Attempting to access Kubernetes Dashboard routes to corporate proxy error page

Question

I've been following this guide for starting kubernetes with kubeadm. I've completed that and now have a single machine cluster running on a Centos7 VM. I installed a pod network (Weave Net) and I have also installed the Kubernetes Dashboard. Next, I run kubectl proxy and it responds with Starting to serve on 127.0.0.1:8001.

However, whenever I try to access the dashboard using localhost:8001/ui or 127.0.0.1:8001/ui I am redirected to an error page linked to my corporate proxy notifying me of a gateway timeout when trying to reach http://10.32.0.4/.

Now, I figured there was some configuration in which 10.32.0.4 wasn't included in some exception, so I began adding it to env in no_proxy and NO_PROXY, I specified it in the actual proxy settings in the GUI, I've made sure docker is setup such that it has the same exception. I have even (to my best knowledge) completely removed any trace of proxy settings in the hope that it would not try to go through the corporate proxy to reach what should be an internal address. Additional info:

[root@localhost ~]# kubectl get nodes
NAME                    STATUS    AGE       VERSION
localhost.localdomain   Ready     22h       v1.6.4

[root@localhost ~]# kubectl get pods --namespace=kube-system
NAME                                            READY     STATUS    RESTARTS   AGE
etcd-localhost.localdomain                      1/1       Running   0          22h
kube-apiserver-localhost.localdomain            1/1       Running   0          22h
kube-controller-manager-localhost.localdomain   1/1       Running   0          22h
kube-dns-3913472980-8zm51                       3/3       Running   0          22h
kube-proxy-3wslb                                1/1       Running   0          22h
kube-scheduler-localhost.localdomain            1/1       Running   0          22h
kubernetes-dashboard-2039414953-79zbr           1/1       Running   0          22h
weave-net-z6kml                                 2/2       Running   0          22h

[root@localhost ~]# kubectl describe svc kubernetes-dashboard --namespace=kube-system
Name:           kubernetes-dashboard
Namespace:      kube-system
Labels:         k8s-app=kubernetes-dashboard
Annotations:        <none>
Selector:       k8s-app=kubernetes-dashboard
Type:           ClusterIP
IP:         10.96.33.253
Port:           <unset> 80/TCP
Endpoints:      10.32.0.4:9090
Session Affinity:   None
Events:         <none>

[root@localhost ~]# kubectl get deployment kubernetes-dashboard --namespace=kube-system
NAME                   DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
kubernetes-dashboard   1         1         1            1           22h

[root@localhost ~]# kubectl --namespace=kube-system get ep kubernetes-dashboard
NAME                   ENDPOINTS        AGE
kubernetes-dashboard   10.32.0.4:9090   22h

[root@localhost ~]# kubectl cluster-info
Kubernetes master is running at https://192.168.181.130:6443
KubeDNS is running at https://192.168.181.130:6443/api/v1/proxy/namespaces/kube-system/services/kube-dns

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

[root@localhost ~]# kubectl get ns
NAME          STATUS    AGE
default       Active    22h
kube-public   Active    22h
kube-system   Active    22h

[root@localhost ~]# kubectl get ep
NAME         ENDPOINTS              AGE
kubernetes   192.168.181.130:6443   22h

I'm really not sure where to go from here. There's a lot of moving parts here, and I can't find a way to see what goes wrong when the redirect happens.

You should probably first try to figure out if the corporate proxy is jamming your comms. Start maybe by launching a VM on your own laptop, retrace your steps on that machine, knowing that all ports are open between that guest VM and your host. If the proxy works that way you would know the problem is somewhere in the communication with the remote machine. — Yaron Idan, Jun 01 '17 at 18:55

score 2 · Accepted Answer · answered Jun 02 '17 at 15:41

2

Proxy settings are copied by kubeadm on node creation and don't reflect changes performed after. You are supposed to update proxy settings in /etc/kubernetes/manifests/kube-apiserver.yaml

answered Jun 02 '17 at 15:41

qnox

1,471
10
8

1

That did it! I had no idea it set it's own variables initially! I have full access now after adding the relevant IP addresses into the no proxy variables. – jzeef Jun 02 '17 at 15:53
After I edit the proxy settings in /etc/kubernetes/manifests/kube-apiserver.yaml, I am unable to reach kubapiserver 192.168.33.10. from master. Eg. `kubectl get nodes` returns `The connection to the server 192.168.33.10:6443 was refused`. Even if I revert my changes in the kube-apiserver.yaml, I still get the same error. Any idea why? – samarjit samanta Dec 01 '17 at 02:53
I figured it out. Just had to do systemctl daemon-reload and systemctl restart kubelet. – samarjit samanta Dec 01 '17 at 03:09

Attempting to access Kubernetes Dashboard routes to corporate proxy error page

1 Answers1