1

hi,guys,i got some issues when i'm going to running my kubernetes-dashboard.

the details of the issue is:

i cant access my dashboard in browser by using https://<master-ip>:<nodePort>(https://192.168.1.30:31382),even curl https://localhost:<nodePort> or https://127.0.0.1:<nodePort> is not work

this is the way how i run the kubernetes-dashboard:

  • kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

  • i selected the NodePort way to access dashboard,so i used this kubectl -n kubernetes-dashboard edit service kubernetes-dashboard to edit kubernetes-dashboard service,and the result is like this:


    apiVersion: v1
    kind: Service
    metadata:
      annotations:
        kubectl.kubernetes.io/last-applied-configuration: |
          {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
      creationTimestamp: "2023-03-01T14:42:22Z"
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard
      namespace: kubernetes-dashboard
      resourceVersion: "1367375"
      uid: 259dm378-2385-2kd1-accd-5bdef3k7ae21
    spec:
      clusterIP: 10.96.100.8
      clusterIPs:
     - 10.96.100.8
      externalTrafficPolicy: Cluster
      ports:
     - nodePort: 31382
        port: 443
        protocol: TCP
        targetPort: 8443
      selector:
        k8s-app: kubernetes-dashboard
      sessionAffinity: None
      type: NodePort
    status:
      loadBalancer: {}
  • and i use kubectl -n kubernetes-dashboard get service kubernetes-dashboard to see the output of the service,the result is:

    [bro@master ~]# kubectl -n kubernetes-dashboard get service kubernetes-dashboard
    NAME                   TYPE       CLUSTER-IP    EXTERNAL-IP   PORT(S)         AGE
    kubernetes-dashboard   NodePort   10.96.100.8   <none>        443:31382/TCP   7h54m
  • by the way,this is my firewall port config:

    [bro@master ~]# firewall-cmd --zone=public --list-ports
    6443/tcp 30000-32767/tcp
  • the port listen:

    [bro@master ~]# lsof -i tcp:31382
    COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    kube-prox 3319 bro   10u  IPv4  42319      0t0  TCP *:31382(LISTEN)
  • kubernetes-dashboard iptables:

   -A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000
   A KUBE-NODEPORTS -p tcp -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -m tcp --dport 31382 -j KUBE-MARK-MASQ
   -A KUBE-NODEPORTS -p tcp -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -m tcp --dport 31382 -j KUBE-SVC-CEZPIJSAUFW5MYPQ
   -A KUBE-SVC-CEZPIJSAUFW5MYPQ -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -j KUBE-SEP-2F76EV4OYNQ56EH2
   -A KUBE-SEP-2F76EV4OYNQ56EH2 -s 10.244.1.8/32 -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -j KUBE-MARK-MASQ
   -A KUBE-SEP-2F76EV4OYNQ56EH2 -p tcp -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -m tcp -j DNAT --to-destination 10.244.1.8:8443
  • and this is my kubernetes-dashboard pod details:

   [bro@master ~]# kubectl describe -n kubernetes-dashboard po kubernetes-dashboard-785c75749d-n9tm6
   Name:         kubernetes-dashboard-785c75749d-n9tm6
   Namespace:    kubernetes-dashboard
   Priority:     0
   Node:         node01/192.168.1.30
   Start Time:   Wed, 01 Mar 2023 22:42:22 +0800
   Labels:       k8s-app=kubernetes-dashboard
                 pod-template-hash=785c75749d
   Annotations:  seccomp.security.alpha.kubernetes.io/pod: runtime/default
   Status:       Running
   IP:           10.244.1.6
   IPs:
     IP:           10.244.1.6
   Controlled By:  ReplicaSet/kubernetes-dashboard-785c75749d
   Containers:
     kubernetes-dashboard:
       Container ID:  docker://3PBcXqWdT3aQEeH6yZeF9PpG84sjcreJqKcWV3aB8qLehDYokRoOhJ9bCQu3DQaG
       Image:         kubernetesui/dashboard:v2.7.0
       Image ID:      docker-pullable://kubernetesui/dashboard@sha256:2t7xDNEDPq2B9xcGks5i11Ss2a2t9n229pfGcwmYQul71XvPXd4aqIJ8bS2Y4xP4
       Port:          8443/TCP
       Host Port:     0/TCP
       Args:
         --auto-generate-certificates
         --namespace=kubernetes-dashboard
       State:          Running
         Started:      Wed, 01 Mar 2023 22:44:49 +0800
       Ready:          True
       Restart Count:  0
       Liveness:       http-get https://:8443/ delay=30s timeout=30s period=10s #success=1 #failure=3
       Environment:    <none>
       Mounts:
         /certs from kubernetes-dashboard-certs (rw)
         /tmp from tmp-volume (rw)
         /var/run/secrets/kubernetes.io/serviceaccount from kubernetes-dashboard-token-kzb94 (ro)
   Conditions:
     Type              Status
     Initialized       True 
     Ready             True 
     ContainersReady   True 
     PodScheduled      True 
   Volumes:
     kubernetes-dashboard-certs:
       Type:        Secret (a volume populated by a Secret)
       SecretName:  kubernetes-dashboard-certs
       Optional:    false
     tmp-volume:
       Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
       Medium:     
       SizeLimit:  <unset>
     kubernetes-dashboard-token-kzb94:
       Type:        Secret (a volume populated by a Secret)
       SecretName:  kubernetes-dashboard-token-kzb94    
       Optional:    false
   QoS Class:       BestEffort
   Node-Selectors:  kubernetes.io/os=linux
   Tolerations:     node-role.kubernetes.io/master:NoSchedule
                    node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                    node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
   Events:          <none>

PS:Thank you all for your help,wish u all have a nice day

BugKiller
  • 94
  • 1
  • 10
  • Find out the IP of the node on which Dashboard is running to access it. Instead of accessing https://: you should access **https://:**. – Veera Nagireddy Mar 02 '23 at 09:46
  • Hi,Veera,thank u for ur answer, my master-ip=node-ip,I used to run these commands on master node,so their r same thing – BugKiller Mar 03 '23 at 06:08

1 Answers1

0

Because you have 443 so try https://localhost:443 or Use https://<IPOfVM>:443 You will see an SSL error and go advance and proceed with risk. Using Firefox as chrome sometimes does not proceed insecurely.

master-k8s:~/postgres-operator-examples-3$ kubectl get pods -owide -n kubernetes-dashboard
NAME                                        READY   STATUS    RESTARTS       AGE   IP            NODE                       NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-7bc864c59-rzzdx   1/1     Running   0              18h   10.244.3.88   node3k8s   <none>           <none>
kubernetes-dashboard-6ff574dd47-wnd4b       1/1     Running   4 (4h1m ago)   18h   10.244.3.87   node3k8s   <none>           <none>
tauqeerahmad24
  • 358
  • 8
  • hi,bro,thank u for ur answer,i know what u mean,but i'm pretty sure it's not the issue you're talking about ,i think u need to know whats the NodePort mean to kubernetes-dashboard pod,u can check out [this](https://github.com/kubernetes/dashboard/blob/master/docs/user/accessing-dashboard/README.md) – BugKiller Mar 02 '23 at 09:01
  • I also had the same issue, I tried the exposed node port and also the load balancer and I didn't manage to access the dashboard then I try with 443 instead of the node port I access the dashboard. I know it should use the node port or load balancer but not sure why it is accessible with 443 in my case. Make sure you https: – tauqeerahmad24 Mar 02 '23 at 09:55
  • I use port 443 instead of NodePort, of course https, but the connection is still timeout,I personally think that it must be because of some problems between kubernetes-dashboard and iptables that my linux system cannot contact kubernetes-dashboard, because I can access port 6443 of the api-server, but I have investigated for a long time, and I did not see the wrong log – BugKiller Mar 03 '23 at 06:16
  • If you have a master and worker node setup then there is a chance that the dashboard pod is running on a worker node. Run "kubectl get pods -owide -n " It will show you on which worker node dashboard is running. Then use the IP of that worker node with port-no. – tauqeerahmad24 Mar 03 '23 at 08:35
  • I have updated the Answer as an Example in my case the kubernetes-dashboard was running on node 3 and I used the node3 IP with port no to access it. – tauqeerahmad24 Mar 03 '23 at 08:37
  • Another, fix you can try is as follows delete the service and redeploy the dashboard as you did in the first place. Now you will have a dashboard with ClusterIp . Now the patch is with this command. kubectl patch service kubernetes-dashboard -n kube-system -p '{"spec": {"type": "NodePort"}}' – tauqeerahmad24 Mar 03 '23 at 08:46
  • make sure you used the correct namespace fro patch. It should work – tauqeerahmad24 Mar 03 '23 at 08:47