Before to start I have just one question about kubernetes, usually linux server have not graphic interface, so how the admin can access to k8S dashboard ?
Is there any other solution expect ssh tunnel ?
I have tried ssh tunnel but not working
Master command I have executed:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard unchanged
service/kubernetes-dashboard unchanged
secret/kubernetes-dashboard-certs unchanged
secret/kubernetes-dashboard-csrf unchanged
secret/kubernetes-dashboard-key-holder unchanged
configmap/kubernetes-dashboard-settings unchanged
role.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
deployment.apps/kubernetes-dashboard configured
service/dashboard-metrics-scraper configured
deployment.apps/kubernetes-metrics-scraper created
[rbo@K8SMaster ~]$ kubectl proxy
Starting to serve on 127.0.0.1:8001
Tunnel SSH done on remote machine:
Authenticated to k8smaster ([192.168.1.15]:22).
debug1: Local connections to LOCALHOST:8080 forwarded to remote address localhost:8001
debug1: Local forwarding listening on ::1 port 8080.
debug2: fd 5 setting O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8080.
debug2: fd 6 setting O_NONBLOCK
debug1: channel 1: new [port listener]
debug2: fd 3 setting TCP_NODELAY
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.
Browser message from remote machine:
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "services \"kubernetes-dashboard\" not found",
"reason": "NotFound",
"details": {
"name": "kubernetes-dashboard",
"kind": "services"
},
"code": 404
}
I did a UI tool to help you to forward any service to your local machine.
You can see an example of how to forward the dashboard:
Here is the repository link on how to getting started: linker-tool
If you have any question please open an issue or contact me, I am happy to help.
A long time ago I used is-accessing-kubernetes-dashboard-remotely-possible article to resolve the same. This approach also with ssh tunnel
1) Deploy dashboard (you may take it from original source)
$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yam
2) kubectl proxy&
3) Create serviceaccount, grant it cluster-admin role
kubectl create serviceaccount rab
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=default:rab
kubectl get secret
kubectl describe secret rab-token-***** (and retrieve token from output. You will need it to access dashboard in the future steps)
4)create ssh tunnel from a remote host outside of the cluster where you would access dashboard:
ssh -L 9999:127.0.0.1:8001 -N -f -l rab <k8s master host name or ip>
"-L" local port forwarding
"9999" is a local host port. it can be any available port. It can also be 8001 "127.0.0.1:8001" is where the proxy runs on k8s master host
Password may be required for the on the master host to create a tunnel This command forwards any local request on port 9999 to"127.0.0.1:8001" on the master host
5)open a browser with the following api:
http://localhost:9999/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
Then select "token" and past the token to log in the dashboard.
Hope it helps you