External access to the kubernetes dashboard (or any other app) that is on a physical cluster using microk8s

Question

I am attempting to access the dashboard from my laptop on the LAN The Cluster is on three Raspberry PIs

kubectl describe service/kubernetes-dashboard -n kube-system produces the following

Name:              kubernetes-dashboard
Namespace:         kube-system
Labels:            k8s-app=kubernetes-dashboard
Annotations:       <none>
Selector:          k8s-app=kubernetes-dashboard
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.152.183.160
IPs:               10.152.183.160
Port:              <unset>  443/TCP
TargetPort:        8443/TCP
Endpoints:         10.1.198.41:8443
Session Affinity:  None
Events:            <none>

A curl of the endpoint on one of the nodes within the cluster looks good to me curl -k https://10.1.198.41:8443

<!--
Copyright 2017 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
--><!DOCTYPE html><html lang="en"><head>
  <meta charset="utf-8">
  <title>Kubernetes Dashboard</title>
  <link rel="icon" type="image/png" href="assets/images/kubernetes-logo.png">
  <meta name="viewport" content="width=device-width">
<style>body,html{height:100%;margin:0;}</style><link rel="stylesheet" href="styles.f9bbd5eb0077d960d63c.css" media="print" onload="this.media='all'"><noscript><link rel="stylesheet" href="styles.f9bbd5eb0077d960d63c.css"></noscript></head>

<body>
  <kd-root></kd-root>
<script src="runtime.e846c76834b4e837863d.js" defer></script><script src="polyfills.35fb40cb94e43d6de47e.js" defer></script><script src="scripts.72d8a72221658f3278d3.js" defer></script><script src="en.main.68d8f8ee9c48a786784c.js" defer></script>


</body></html>

keith@pi4-kube-1:~ $ microk8s status
microk8s is running
high-availability: yes
  datastore master nodes: 192.168.0.201:19001 192.168.0.202:19001 192.168.0.203:19001
  datastore standby nodes: none
addons:
  enabled:
    dashboard            # The Kubernetes dashboard
    dashboard-ingress    # Ingress definition for Kubernetes dashboard
    dns                  # CoreDNS
    ha-cluster           # Configure high availability on the current node
    helm3                # Helm 3 - Kubernetes package manager
    ingress              # Ingress controller for external access
    metrics-server       # K8s Metrics Server for API access to service metrics
    prometheus           # Prometheus operator for monitoring and logging
  disabled:
    helm                 # Helm 2 - the package manager for Kubernetes
    host-access          # Allow Pods connecting to Host services smoothly
    linkerd              # Linkerd is a service mesh for Kubernetes and other frameworks
    metallb              # Loadbalancer for your Kubernetes cluster
    openebs              # OpenEBS is the open-source storage solution for Kubernetes
    portainer            # Portainer UI for your Kubernetes cluster
    rbac                 # Role-Based Access Control for authorisation
    registry             # Private image registry exposed on localhost:32000
    storage              # Storage class; allocates storage from host directory
    traefik              # traefik Ingress controller for external access

What is the correct approach to getting a browser on the LAN to interact with this endpoint?

My thoughts so far have been

I need some way to route from my LAN 192.168.0.0/24 network to the network 10.1.198.41 is on, and I would need a gateway address from LAN to the Cluster network.

Or provide an external VIP for the cluster on the 192.168.0.x network. The nodes are on 192.168.0.201-203, so perhaps something like 192.168.0.205

I also will investigate metallb to see if this will provide what I need, but some direction from you lovely people would be appreciated.

I appreciate any help you can provide.

patched the service with an external IP

From within the Cluster, all looks good.

kubectl describe service/kubernetes-dashboard -n kube-system
Name:              kubernetes-dashboard
Namespace:         kube-system
Labels:            k8s-app=kubernetes-dashboard
Annotations:       <none>
Selector:          k8s-app=kubernetes-dashboard
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.152.183.160
IPs:               10.152.183.160
External IPs:      192.168.0.220
Port:              <unset>  443/TCP
TargetPort:        8443/TCP
Endpoints:         10.1.197.158:8443
Session Affinity:  None
Events:            <none>

keith@pi4-kube-1:~ $ kubectl apply -f dashboard-ingress.yaml
service/ingress configured
keith@pi4-kube-1:~ $ curl -k https://192.168.0.220:443
<!--
Copyright 2017 The Kubernetes Authors.

Licensed under the Apache License, Version 2.0 (the "License");
<snip>

However, externally on the LAN, nada.

keith@pi1-b:~ $ curl -k https://192.168.0.220:443
curl: (7) Failed to connect to 192.168.0.220 port 443: No route to host
keith@pi1-b:~ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.0.204  netmask 255.255.255.0  broadcast 192.168.0.255

Another attempt with load balancing I added LoadBalancing and removed the above patch.

keith@pi4-kube-1:~ $ cat dashboard-ingress.yaml
apiVersion: v1
kind: Service
metadata:
  name: ingress
  namespace: kube-system
spec:
  selector:
    name: dashboard-ingress-microk8s
  type: LoadBalancer
  # loadBalancerIP is optional. MetalLB will automatically allocate an IP
  # from its pool if not specified. You can also specify one manually.
  loadBalancerIP: 192.168.0.221
  ports:
    - name: https
      protocol: TCP
      port: 443
      targetPort: 8443

keith@pi4-kube-1:~ $ curl -k https://192.168.0.221
curl: (7) Failed to connect to 192.168.0.221 port 443: No route to host
keith@pi4-kube-1:~ $ kubectl get service/ingress --all-namespaces
error: a resource cannot be retrieved by name across all namespaces
keith@pi4-kube-1:~ $ kubectl get service/ingress -n kube-system
NAME      TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)                      AGE
ingress   LoadBalancer   10.152.183.145   <pending>     80:32543/TCP,443:30422/TCP   4d3h

keith@pi4-kube-1:~ $ kubectl describe service/ingress -n kube-system
Name:                     ingress
Namespace:                kube-system
Labels:                   <none>
Annotations:              <none>
Selector:                 name=dashboard-ingress-microk8s
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.152.183.145
IPs:                      10.152.183.145
IP:                       192.168.0.221
Port:                     https  443/TCP
TargetPort:               8443/TCP
NodePort:                 https  30422/TCP
Endpoints:                <none>
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none

External access to the kubernetes dashboard (or any other app) that is on a physical cluster using microk8s

0 Answers0