1 year ago
#378142
MajesticOl
How to make the kubernetes dashboard accessible through normal http?
I am struggling with this since basically WEEKS now... There is literally not one single example how to do this on the whole internet. Its actually quiet hilarious.
My dashboard deployment:
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
k8s-app: kubernetes-dashboard
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
k8s-app: kubernetes-dashboard
spec:
containers:
- args:
- --namespace=kube-system
- --enable-insecure-login
- --insecure-bind-address=0.0.0.0
image: kubernetesui/dashboard:v2.3.0
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /
port: 9090
scheme: HTTP
initialDelaySeconds: 30
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 30
name: kubernetes-dashboard
ports:
- containerPort: 9090
name: http
protocol: TCP
resources: {}
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsGroup: 2001
runAsUser: 1001
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /certs
name: kubernetes-dashboard-certs
- mountPath: /tmp
NOTE THE FOLLOWING:
As of the official Dashboard arguments documentation
i added the arguments to the dashboard deployment :
--enable-insecure-login
which ENABLES INSECURE LOGIN: meaning a default port 9090 will available on the dashboard (the container i guess ).
As you can see i further made that very container accessible on the kubernetes pod itself
ports:
- containerPort: 9090
name: http
protocol: TCP
after that,.. of course i also routed that very port in the service for the dashboard itself.
here is my service.yaml:
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kube-system"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
creationTimestamp: "2022-04-05T13:11:22Z"
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
resourceVersion: "12795"
selfLink: /api/v1/namespaces/kube-system/services/kubernetes-dashboard
uid: 01bb1897-e18f-418e-949d-465069b561de
spec:
clusterIP: 10.152.183.208
clusterIPs:
- 10.152.183.208
externalTrafficPolicy: Cluster
internalTrafficPolicy: Cluster
ipFamilies:
- IPv4
ipFamilyPolicy: SingleStack
ports:
- nodePort: 30838
port: 9090
protocol: TCP
targetPort: 9090
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
Here we can see beautifully that the ports are all correctly assigned:
- nodePort: 30838
port: 443
protocol: TCP
targetPort: 9090
The nodePort is optional.. it will be the port the service exposes all of this to the outside world (aka a browser etc.)
The port is the port that the service will internally inside the cluster be exposed. I have chosen to leave it at its default value.
Finally the targetPort must match the initially exposed port on the pod. And it does.
Of course i have set --insecure-bind-address=0.0.0.0 inside the dashboard arguments to allow the insecure port to be served on any address.
When i try to access it with a browser, its just dead. No response, no nothing.
So where did i go wrong ?
Is there really no example ? If i manage to get this to work, i as a matter of fact plan to officially propose the SOLUTION to Kubernetes itself or some major tutorial services. I see literally hundreds of people struggling with this, giving up eventually etc. :D
kubernetes
kubernetes-service
kubernetes-deployment
kubernetes-dashboard
0 Answers
Your Answer