Kubernetes dashboard in aws EC2 instance?

11/17/2018

I have started 2 ubuntu 16 EC2 instance(one for master and other for worker). Everything working OK. I need to setup dashboard to view on my machine. I have copied admin.ctl and executed the script in my machine's terminal

 kubectl --kubeconfig ./admin.conf proxy --address='0.0.0.0' --port=8002 --accept-hosts='.*' 

Everything is fine. But in browser when I use below link

http://localhost:8002/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

I am getting Error: 'dial tcp 192.168.1.23:8443: i/o timeout' Trying to reach: 'https://192.168.1.23:8443/'

I have enabled all traffics in security policy for aws. What am I missing? Please point me a solution

-- JibinNajeeb
amazon-ec2
amazon-web-services
docker
kubernetes

3 Answers

11/27/2018

For bypassing dashboard with token. You have to execute the below code

cat <<EOF | kubectl create -f -
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system
EOF

After this you can skip without providing token. But this will cause security issues.

-- JibinNajeeb
Source: StackOverflow

11/17/2018

Have you tried putting http:// in front of localhost?

I don't have enough rep to comment, else I would.

-- John Galt
Source: StackOverflow

11/19/2018

If you only want to reach the dashboard then it is pretty easy, get the IP address of your EC2 instance and the Port on which it is serving dashboard (kubectl get services --all-namespaces) and then reach it using: First:

kubectl proxy --address 0.0.0.0 --accept-hosts '.*'

And in your browswer:

http://<IP>:<PORT>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

Note that this is a possible security vulnerability as you are accepting all traffic (AWS firewall rules) and also all connections for your kubectl proxy (--address 0.0.0.0 --accept-hosts '.*') so please narrow it down or use different approach. If you have more questions feel free to ask.

-- aurelius
Source: StackOverflow