-dashboard


This file glues everything together into a nice bundle. It references the current deployment file in the master branch for the Kubernetes Dashboard. It is a simple Kustomize file.

kind: Kustomization

- base/ingress.yaml
- base/serviceaccount-admin.yaml

namespace: kubernetes-dashboard

Dashboard authentication

To get the token for the dashboard, you'll first get a list of the secrets, then get the secret data from the one that starts with dashboard-admin-sa-token

kubectl get secrets -n kubernetes-dashboard

That will return something like this:

NAME                               TYPE                                  DATA   AGE
dashboard-admin-sa-token-rxw54   3      23m
default-token-snpfp         3      23h
kubernetes-dashboard-certs         Opaque                                0      23h
kubernetes-dashboard-csrf          Opaque                                1      23h
kubernetes-dashboard-key-holder    Opaque                                2      23h
kubernetes-dashboard-token-tnh7m   3      23h

My token is stored in the dashboard-admin-sa-token-rxw54 secret.

kubectl get secret dashboard-admin-sa-token-rxw54 -n kubernetes-dashboard -o jsonpath='{.data.token}' | base64 -d

That command will spit out the token to use when authenticating to the dashboard.

Argo CD

There was nothing special in getting Argo to recognize and deploy the dashboard. It just worked after creating the application and pointing it to the correct path.


This didn't take too long to figure out, but there wasn't any guidance on using Kustomize to deploy the dashboard. Everything just said run kubectl apply. I do not like running kubectl apply to deploy an application. I like automation and repeatability.

I thought I was going to need to have Argo exclude the secret path when sync'ing the service account. But I did not. It was smart enough to take that in to account already. Cool.


Kustomize - Kubernetes native configuration management
Argo CD - Declarative GitOps CD for Kubernetes
Web UI (Dashboard)
Dashboard is a web-based Kubernetes user interface. You can use Dashboard to deploy containerized applications to a Kubernetes cluster, troubleshoot your containerized application, and manage the cluster resources. You can use Dashboard to get an overview of applications running on your cluster, as …
Annotations - NGINX Ingress Controller