K
Q

Get the Kubernetes Dashboard via LoadBalancer IP adress

4/23/2018

I installed Kubernetes HA using Kubeadm OS: Centos7 K8S Version : 1.9.6 6 VMs : 2 Masters, 3 workers and a LoadBanacer ( nginx )

I want to access the dashboard using the LoadBalancer Ip addess, how could i do this ? is there any tutorial for this ?

Thank you

-- kikas
kubernetes
kubernetes-dashboard

Similar Questions

Difference between targetPort and port in kubernetes Service definition
pg_dump in Docker container
How to add rule to migrate on node failure in k8s
using cloudsql proxy without credentials
Difference between docker labels and kubernetes labels?
Reference Values in Helm method
Kubernetes multi-container pod: how to get network traffic between pods ... 502 error?

1 Answer

4/30/2018

You cannot use the IP but you can create an Ingress file that will point to the path dashboard.example.com to your dashboard service. This approach is not Recommended because this open your dashboard to outside world. But use can use a Authentication Proxy to authenticate the user before letting him access to the dashboard. We have use GitHub Enterprise for that.

Here what you can do.

1: Deploy the dashboard using the recommended setup. link here. Doesn't matter if you dont give any certificates, it will auto generate.

2: Create a GitHub app

Go to https://github.com/settings/developers and create a new application. Homepage URL is the FQDN in the Ingress rule, like https://dashboard.example.com. The key thing to get right is the callback URL. Set that to https://dashboard.example.com/oauth2/callback.

3: Configure oauth2_proxy values in the file oauth2-proxy.yaml with the values:

OAUTH2_PROXY_CLIENT_ID with the github <Client ID>
OAUTH2_PROXY_CLIENT_SECRET with the github <Client Secret>
OAUTH2_PROXY_COOKIE_SECRET with value of python -c 'import os,base64; print base64.b64encode(os.urandom(16))'

If you are using GitHub Enterprise you need to add

spec:
  containers:
  - args:
    - --login-url=https://github.YOUR.ORG.URL/login/oauth/authorize
    - --redeem-url=https://github.YOUR.ORG.URL/login/oauth/access_token
    - --validate-url=https://github.YOUR.ORG.URL/api/v3

4: Modify the following Ingress with proper ULRs.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
    nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/sign_in
    nginx.ingress.kubernetes.io/secure-backends: "true"
    kubernetes.io/ingress.class: nginx
  name: external-auth-oauth2
  namespace: kube-system
spec:
  rules:
  - host: dashboard.example.com
    http:
      paths:
      - backend:
          serviceName: kubernetes-dashboard
          servicePort: 8443
        path: /
---

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: oauth2-proxy
  namespace: kube-system
spec:
  rules:
  - host: dashboard.example.com
    http:
      paths:
      - backend:
          serviceName: oauth2-proxy
          servicePort: 4180
        path: /oauth2

Now you can apply this

kubectl apply -f oauth2-proxy.yaml,dashboard-ingress.yaml

PS: Documentation in Kubernetes Repo

-- KaustubhKhati
Source: StackOverflow