Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

unable to access kubernetes dashboard via token

  1. I have setup a kubernetes using kubeadm v1.8.5
  2. Setup a dashboard using:
wget https://raw.githubusercontent.com/kubernetes/dashboard/v1.8.0/src/deploy/recommended/kubernetes-dashboard.yaml`

kubectl create -f kubernetes-dashboard.yaml

kubectl create -f kubernetes-dashboard-admin.rbac.yaml
  1. Then setup kubectl proxy, using http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ as recommended.

  2. When I am trying to login using kubernetes-dashboard-admin token. Token was received by using the command:

    kubectl -n kube-system get secret | grep -i dashboard-admin | awk '{print $1}' | xargs -I {} 
    kubectl -n kube-system describe secret {}

Here comes my problem: I CANT access the dashboard via token, when I paste the token and click "Signin" botton, nothing happened. And I get nothing in my log[using tail -f /var/log/messages and journalctl -xeu kubelet]. I am a newbee on k8s, maybe someone could tell me where the log is?
enter image description here

Here are my k8s cluster-info:

[root@k8s-1 pki]# kubectl cluster-info

Kubernetes master is running at https://172.16.1.15:6443
KubeDNS is running at https://172.16.1.15:6443/api/v1/namespaces/kube-system/services/kube-dns/proxy
kubernetes-dashboard is running at https://172.16.1.15:6443/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

[root@k8s-1 pki]# kubectl get nodes

NAME      STATUS    ROLES     AGE       VERSION
k8s-1     Ready     master    4d        v1.8.5
k8s-2     Ready     <none>    4d        v1.8.5
k8s-3     Ready     <none>    4d        v1.8.5

[root@k8s-1 pki]# kubectl get pods --all-namespaces

NAMESPACE     NAME                                    READY     STATUS    RESTARTS   AGE
kube-system   etcd-k8s-1                              1/1       Running   2          4d
kube-system   kube-apiserver-k8s-1                    1/1       Running   2          4d
kube-system   kube-controller-manager-k8s-1           1/1       Running   1          4d
kube-system   kube-dns-545bc4bfd4-94vxx               3/3       Running   3          4d
kube-system   kube-flannel-ds-97frd                   1/1       Running   2          4d
kube-system   kube-flannel-ds-bl9tp                   1/1       Running   2          4d
kube-system   kube-flannel-ds-bn9hp                   1/1       Running   1          4d
kube-system   kube-proxy-9ncdm                        1/1       Running   0          4d
kube-system   kube-proxy-qjm9k                        1/1       Running   1          4d
kube-system   kube-proxy-rknz4                        1/1       Running   0          4d
kube-system   kube-scheduler-k8s-1                    1/1       Running   2          4d
kube-system   kubernetes-dashboard-7486b894c6-tszq9   1/1       Running   0          2h

The kubernetes-dashboard-admin-rbac.yaml is:

[root@k8s-1 dashboards]# cat kubernetes-dashboard-admin.rbac.yaml

---
apiVersion: v1
kind: ServiceAccount
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: Reconcile
  name: kubernetes-dashboard-admin
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard-admin
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard-admin
  namespace: kube-system

Any suggestions? Thank you!!!

like image 833
zhwlx22 Avatar asked Jan 03 '18 06:01

zhwlx22


2 Answers

Try connect with https, I have same problem, and this works for me

Kubernetes Manual:

NOTE: Dashboard should not be exposed publicly using kubectl proxy command as it only allows HTTP connection. For domains other than localhost and 127.0.0.1 it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page. Logging in is only available when accessing Dashboard over HTTPS or when domain is either localhost or 127.0.0.1. It's done this way for security reasons. Closing as this works as intended.

like image 104
Jorge Fernández Jeronimo Avatar answered Sep 19 '22 11:09

Jorge Fernández Jeronimo


Try This token (output):

 kubectl -n kube-system get secret |grep  kubernetes-dashboard-token |cut -f1 -d ' ' |  xargs kubectl -n kube-system describe  secret

if doesn't work try/test login with this token (output) :

kubectl -n kube-system get secret |grep  namespace-controller-token  |cut -f1 -d ' ' |  xargs kubectl -n kube-system describe  secret

Good luck..

like image 33
EngSabry Avatar answered Sep 19 '22 11:09

EngSabry