K
Q

Access Kubernetes Dashboard on EC2 Remotely

8/15/2019

I setup a K8s cluster in EC2 and launched kubernetes dashboard by following these links:

Here are commands I ran:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

kubectl proxy --address 0.0.0.0 --accept-hosts '.*'

As I setup a few IPs into security group for the EC2 instances, I assume only those IPs can access the dashboard, so no worry about the security here.

When I try to access the dashboard using:

http://<My_IP>:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

error-msg

Now what's the easiest way to access the dashboard?

I noticed there are several related questions, but seems no one really answer it.

Thanks a lot.

P.S. Just noticed some errors in Dashboard log. Something wrong with dashboard running?

Dashboard Log Error

-- user1828513
amazon-ec2
dashboard
kubernetes
remote-access

Similar Questions

How to make Kubernetes read-only
How to get all Kubernetes Objects details
How can I redirect traffic to my web service via ingress annotations?
Environment variables to configure RabbitMQ
Installing python on minikube

3 Answers

8/15/2019

You can use service with type:Loadbalancer and use loadBalancerSourceRanges: to limits access to your dashboard.

-- FL3SH
Source: StackOverflow
8/16/2019

Have you done the ClusterRoleBinding for serviceaccount kubernetes-dashboard.? If not, apply the below yaml file changes, so that the serviceaccount will get cluster-admin roles to access all kubernetes resources.

   apiVersion: rbac.authorization.k8s.io/v1beta1
   kind: ClusterRoleBinding
   metadata:
      name: kubernetes-dashboard
      labels:
           k8s-app: kubernetes-dashboard
   roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: cluster-admin
   subjects:
   -  kind: ServiceAccount
      name: kubernetes-dashboard
      namespace: kube-system
-- Subramanian Manickam
Source: StackOverflow
8/19/2019

It depends on what ServiceAccount or User you are using to connect to the kube-apiserver. If you want to have access without look for details of policy, literally give access to everything, your RBAC file can look similar to this:

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  annotations:
    rbac.authorization.kubernetes.io/autoupdate: "true"
  labels:
    kubernetes.io/bootstrapping: rbac-defaults
  name: my-cluster-admin
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- apiGroup: rbac.authorization.k8s.io
  kind: User
  name: <your-user-from-your-~/.kube/config>

Than pass a command:

kubectl apply -f <filename>

Second approach:

kubectl create clusterrolebinding my-cluster-admin --clusterrole=cluster-admin --user=<your-user-from-your-~/.kube/config>

You can also use a Group or ServiceAccount in User field. Look for official documentation about RBAC Authorization here.

Also what I found is great tutorial if you wanna take it step by step.

-- muscat
Source: StackOverflow