kubernetes remote access dashboard

11/24/2019

Before to start I have just one question about kubernetes, usually linux server have not graphic interface, so how the admin can access to k8S dashboard ?

Is there any other solution expect ssh tunnel ?

I have tried ssh tunnel but not working

Master command I have executed:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta1/aio/deploy/recommended.yaml
namespace/kubernetes-dashboard unchanged
serviceaccount/kubernetes-dashboard unchanged
service/kubernetes-dashboard unchanged
secret/kubernetes-dashboard-certs unchanged
secret/kubernetes-dashboard-csrf unchanged
secret/kubernetes-dashboard-key-holder unchanged
configmap/kubernetes-dashboard-settings unchanged
role.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrole.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
rolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
clusterrolebinding.rbac.authorization.k8s.io/kubernetes-dashboard unchanged
deployment.apps/kubernetes-dashboard configured
service/dashboard-metrics-scraper configured
deployment.apps/kubernetes-metrics-scraper created
[rbo@K8SMaster ~]$ kubectl proxy
Starting to serve on 127.0.0.1:8001

Tunnel SSH done on remote machine:

Authenticated to k8smaster ([192.168.1.15]:22).
debug1: Local connections to LOCALHOST:8080 forwarded to remote address localhost:8001
debug1: Local forwarding listening on ::1 port 8080.
debug2: fd 5 setting O_NONBLOCK
debug1: channel 0: new [port listener]
debug1: Local forwarding listening on 127.0.0.1 port 8080.
debug2: fd 6 setting O_NONBLOCK
debug1: channel 1: new [port listener]
debug2: fd 3 setting TCP_NODELAY
debug1: Requesting no-more-sessions@openssh.com
debug1: Entering interactive session.

Browser message from remote machine:

  "kind": "Status",
  "apiVersion": "v1",
  "metadata": {

  },
  "status": "Failure",
  "message": "services \"kubernetes-dashboard\" not found",
  "reason": "NotFound",
  "details": {
    "name": "kubernetes-dashboard",
    "kind": "services"
  },
  "code": 404
}
-- rab
kubernetes

2 Answers

12/23/2019

I did a UI tool to help you to forward any service to your local machine.

You can see an example of how to forward the dashboard:

Tunnel dashboard

Here is the repository link on how to getting started: linker-tool

If you have any question please open an issue or contact me, I am happy to help.

-- Victor Jimenez
Source: StackOverflow

11/29/2019

A long time ago I used is-accessing-kubernetes-dashboard-remotely-possible article to resolve the same. This approach also with ssh tunnel

1) Deploy dashboard (you may take it from original source)

$ kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yam

2) kubectl proxy&

3) Create serviceaccount, grant it cluster-admin role

kubectl create serviceaccount rab
kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=default:rab
kubectl get secret
kubectl describe secret rab-token-***** (and retrieve token from output. You will need it to access dashboard in the future steps)

4)create ssh tunnel from a remote host outside of the cluster where you would access dashboard:

ssh -L 9999:127.0.0.1:8001 -N -f -l rab <k8s master host name or ip>

"-L" local port forwarding

"9999" is a local host port. it can be any available port. It can also be 8001 "127.0.0.1:8001" is where the proxy runs on k8s master host

Password may be required for the on the master host to create a tunnel This command forwards any local request on port 9999 to"127.0.0.1:8001" on the master host

5)open a browser with the following api:

http://localhost:9999/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Then select "token" and past the token to log in the dashboard.

Hope it helps you

-- VKR
Source: StackOverflow