How to access the canonical kubernetes dashboard from external network/IP? Is there a way to expose dashboard services externally rather accessing from the localhost browser where the canonical k8s cluster node?
Asked
Active
Viewed 5,898 times
1
-
Possible duplicate of [How to access/expose kubernetes-dashboard service outside of a cluster?](https://stackoverflow.com/questions/39864385/how-to-access-expose-kubernetes-dashboard-service-outside-of-a-cluster) – Jose Armesto Jan 16 '18 at 17:17
2 Answers
5
The documentation has a guide on how to do it.
Using kubectl proxy
kubectl proxy creates proxy server between your machine and Kubernetes API server. By default it is only accessible locally (from the machine that started it).
Start local proxy server:
$ kubectl proxy
Starting to serve on 127.0.0.1:8001
Once proxy server is started you should be able to access Dashboard from your browser.
To access HTTPS endpoint of dashboard go to: http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
NOTE: Dashboard should not be exposed publicly using kubectl proxy command as it only allows HTTP connection. For domains other than localhost and 127.0.0.1 it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.
Using NodePort
This way of accessing Dashboard is only recommended for development environments in a single node setup.
Edit kubernetes-dashboard service.
$ kubectl -n kube-system edit service kubernetes-dashboard
You should see yaml representation of the service. Change type: ClusterIP to type: NodePort and save file. If it's already changed go to next step.
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
...
name: kubernetes-dashboard
namespace: kube-system
resourceVersion: "343478"
selfLink: /api/v1/namespaces/kube-system/services/kubernetes-dashboard-head
uid: 8e48f478-993d-11e7-87e0-901b0e532516
spec:
clusterIP: 10.100.124.90
externalTrafficPolicy: Cluster
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
Next we need to check port on which Dashboard was exposed.
$ kubectl -n kube-system get service kubernetes-dashboard
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard 10.100.124.90 <nodes> 443:31707/TCP 21h
Dashboard has been exposed on port 31707 (HTTPS). Now you can access it from your browser at: https://<master-ip>:31707. master-ip can be found by executing kubectl cluster-info. Usually it is either 127.0.0.1 or IP of your machine, assuming that your cluster is running directly on the machine, on which these commands are executed.
In case you are trying to expose Dashboard using NodePort on a multi-node cluster, then you have to find out IP of the node on which Dashboard is running to access it. Instead of accessing https://<master-ip>:<nodePort> you should access https://<node-ip>:<nodePort>.
API Server
In case Kubernetes API server is exposed and accessible from outside you can directly access dashboard at: https://<master-ip>:<apiserver-port>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
Ingress
Dashboard can be also exposed using Ingress resource. For example
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kubernetes-dashboard-ingress
namespace: kube-system
spec:
rules:
— host: kubernetes
http:
paths:
— path: /ui
backend:
serviceName: kubernetes-dashboard
servicePort: 80
Community
- 1
- 1
Jose Armesto
- 12,794
- 8
- 51
- 56
-
Thank you so much for your valuable information. But how to expose dashboard using ingress controller, I am new to this platform and i am not sure how to achieve this. Any steps that we need to follow, like as creating ingress controller and exposing dashboard services externally.... – suboss87 Jan 17 '18 at 10:19
-
1You need an Ingress rule similar to the one I wrote in the answer. Then, you need an Ingress controller that knows what to do with those Ingress rules, like the nginx ingress controller https://github.com/kubernetes/ingress-nginx. This blog post explains how to deploy it and use it https://medium.com/@gokulc/setting-up-nginx-ingress-on-kubernetes-2b733d8d2f45 – Jose Armesto Jan 17 '18 at 10:22
-
So using NodePort option, I don't why the External-IP is showing **
** even after changing the NodePort in dash-board services. ` NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes-dashboard NodePort 10.152.183.245 ** – suboss87 Jan 17 '18 at 13:42** 443:31771/TCP 1d` -
When using `NodePort` , you just need to access the public IP of any of the nodes in the cluster and the port, like `node_public_ip:31771` – Jose Armesto Jan 17 '18 at 14:08
1
There are (at least) 2 ways of accessing the dashboard from the outside world:
1) running kubectl proxy in your development machine and visiting the address: http://localhost:8001/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy/#!/pod?namespace=default
2) expose your dashboard service as you would do for any other service in your cluster, using a LoadBalancer, IngressController, NodePort or wathever other method.
whites11
- 12,008
- 3
- 36
- 53
-
Unlike other services, I'm not able to hit the Dashboard after changing it to type LoadBalancer on port 443. Is there more to the URL? Could you elaborate on this method please? – TJ Zimmerman Mar 11 '19 at 01:19
-
If you want to use a load balancer you need to be on a supported cloud provider, such as AWS or GCE. Are you in this situation? – whites11 Mar 11 '19 at 06:58
-
I use MetalLB on bare metal. So yes. I also use a Load Balancer for many other services successfully. I suspect it has to do with the RBAC policies that ship with the Dashboard. – TJ Zimmerman Mar 11 '19 at 17:26
-
-
Here is the output you requested as well as some other relevant output: https://i.imgur.com/tNdLoT6.png – TJ Zimmerman Mar 11 '19 at 19:29