Using gcloud I have created a stand cluster.
When I run the command kubectl cluster-info I have this output:
Kubernetes master is running at https://<cluster-ip>
GLBCDefaultBackend is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/default-http-backend:http/proxy
Heapster is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/heapster/proxy
KubeDNS is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
Metrics-server is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:metrics-server:/proxyWhen I would like to access the dashboard (web ui interface), e.g kubernetes-dashboard is running at https://<cluster-ip>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy I have this error:
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system\"",
"reason": "Forbidden",
"details": {
"name": "https:kubernetes-dashboard:",
"kind": "services"
},
"code": 403
}
I know there is a lot of questions around this kind of issue concerning the kubernetes dashboard, but I don't find the right to properly access and connect throughthe web ui from gcloud directly.
You need to run first kubectl proxy in order to access the kubernetes dashboard as peer the documentation. After that you can provide the bearer token or Kubeconfig file, see this documentation on hoe to get Bearer Token.
Another option to get the full access to your GKE dashboard see below:
gcloud get-credentials <GKE cluster name> --zone <zone> --project <project>
gcloud config config-helper --format=json | jq .credential.access_tokenCopy the Token and use it for full access to all the Dashboard section.