What I'm trying to do is launching the Kubernetes Dashboard on my cluster.
The Dashboard was installed using Kubespray, so I'm pretty sure it's installed correctly (at least its pods run without errors).
Cluster's setup overview is the following:
$ kubectl get svc --all-namespaces
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default kubernetes ClusterIP 10.65.0.1 <none> 443/TCP 2d
kube-system coredns ClusterIP 10.65.0.3 <none> 53/UDP,53/TCP,9153/TCP 2d
kube-system dashboard-metrics-scraper ClusterIP 10.65.43.101 <none> 8000/TCP 2d
kube-system kubernetes-dashboard ClusterIP 10.65.10.7 <none> 443/TCP 2d
$ kubectl get ingress --all-namespaces
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
kube-system dashboard <none> * 80 4m22s
$ cat dash_ingress.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: kube-system
name: dashboard
selfLink: /api/dashboard
spec:
defaultBackend:
service:
name: kubernetes-dashboard
port:
number: 443
Assuming that my server runs on IP 10.11.12.13, when I try to reach http://10.11.12.13/api/dashboard, I get error 404. When trying with https:// instead, Chrome reports ERR_CONNECTION_TIMED_OUT
. Beside that, all http:// calls to the IP without any suffixes also end up with error 404.
The nginx's error 404 is a pretty positive thing, since at least the nginx
seems to work correctly, but how to reach the Dashboard or how to expose it to be reachable? Should I try other ports (8443 checked - ends up like all https:// calls) or anything else?
EDIT:
After reconfiguring the Ingress object as follows (adding annotations):
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
namespace: kube-system
name: dashboard
selfLink: /api/dashboard
annotations:
kubernetes.io/ingress.class: "nginx"
nginx.ingress.kubernetes.io/service-upstream: "true"
spec:
defaultBackend:
service:
name: kubernetes-dashboard
port:
number: 443
I found out that calling https://10.11.12.13:6443/ gives error 403 with the following Status object returned:
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {},
"status": "Failure",
"message": "forbidden: User \"system:anonymous\" cannot get path
\"/api/dashboard\"",
"reason": "Forbidden",
"details": {},
"code": 403
}
Not sure though, if this comes from the Dashboard or some other Kubernetes service (the Ingress was configured for the Dashboard, but I miss knowledge on this topic yet).
EDIT #2:
Calling http://10.11.12.13 redirects to http://10.11.12.13/#/login page and the page asks for a token or a config file. Signing in is disabled due to missing https communication though...