How can I access to kubernetes dashboard using NodePort in a remote cluster for testing?

1/10/2019

I have a testing Kubernetes cluster running in remote VMs (on VSphere), I have full access to the VMs through ssh (they have private IPs). How can I expose services and access them from outside the cluster (from my remote laptop trying to get access to the machines) knowing that I can remotely perform all kubectl commands.

For example: I tried with the dashboard, I installed it, I have changed the service to NodePort, and I tried to access to it from my laptop using this URL http:master-private-ip:exposedport, also with worker IPs, but it does not work. It returns in browser only (binary output). When I try to connect through https, it trows a certificates error.

$ kubectl get svc -n kube-system -l k8s-app=kubernetes-dashboard
  NAME                   TYPE           CLUSTER-IP       EXTERNAL-IP   PORT(S)         AGE
  kubernetes-dashboard   NodePort       10.97.143.110    <none>        443:30714/TCP   42m
$ kubectl  proxy -p 8001
$ curl http://172.16.5.226:30714 --output -

I have expected that the output shows me the html from the UI of the Kubernetes dashboard

-- Sam
kubectl
kubernetes
kubernetes-dashboard

1 Answer

1/10/2019

NOTE: Dashboard should not be exposed publicly over HTTP. For domains accessed over HTTP it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.

If you have done everything correctly it should work over HTTPS

As it's explained in Accessing Dashboard 1.7.X and above.

In order to expose Dashboard using NodePort you need to edit kubernetes-dashboard service.

kubectl -n kube-system edit service kubernetes-dashboard

Find type: ClusterIP and change it to type: NodePort, then save the file.

Then, check which port was the Dashboard exposed to:

kubectl -n kube-system get service kubernetes-dashboard which might look:

NAME                   CLUSTER-IP       EXTERNAL-IP   PORT(S)        AGE
kubernetes-dashboard   10.100.124.90   <nodes>       443:31707/TCP   21h

To access the Dashboard navigate your browser to https://<server_IP>:31707

EDIT:

In your case with self-signed certificate, you need to put it into a secret. It has to be named kubernetes-dashboard-certs and it has to be in kube-system namespace.

You have to save the cert as dashboard.crt and dashboard.key and store them under $HOME/certs.

kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system

This installation process is explained here.

-- Crou
Source: StackOverflow