3

I configured kubernetes cluster with one master and 4 worker nodes using KUBEADM tool IN LOCAL. All nodes are running fine. deployed an app and able access that app from browser. I have tried many ways to create a dashboard using kubectl but i am failed.

TRY1: tried directly with the below command:

$ sudo kubectl proxy --address="172.20.22.101" -p 8001

tried to access the dashboard using the url http://172.20.22.101:8001/api/v1, but it is saying unauthorized.

TRY2: created dashboard-admin.yaml file with the below content:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
   name: kubernetes-dashboard
   labels:
     k8s-app: kubernetes-dashboard
roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: cluster-admin
subjects:
-  kind: ServiceAccount
   name: kubernetes-dashboard
   namespace: kube-system

And run the below command:

$ kubectl create -f dashboard-admin.yaml

It's shown me: clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard created.

Running the below command: 

$ sudo kubectl proxy --address="172.20.22.101" -p 443

its running fine. I am accessing the http://172.20.22.101:443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ URL from browser. it's showing same unauthorized error.

Shudipta Sharma
  • 5,178
  • 3
  • 19
  • 33
samba
  • 869
  • 4
  • 12
  • 20
  • I am following the steps to install dashboard in this : https://www.assistanz.com/steps-to-install-kubernetes-dashboard/. When i try to access the site using the url: http://172.20.22.101:443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/. it's showing connection refused. I observed the output in the nohup.out, it's showing the below error:I1203 12:28:05.880828 15591 log.go:172] http: proxy error: dial tcp [::1]:8080: connect: connection refused – samba Dec 03 '18 at 07:19

1 Answers1

2

run kubectl proxy command with --accept-hosts option 

 kubectl proxy --address="172.20.22.101" -p 8001  --accept-hosts="^*$"

and it will work fine.

Note: this is not recommended for production grade kubernetes clusters, since you're accessing the dashboard through plain http.

More secure alternative is to run access the dashboard through ssh tunnel like this.

in one terminal run:

kubectl proxy

in another terminal run a ssh tunnel to localhost:8001 (the default kubernetes dashboard port)

ssh -NT -l SSH_USER -p SSH_PORT K8S_CONTROLLER_IP_ADDR -L 8001:localhost:8001
Thomas Urban
  • 4,649
  • 26
  • 32
Mohamed Ali
  • 176
  • 3
  • I've edited my answer, you've to allow traffic to reach the kubernetes dashboard from specific sources using --accept-hosts option – Mohamed Ali Nov 28 '18 at 15:16
  • i have executed kubectl proxy and done ssh from other terminal. when i do ssh. It's showing nothing. – samba Nov 29 '18 at 06:59
  • I am executed kubectl proxy --address="172.20.22.101" -p 8001 --accept-hosts="^*$". And trying to access the URL: http://172.20.22.101:8001/api/v1/namespaces/kube-system/services/ . it's showing a json response not the dashboard. Could you please tell me the url to get the dashboard – samba Nov 29 '18 at 07:01
  • In case of ssh tunnel, the command will hold the tunnel open, and will output nothing, to access the dashboard use this url: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ and in case of using --accept-hosts options, you can use this url to access the dashboard: http://172.20.22.101:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ – Mohamed Ali Nov 30 '18 at 07:33
  • { "kind": "Status", "apiVersion": "v1", "metadata": { }, "status": "Failure", "message": "no endpoints available for service \"http:kubernetes-dashboard:\"", "reason": "ServiceUnavailable", "code": 503 } – samba Nov 30 '18 at 10:51
  • kubernetes-dashboard service running on 443 port. NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes ClusterIP 10.96.0.1 443/TCP 3d2h default wms1 NodePort 10.101.136.116 8000:32261/TCP 4m31s kube-system kube-dns ClusterIP 10.96.0.10 53/UDP,53/TCP 3d2h kube-system kubernetes-dashboard ClusterIP 10.100.217.222 443/TCP 3m3 – samba Nov 30 '18 at 10:53
  • Check this issue: https://github.com/kubernetes/dashboard/issues/2406 it seems that describe the same issue you've, and it recommends reading [Installation and Access Control guides on wiki pages](https://github.com/kubernetes/dashboard/wiki/Installation) – Mohamed Ali Nov 30 '18 at 11:20
  • I am following the steps to install dashboard in this : assistanz.com/steps-to-install-kubernetes-dashboard. When i try to access the site using the url: 172.20.22.101:443/api/v1/namespaces/kube-system/services/…. it's showing connection refused. I observed the output in the nohup.out, it's showing the below error:I1203 12:28:05.880828 15591 log.go:172] http: proxy error: dial tcp [::1]:8080: connect: connection refused – – samba Dec 03 '18 at 07:23