0

I finally managed to resolve my question related to how to add more nodes in the CAs of the Master nodes (How to add extra nodes to the certificate-authority-data from a self signed k8s cluster?).

Now the problem that I am facing is I want to use kubeconfig file e.g. ~/.kube/config to access the Dashboard.

I managed to figured it out by having the following syntax:

$ kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://IP:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED
    token: REDACTED

The problem that I am having is that I need to use the IP of one of the Master nodes in order to be able to reach the Dashboard. I would like to be able to use the LB IP to reach the Dashboard.

I assume this is related to the same problem that I had before as I can see from the file that the CAs are autogenerated.

args:
  - --auto-generate-certificates
  - etc etc
  .
  .
  .

Apart from creating the CAs on your self in order to use them is there any option to pass e.g. IP1 / IP2 etc etc in a flag within the file?

Update: I am deploying the Dashboard through the recommended way kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml (Deploying the Dashboard UI). The deployment is on prem but I have configured the cluster with an external loadbalancer (HAProxy) towards the Api and also Ingress and also type: LoadBalancer on Ingress. Everything seems to working as expected apart from the Dashboard UI (through LB IP). I am also using authentication mode authorization-mode: Node,RBAC on the kubeconfig file (if relevant).

I am access the Dashboard through Inress HTTPS e.g. https://dashboard.example.com.

I get the error Not enough data to create auth info structure. Found the token: xxx solution from this question Kubernetes Dashboard access using config file Not enough data to create auth info structure..

If I switch the LB IP with the Master nodes then I can access the UI with the kubeconfig file.

I just updated now to the latest version of the dashboard v2.0.5 is not working with the kubeconfig button / file but it works with the token directly kubernetes/Dashoboard-v2.0.5. With the previous version everything works as described above. No error logs in the pod logs.

Thanos
  • 1,618
  • 4
  • 28
  • 49
  • I need more information: are you running in cloud? do you already have a LB? what is the problem when connecting through LB? do you see any errors? How did you install the dashboard? Do you have any yaml files to show? – Matt Dec 09 '20 at 12:44
  • Hello @Matt, find the information that you asked me on the update section of my question. Thank you in advance for your time and effort. – Thanos Dec 09 '20 at 13:21
  • What is your k8s version? Release explicitly mentiones that Dashboard v2.0.5 will work with k8s v1.19 and does not guarantee that it will work with older versions. Can this be the issue? – Matt Dec 09 '20 at 13:33
  • @Matt, I am running with the latest version 1.19.4 so I do not think so but you never know :). It works with v2.0.4 but as I mentioned I need to replace the LB to Master node IP. I assume that this is related to the CAs. – Thanos Dec 09 '20 at 13:50
  • Have you tried HAProxy with SSL Pass-Through? – Matt Dec 09 '20 at 13:58
  • @Matt, yes I can access the Dashboard frond end and sign in using the token but not able using the kubeconfig file. – Thanos Dec 09 '20 at 14:17

0 Answers0