Menu
I have got the following services:
ubuntu@master:~$ kubectl get services --all-namespaces NAMESPACE NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes 100.64.0.1 <none> 443/TCP 48m kube-system kube-dns 100.64.0.10 <none> 53/UDP,53/TCP 47m kube-system kubernetes-dashboard 100.70.83.136 <nodes> 80/TCP 47m I am attempting to access kubernetes dashboard. The following response seems reasonable, taking into account curl is not a browser.
ubuntu@master:~$ curl 100.70.83.136 <!doctype html> <html ng-app="kubernetesDashboard"> <head> <meta charset="utf-8"> <title>Kubernetes Dashboard</title> <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png"> <meta name="viewport" content="width=device-width"> <link rel="stylesheet" href="static/vendor.36bb79bb.css"> <link rel="stylesheet" href="static/app.d2318302.css"> </head> <body> <!--[if lt IE 10]> <p class="browsehappy">You are using an <strong>outdated</strong> browser. Please <a href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</p> <![endif]--> <kd-chrome layout="column" layout-fill> </kd-chrome> <script src="static/vendor.633c6c7a.js"></script> <script src="api/appConfig.json"></script> <script src="static/app.9ed974b1.js"></script> </body> </html> According to the documentation the right access point is https://localhost/ui. So, I am trying it and receive a bit worrying result. Is it expected response?
ubuntu@master:~$ curl https://localhost/ui curl: (60) server certificate verification failed. CAfile: /etc/ssl/certs/ca-certificates.crt CRLfile: none More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. Trying the same without certificate validation. For curl it might be OK. but I have got the same in a browser, which is connecting though port forwarding via vagrant forwarded_port option.
ubuntu@master:~$ curl -k https://localhost/ui Unauthorized What I am doing wrong? and how to make sure I can access the UI? Currently it responds with Unauthorized.
The docs for the dashboard tell the password is in the configuration:
ubuntu@master:~$ kubectl config view apiVersion: v1 clusters: [] contexts: [] current-context: "" kind: Config preferences: {} users: [] but it seems I have got nothing... Is it expected behavior? How can I authorize with the UI?
448
Now you can remote access your Kubernetes Dashboard from your laptop using the following local URL via the kubectl proxy. Kubectl will make Dashboard available at: http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/ (opens new window).
From the Service type drop-down list, select Cluster IP. Click Expose. When your Service is ready, the Service details page opens, and you can see details about your Service. Under Cluster IP, make a note of the IP address that Kubernetes assigned to your Service.
Kubernetes Service ClusterIP — for access only within the Kubernetes cluster. NodePort — access using IP and port of the Kubernetes Node itself. LoadBalancer — an external load balancer (generally cloud provider specific) is used e.g. an Azure Load Balancer in AKS. ExternalName — maps a Service to an external DNS name.
The offical wiki is a little bit confusing so I reordered it here:
If you use the recommended yaml to deploy the dashboard, you should only access your dashboard by https, and you should generate your certs, refer to guide. Then you can run kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' to visit the dashboard on "http://localhost:8001/ui". This page needs to use a token to login. To generate it, refer to this page. Also you can add NodePort to your yaml and access it using <nodeip>:<port>.
If you deploy using the http alternative method, you can only access your dashboard by nodeip:port. Remember to add it to yaml first!! After deployment, you should also generate your token and add header Authorization: Bearer <token> for every request.
I think this can help you and others who want to use kube-dashboard.
85
You can reference the document:
https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md
The easy way is to
$ kubectl -n kube-system edit service kubernetes-dashboard
change the .spec.type to NodePort
31
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
