The Kubernetes Dashboard is a general-purpose, web-based UI for Kubernetes clusters that allows users to manage applications, inspect cluster resources, view logs, and troubleshoot issues without using the kubectl CLI. It provides a visual overview of all workloads in the cluster — deployments, pods, services, ingress rules, storage, and RBAC configuration — making it accessible to team members who are less familiar with the Kubernetes CLI. The Dashboard requires careful security configuration: it should never be exposed publicly without authentication, and cluster-admin access should be restricted to named user accounts. This guide covers installing the Kubernetes Dashboard on RHEL 9 using Helm, configuring a service account with appropriate permissions, and accessing the UI securely.
Prerequisites
- Kubernetes cluster running on RHEL 9
- Helm installed
Step 1 — Install the Kubernetes Dashboard
# Add the Dashboard Helm repository
helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm repo update
# Install the Dashboard (v7+, which uses a new architecture)
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard
--create-namespace
--namespace kubernetes-dashboard
kubectl get pods -n kubernetes-dashboardStep 2 — Create an Admin Service Account
# /tmp/dashboard-admin.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboardkubectl apply -f /tmp/dashboard-admin.yamlStep 3 — Generate a Login Token
# Generate a short-lived token (8 hours)
kubectl create token admin-user -n kubernetes-dashboard --duration=28800s
# For a long-lived token (not recommended for production):
kubectl create secret generic admin-user-token
--from-literal=token=$(kubectl create token admin-user -n kubernetes-dashboard)
-n kubernetes-dashboardStep 4 — Access the Dashboard
# Method 1: kubectl proxy (only accessible from localhost)
kubectl proxy
# Access: http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard-kong-proxy:443/proxy/
# Method 2: NodePort (accessible from your network)
kubectl patch svc kubernetes-dashboard-kong-proxy
-n kubernetes-dashboard
-p '{"spec":{"type":"NodePort","ports":[{"port":443,"nodePort":30443,"targetPort":8443,"protocol":"TCP"}]}}'
kubectl get svc -n kubernetes-dashboard
# Access: https://server-ip:30443
# Login with the token generated in Step 3Step 5 — Restrict Dashboard Access
# For production: restrict NodePort 30443 to admin IPs only
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=10.0.0.0/8 port port=30443 protocol=tcp accept'
firewall-cmd --reload
# Alternatively, place behind an Nginx Ingress with IP allowlist:
# nginx.ingress.kubernetes.io/whitelist-source-range: "10.0.0.0/8,192.168.0.0/16"Conclusion
The Kubernetes Dashboard on RHEL 9 provides a valuable visual interface for cluster inspection and management, but it must be secured carefully. The cluster-admin ClusterRoleBinding grants full read/write access to every resource in the cluster — equivalent to unrestricted kubectl access. For teams with multiple users, create separate ServiceAccounts with namespace-scoped roles (as covered in the Kubernetes RBAC tutorial) so that each user can only see and modify resources in their assigned namespaces. Always use time-limited tokens (kubectl create token --duration) rather than long-lived tokens for Dashboard access.
Next steps: How to Configure Kubernetes RBAC on RHEL 9, How to Monitor Kubernetes with Prometheus on RHEL 9, and How to Install Jenkins on RHEL 9.
