3

I have created a fresh kubernetes cluster on VirtualBox. I have one master node and two worker nodes. I want to use the dashboard but I get error. When I run kubectl proxy the master start listening on port 8001:

Starting to serve on 127.0.0.1:8001

and then I create a SSH tunnel on my host:

ssh user@10.10.10.50 -N -L 8001:127.0.0.1:8001

but when I type localhost:8001/ui on the browser I get this:

{
  "paths": [
    "/apis",
    "/apis/",
    "/apis/apiextensions.k8s.io",
    "/apis/apiextensions.k8s.io/v1beta1",
    "/healthz",
    "/healthz/etcd",
    "/healthz/ping",
    "/healthz/poststarthook/generic-apiserver-start-informers",
    "/healthz/poststarthook/start-apiextensions-controllers",
    "/healthz/poststarthook/start-apiextensions-informers",
    "/metrics",
    "/openapi/v2",
    "/swagger-2.0.0.json",
    "/swagger-2.0.0.pb-v1",
    "/swagger-2.0.0.pb-v1.gz",
    "/swagger.json",
    "/swaggerapi",
    "/version"
  ]
}

And if I want to get into the dashboard through api directly :

https://10.10.10.50:6443/api/v1/namespaces/kube-system/services

I get this error:

{
  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "services is forbidden: User \"system:anonymous\" cannot list services in the namespace \"kube-system\"",
  "reason": "Forbidden",
  "details": {
    "kind": "services"
  },
  "code": 403
}

I know this is related to authentication but I don't know how should I define username/password on my cluster or share keys among master nodes and my host. Or how should I use the keys inside .kube/config file.

Sinai
  • 620
  • 1
  • 14
  • 36
  • you need to generate certificate please refer to doc - https://jhooq.com/message-services-https-kubernetes-dashboard-is-forbidden-user/ – Rahul Wagh Jun 30 '20 at 19:28

1 Answers1

3

I want to use the dashboard but I get error.

According to the excerpts from the dashboard documentation, after successful default installation of the dashboard (the default Dashboard deployment contains a minimal set of RBAC privileges needed to run):

  • To access Dashboard from your local workstation you must create a secure channel to your Kubernetes cluster. Run the following command:

    kubectl proxy

  • Now access Dashboard at:

    http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

No need to make tunnel, or any other change. So far default installation of dashboard always worked like a charm, if you have anything configured separately then there might be some issue...

Const
  • 6,237
  • 3
  • 22
  • 27
  • I have run kuberenetes cluster on VMs with Ubuntu server 16.04. The VMs have no GUI so I have to do tunneling if I want to see the dashboard on my host (tunneling is not a problem at the moment). I think the problem is that when I check the kube-system containers `kubectl get pods --all-namespaces` I get error `ErrImagePull` for comtainer `kubernetes-dashboard-767dc7d4d-x2gbh`. and I can not get more info about it just like normal pods! – Sinai Aug 25 '18 at 06:33
  • `kubectl describe pod kubernetes-dashboard-767dc7d4d-x2gbh` shows `Error from server (NotFound): pods "kubernetes-dashboard-767dc7d4d-x2gbh" not found` – Sinai Aug 25 '18 at 06:36
  • For the first comment, no you don't need, that's why you proxy to it. We use bare metal cloud instances and to see dashboard we use proxy to local laptop in the sam manner. As for second comment: you don't have dashboard installed. ErrImagePull indicates that. Can you review your dashboard installation? – Const Aug 25 '18 at 08:39
  • I recreated the dashboard pod. It is now `running`. If I use `kubectl proxy` on master node and paste `http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/` on my browser I get `This site can't be reached`. and If I use tunnling I get this error: `{ "kind": "Status", "apiVersion": "v1", "metadata": { }, "status": "Failure", "message": "no endpoints available for service \"https:kubernetes-dashboard:\"", "reason": "ServiceUnavailable", "code": 503 }` – Sinai Aug 25 '18 at 15:25
  • 1
    You should use kubectl proxy on your host where your browser resides not on your master node. – Const Aug 25 '18 at 21:47
  • I copied the cluster configuration file from master to my local and execute proxy by `kubectl --kubeconfig ../.kube/config proxy` . But in browser I get the error `{ "kind": "Status", "apiVersion": "v1", "metadata": { }, "status": "Failure", "message": "no endpoints available for service \"https:kubernetes-dashboard:\"", "reason": "ServiceUnavailable", "code": 503 }` – Sinai Aug 26 '18 at 05:49
  • Can you confirm that kubectl --kubeconfig ../.kube/config get pods is working properly and that dashboard pod is up and running? – Const Aug 26 '18 at 07:32
  • Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/178780/discussion-between-sinai-and-const). – Sinai Aug 26 '18 at 07:34
  • For me, removing the https to http in the url (https:kubernetes-dashboard) worked for me. url: http://localhost:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/ – intechops6 Jul 23 '19 at 21:50