1

hi,guys,i got some issues when i'm going to running my kubernetes-dashboard😥.

the details of the issue is:

i cant access my dashboard in browser by using https://<master-ip>:<nodePort>(https://192.168.1.30:31382),even curl https://localhost:<nodePort> or https://127.0.0.1:<nodePort> is not work

this is the way how i run the kubernetes-dashboard:

  • kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

  • i selected the NodePort way to access dashboard,so i used this kubectl -n kubernetes-dashboard edit service kubernetes-dashboard to edit kubernetes-dashboard service,and the result is like this:


    apiVersion: v1
    kind: Service
    metadata:
      annotations:
        kubectl.kubernetes.io/last-applied-configuration: |
          {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kubernetes-dashboard"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
      creationTimestamp: "2023-03-01T14:42:22Z"
      labels:
        k8s-app: kubernetes-dashboard
      name: kubernetes-dashboard
      namespace: kubernetes-dashboard
      resourceVersion: "1367375"
      uid: 259dm378-2385-2kd1-accd-5bdef3k7ae21
    spec:
      clusterIP: 10.96.100.8
      clusterIPs:
     - 10.96.100.8
      externalTrafficPolicy: Cluster
      ports:
     - nodePort: 31382
        port: 443
        protocol: TCP
        targetPort: 8443
      selector:
        k8s-app: kubernetes-dashboard
      sessionAffinity: None
      type: NodePort
    status:
      loadBalancer: {}
  • and i use kubectl -n kubernetes-dashboard get service kubernetes-dashboard to see the output of the service,the result is:

    [bro@master ~]# kubectl -n kubernetes-dashboard get service kubernetes-dashboard
    NAME                   TYPE       CLUSTER-IP    EXTERNAL-IP   PORT(S)         AGE
    kubernetes-dashboard   NodePort   10.96.100.8   <none>        443:31382/TCP   7h54m
  • by the way,this is my firewall port config:

    [bro@master ~]# firewall-cmd --zone=public --list-ports
    6443/tcp 30000-32767/tcp
  • the port listen:

    [bro@master ~]# lsof -i tcp:31382
    COMMAND    PID USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
    kube-prox 3319 bro   10u  IPv4  42319      0t0  TCP *:31382(LISTEN)
  • kubernetes-dashboard iptables:

   -A KUBE-MARK-MASQ -j MARK --set-xmark 0x4000/0x4000
   A KUBE-NODEPORTS -p tcp -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -m tcp --dport 31382 -j KUBE-MARK-MASQ
   -A KUBE-NODEPORTS -p tcp -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -m tcp --dport 31382 -j KUBE-SVC-CEZPIJSAUFW5MYPQ
   -A KUBE-SVC-CEZPIJSAUFW5MYPQ -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -j KUBE-SEP-2F76EV4OYNQ56EH2
   -A KUBE-SEP-2F76EV4OYNQ56EH2 -s 10.244.1.8/32 -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -j KUBE-MARK-MASQ
   -A KUBE-SEP-2F76EV4OYNQ56EH2 -p tcp -m comment --comment "kubernetes-dashboard/kubernetes-dashboard" -m tcp -j DNAT --to-destination 10.244.1.8:8443
  • and this is my kubernetes-dashboard pod details:

   [bro@master ~]# kubectl describe -n kubernetes-dashboard po kubernetes-dashboard-785c75749d-n9tm6
   Name:         kubernetes-dashboard-785c75749d-n9tm6
   Namespace:    kubernetes-dashboard
   Priority:     0
   Node:         node01/192.168.1.30
   Start Time:   Wed, 01 Mar 2023 22:42:22 +0800
   Labels:       k8s-app=kubernetes-dashboard
                 pod-template-hash=785c75749d
   Annotations:  seccomp.security.alpha.kubernetes.io/pod: runtime/default
   Status:       Running
   IP:           10.244.1.6
   IPs:
     IP:           10.244.1.6
   Controlled By:  ReplicaSet/kubernetes-dashboard-785c75749d
   Containers:
     kubernetes-dashboard:
       Container ID:  docker://3PBcXqWdT3aQEeH6yZeF9PpG84sjcreJqKcWV3aB8qLehDYokRoOhJ9bCQu3DQaG
       Image:         kubernetesui/dashboard:v2.7.0
       Image ID:      docker-pullable://kubernetesui/dashboard@sha256:2t7xDNEDPq2B9xcGks5i11Ss2a2t9n229pfGcwmYQul71XvPXd4aqIJ8bS2Y4xP4
       Port:          8443/TCP
       Host Port:     0/TCP
       Args:
         --auto-generate-certificates
         --namespace=kubernetes-dashboard
       State:          Running
         Started:      Wed, 01 Mar 2023 22:44:49 +0800
       Ready:          True
       Restart Count:  0
       Liveness:       http-get https://:8443/ delay=30s timeout=30s period=10s #success=1 #failure=3
       Environment:    <none>
       Mounts:
         /certs from kubernetes-dashboard-certs (rw)
         /tmp from tmp-volume (rw)
         /var/run/secrets/kubernetes.io/serviceaccount from kubernetes-dashboard-token-kzb94 (ro)
   Conditions:
     Type              Status
     Initialized       True 
     Ready             True 
     ContainersReady   True 
     PodScheduled      True 
   Volumes:
     kubernetes-dashboard-certs:
       Type:        Secret (a volume populated by a Secret)
       SecretName:  kubernetes-dashboard-certs
       Optional:    false
     tmp-volume:
       Type:       EmptyDir (a temporary directory that shares a pod's lifetime)
       Medium:     
       SizeLimit:  <unset>
     kubernetes-dashboard-token-kzb94:
       Type:        Secret (a volume populated by a Secret)
       SecretName:  kubernetes-dashboard-token-kzb94    
       Optional:    false
   QoS Class:       BestEffort
   Node-Selectors:  kubernetes.io/os=linux
   Tolerations:     node-role.kubernetes.io/master:NoSchedule
                    node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                    node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
   Events:          <none>

PS:Thank you all for your help,wish u all have a nice day😊

Improve this question
2
  • Find out the IP of the node on which Dashboard is running to access it. Instead of accessing https://<master-ip>:<nodePort> you should access https://<node-ip>:<nodePort>. Commented Mar 2, 2023 at 9:46
  • Hi,Veera,thank u for ur answer, my master-ip=node-ip,I used to run these commands on master node,so their r same thing Commented Mar 3, 2023 at 6:08

1 Answer 1

Reset to default
0

Because you have 443 so try https://localhost:443 or Use https://<IPOfVM>:443 You will see an SSL error and go advance and proceed with risk. Using Firefox as chrome sometimes does not proceed insecurely.

master-k8s:~/postgres-operator-examples-3$ kubectl get pods -owide -n kubernetes-dashboard
NAME                                        READY   STATUS    RESTARTS       AGE   IP            NODE                       NOMINATED NODE   READINESS GATES
dashboard-metrics-scraper-7bc864c59-rzzdx   1/1     Running   0              18h   10.244.3.88   node3k8s   <none>           <none>
kubernetes-dashboard-6ff574dd47-wnd4b       1/1     Running   4 (4h1m ago)   18h   10.244.3.87   node3k8s   <none>           <none>
Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

hi,bro,thank u for ur answer,i know what u mean,but i'm pretty sure it's not the issue you're talking about ,i think u need to know whats the NodePort mean to kubernetes-dashboard pod,u can check out this
I also had the same issue, I tried the exposed node port and also the load balancer and I didn't manage to access the dashboard then I try with 443 instead of the node port I access the dashboard. I know it should use the node port or load balancer but not sure why it is accessible with 443 in my case. Make sure you https:
I use port 443 instead of NodePort, of course https, but the connection is still timeout,I personally think that it must be because of some problems between kubernetes-dashboard and iptables that my linux system cannot contact kubernetes-dashboard, because I can access port 6443 of the api-server, but I have investigated for a long time, and I did not see the wrong log
If you have a master and worker node setup then there is a chance that the dashboard pod is running on a worker node. Run "kubectl get pods -owide -n <yournamespace >" It will show you on which worker node dashboard is running. Then use the IP of that worker node with port-no.
I have updated the Answer as an Example in my case the kubernetes-dashboard was running on node 3 and I used the node3 IP with port no to access it.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.