Can't access to Dashboard from my desktop in LAN

5/7/2019

I installed a raspberry pi Kubernetes cluster at home. I wanted to access to a dashboard to monitor things in my private network.

So I installed the arm version of k8s dashboard.

The service is up and running :

NAMESPACE     NAME                        TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)                  AGE
default       kubernetes                  ClusterIP   10.96.0.1     <none>        443/TCP                  4d12h
kube-system   kube-dns                    ClusterIP   10.96.0.10    <none>        53/UDP,53/TCP,9153/TCP   4d12h
kube-system   kubernetes-dashboard-head   NodePort    10.99.16.27   <none>        443:30753/TCP            56m

as well as the concerned pod :

NAMESPACE     NAME                                        READY   STATUS    RESTARTS   AGE
[...]
kube-system   kubernetes-dashboard-head-989b89d75-jr68l   1/1     Running   6          2d15h
[...]

Now, when I try to access to the service from within the cluster it definitely works:

$ curl -X GET https://[master-node-ip]:30753 -k
[...]
<!doctype html>
<html>

<head>
  <meta charset="utf-8">
  <title>Kubernetes Dashboard</title>
  <link rel="icon"
        type="image/png"
        href="assets/images/kubernetes-logo.png" />
  <meta name="viewport"
        content="width=device-width">
<link rel="stylesheet" href="styles.357bf738eb94868b9857.css"></head>

<body>
  <kd-root></kd-root>
<script type="text/javascript" src="runtime.4830d2e917b9843e3c9b.js"></script><script type="text/javascript" src="polyfills.4191ec10c6e967837eba.js"></script><script type="text/javascript" src="scripts.b1c7fc483cdf0bfa1025.js"></script><script type="text/javascript" src="main.02eb8859e9a4ef58e750.js"></script></body>

But when I try to access it from another machine within the same local network, I get a : NET::ERR_CERT_INVALID in the browser and using cURL:

curl: (35) schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) - The token supplied to the function is invalid

I think it is supposed to redirect me to a "Login" page and I can login whether with a config file or a token. But it seems not to. Any idea why?

-- Baptiste Arnaud
kubernetes
kubernetes-dashboard
kubernetes-service
lan

1 Answer

6/18/2019

Try to execute:

$ sudo kubeadm init --token-ttl=0 --pod-network-cidr=your_ip

Passing --token-ttl=0 make that the token never expires - do not use this setting in production. The UX for kubeadm means it's currently very hard to get a join token later on after the initial token has expired.

Useful post: kubernetes-raspberrypi

-- MaggieO
Source: StackOverflow