hi,guys,i got some issues when i'm going to running my kubernetes-dashboard.
the details of the issue is:
i cant access my dashboard in browser by using
https://<master-ip>:<nodePort>(https://192.168.1.30:31382),even curlhttps://localhost:<nodePort>orhttps://127.0.0.1:<nodePort>is not work
this is the way how i run the kubernetes-dashboard:
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yamli selected the NodePort way to access dashboard,so i used this
kubectl -n kubernetes-dashboard edit service kubernetes-dashboardto edit kubernetes-dashboard service,and the result is like this:
apiVersion: v1
kind: Service
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
creationTimestamp: "2023-03-01T14:42:22Z"
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
resourceVersion: "1367375"
uid: 259dm378-2385-2kd1-accd-5bdef3k7ae21
spec:
clusterIP: 10.96.100.8
clusterIPs:
- 10.96.100.8
externalTrafficPolicy: Cluster
ports:
- nodePort: 31382
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort
status:
loadBalancer: {}
- and i use
kubectl -n kubernetes-dashboard get service kubernetes-dashboardto see the output of the service,the result is:
[bro@master ~]# kubectl -n kubernetes-dashboard get service kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.96.100.8 <none> 443:31382/TCP 7h54m
- by the way,this is my firewall port config:
[bro@master ~]# firewall-cmd --zone=public --list-ports
6443/tcp 30000-32767/tcp
- the port listen:
[bro@master ~]# lsof -i tcp:31382
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
kube-prox 3319 bro 10u IPv4 42319 0t0 TCP *:31382(LISTEN)
- kubernetes-dashboard iptables:
-A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000
A KUBE-NODEPORTS -p tcp -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -m tcp --dport 31382 -j KUBE-MARK-MASQ
-A KUBE-NODEPORTS -p tcp -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -m tcp --dport 31382 -j KUBE-SVC-CEZPIJSAUFW5MYPQ
-A KUBE-SVC-CEZPIJSAUFW5MYPQ -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -j KUBE-SEP-2F76EV4OYNQ56EH2
-A KUBE-SEP-2F76EV4OYNQ56EH2 -s 10.244.1.8/32 -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -j KUBE-MARK-MASQ
-A KUBE-SEP-2F76EV4OYNQ56EH2 -p tcp -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -m tcp -j DNAT --to-destination 10.244.1.8:8443
- and this is my kubernetes-dashboard pod details:
[bro@master ~]# kubectl describe -n kubernetes-dashboard po kubernetes-dashboard-785c75749d-n9tm6
Name: kubernetes-dashboard-785c75749d-n9tm6
Namespace: kubernetes-dashboard
Priority: 0
Node: node01/192.168.1.30
Start Time: Wed, 01 Mar 2023 22:42:22 +0800
Labels: k8s-app=kubernetes-dashboard
pod-template-hash=785c75749d
Annotations: seccomp.security.alpha.kubernetes.io/pod: runtime/default
Status: Running
IP: 10.244.1.6
IPs:
IP: 10.244.1.6
Controlled By: ReplicaSet/kubernetes-dashboard-785c75749d
Containers:
kubernetes-dashboard:
Container ID: docker://3PBcXqWdT3aQEeH6yZeF9PpG84sjcreJqKcWV3aB8qLehDYokRoOhJ9bCQu3DQaG
Image: kubernetesui/dashboard:v2.7.0
Image ID: docker-pullable://kubernetesui/dashboard@sha256:2t7xDNEDPq2B9xcGks5i11Ss2a2t9n229pfGcwmYQul71XvPXd4aqIJ8bS2Y4xP4
Port: 8443/TCP
Host Port: 0/TCP
Args:
--auto-generate-certificates
--namespace=kubernetes-dashboard
State: Running
Started: Wed, 01 Mar 2023 22:44:49 +0800
Ready: True
Restart Count: 0
Liveness: http-get https://:8443/ delay=30s timeout=30s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/certs from kubernetes-dashboard-certs (rw)
/tmp from tmp-volume (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kubernetes-dashboard-token-kzb94 (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kubernetes-dashboard-certs:
Type: Secret (a volume populated by a Secret)
SecretName: kubernetes-dashboard-certs
Optional: false
tmp-volume:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kubernetes-dashboard-token-kzb94:
Type: Secret (a volume populated by a Secret)
SecretName: kubernetes-dashboard-token-kzb94
Optional: false
QoS Class: BestEffort
Node-Selectors: kubernetes.io/os=linux
Tolerations: node-role.kubernetes.io/master:NoSchedule
node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events: <none>
Because you have 443 so try
https://localhost:443or Usehttps://<IPOfVM>:443You will see an SSL error and go advance and proceed with risk. Using Firefox as chrome sometimes does not proceed insecurely.