I got a cluster running on a Ubuntu server. I provide the web content on the server running in the cluster via port 80/443. The server itself I am accessing via ssh only, so no graphical interface at all.
Now I want to access the kubernetes web ui for that cluster. During research I found sources who say that accessing the web ui per remote access is not recommended for prod environments. The guides are only about using kubectl proxy to expose the dashboard to localhost.
Is there a solution or a more or less common way to access the dashboard of a cluster running on a server?
2 things; 1. to access directly using the browser (local machine), k8s cluster must be in the same network domain. 2. if you are not on item#1, access it using windows RDP and use the browser.
...
spec:
clusterIP: 10.104.126.244
externalIPs:
- 192.168.64.1
externalTrafficPolicy: Cluster
ports:
- nodePort: 31180
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: LoadBalancer
status:The above kubernetes-dashboard-service will work, by going to https://192.168.64.1:31180 , where 192.168.64.1 is the IP address of your Kubernetes Controller, however there are caveats.
You'll need to use an old browser to access it and accept the security exception.
then run
kubectl -n kube-system get secret
And look for your replicaset-controller-token-kzpmc
Then run
$ kubectl -n kube-system describe secrets replicaset-controller-token-kzpmc
And copy the long token at the bottom.
Name: replicaset-controller-token-kzpmc
Namespace: kube-system
Labels: <none>
Annotations: kubernetes.io/service-account.name=replicaset-controller
kubernetes.io/service-account.uid=d0d93741-96c5-11e7-8245-901b0e532516
Type: kubernetes.io/service-account-token
Data
====
ca.crt: 1025 bytes
namespace: 11 bytes
token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3 If you want to access to your dashboard through external ip address you can edit your Dashboard service and change type to LoadBalancer if you have External LB Provider such as GCP or AWS. To do that Edit kubernetes-dashboard service.
# kubectl -n kube-system edit service kubernetes-dashboardYou should see yaml representation of the service. Change type: ClusterIP to type: LoadBalancer and save file. If it's already changed go to next step.
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
...
name: kubernetes-dashboard
namespace: kube-system
resourceVersion: "343478"
selfLink: /api/v1/namespaces/kube-system/services/kubernetes-dashboard-head
uid: 8e48f478-993d-11e7-87e0-901b0e532516
spec:
clusterIP: 10.100.124.90
externalTrafficPolicy: Cluster
ports:
- port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: ClusterIP # <-- Change to LoadBalancer
status:
loadBalancer: {}Then run below command to see external ip address of Kubernetes Dashboard service
# kubectl -n kube-system get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard LoadBalancer 10.23.252.164 <external-ip> 443:31720/TCP 26d
Then browse https://<external-ip> to see Web UI
Also you can expose your service as NodePort to access WEB UI through your subnet
kubectl proxy works pretty well. Otherwise, you can also change the kubernetes-dashboard into a loadbalancer/nodeport and access the cluster through that.
If you're using a loadbalancer and you're with a cloud provider like AWS or Azure, you can probably set up security groups to allow access at some specific ip ranges.
But tbh, I'll say kubectl proxy is good enough most of the time.