I have been able to successfully setup kubernetes on my Centos 7 server.
On trying to get the dashboard working after following the documentation, running 'kubectl proxy' it
attempts to run using 127.0.0.1:9001 and not my server ip. Do this mean I cannot access kubernetes dashboard outside the server?
I need help on getting the dashboard running using my public ip
You can specify on which address you want to run kubectl proxy, i.e.
kubectl proxy --address <EXTERNAL-IP> -p 9001
Starting to serve on 100.105.***.***:9001
You can also use port forwarding to access the dashboard.
kubectl port-forward --address 0.0.0.0 pod/dashboard 8888:80
This will listen port 8888 on all addresses and route traffic directly to your pod.
For instance:
rsha:~$ kubectl port-forward --address 0.0.0.0 deploy/webserver 8888:80
Forwarding from 0.0.0.0:8888 -> 80
In another terminal running
rsha:~$ curl 100.105.***.***:8888
<html><body><h1>It works!</h1></body></html>
As I understand, you would like to access the dashboard from your laptop. What you should do is create an admin account called k8s-admin:
$ kubectl --namespace kube-system create serviceaccount k8s-admin
$ kubectl create clusterrolebinding k8s-admin --serviceaccount=kube-system:k8s-admin --clusterrole=cluster-admin
Then setup kubectl on your laptop, e.g. for macOS it looks like this (see documentation):
$ brew install kubernetes-cli
Setup a proxy to your workstation. Create a ~/.kube directory on your laptop and then scp the ~/.kube/config file from the k8s (Kubernetes) master to your ~/.kube directory.
Then get the authentication token you need to connect to the dashboard:
$ kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep k8s-admin | awk '{print $1}')
Now start the proxy:
$ kubectl proxy
Now open the dashboard by going to:
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/
You should see the Token option and then copy-paste the token from the prior step and Sign-In.
You can follow this tutorial.
Related
I have computer A and B on LAN:
A at IP 192.168.0.104
B at IP 192.168.0.110
On computer B I have a Kubernetes service with ingress:
path hello
host hello-node.com
minikube ip is 192.168.49.2
/etc/hosts has a line:
192.168.49.2 hello-node.com
On B I see the service response to hello-node.com/hello but not to
192.168.49.2/hello. On 192.168.49.2/hello I see 404 error from nginx.
How do I access either hello-node.com/hello or 192.168.49.2/hello from computer A?
I do not want to rely on any 3rd party service (load balancer etc)
info:
minikube version: v1.16.0
$ kubectl cluster-info
Kubernetes control plane is running at https://192.168.49.2:8443
KubeDNS is running at https://192.168.49.2:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
Workaround without using ingress, but NodePort expose command. From link from #mariusz-k
kubectl expose deployment/hello-node --type="NodePort" --port 8080
SERVICE_NODE_IP=$(minikube ip)
FORWARD_PORT=8090
SERVICE_NODE_PORT=$(kubectl get services/hello-node -o go-template='{{(index .spec.ports 0).nodePort}}')
ssh -i ~/.minikube/machines/minikube/id_rsa docker#$SERVICE_NODE_IP -NL \*:$FORWARD_PORT:0.0.0.0:$SERVICE_NODE_PORT
You need to get the address of Computer B (the cluster ip) and then connect to it.
# Get the cluster "master" ip
$ kubectl cluster-info
Kubernetes master is running at https://<the desired ip/DNS record>......:443
# use the above ip to get the content of your service
curl -vsI <ip>/hello
You can access your minikube service from another machine by following steps from this github issue:
service_name=web # This is what you need to replace with your own service
service_port=$(minikube service $service_name --url | cut -d':' -f3)
ssh -i ~/.minikube/machines/minikube/id_rsa docker#$(minikube ip) -NL \*:${service_port}:0.0.0.0:${service_port}
After that your service will be available under `<minikube's-host-ip>:
Added from a form which is quay.io/keycloak/keycloak
Changed from Loadbalancer to a Nodeport
Can visit that but ip:port
Showing error to add a user from localhost:8080 or use add-user-keycloak script
Please follow the docs Keycloak on Kubernetes.
You can find instructions there, how deploy keycloak inside minikube.
However you can download this deployment files and modify the settings according to your needs.
F.E. you can change service type from Loadbalancer to NodePort.
In addition please consider making a changes in other settings like: KEYCLOAK_USER, KEYCLOAK_PASSWORD:
wget -q -O - https://raw.githubusercontent.com/keycloak/keycloak-quickstarts/latest/kubernetes-examples/keycloak.yaml | \
sed "s/LoadBalancer/NodePort/" | \
kubectl create -f -
In order to access your keycloak instance you should change:
minikube ip ( to your externalIp address associated with your vm or use nodeIP from inside the vm)
verify your service NodePort by running.
kubectl get services/keycloak -o go-template='{{(index .spec.ports 0).nodePort}}'
kubectl get svc -o wide
By default NodePort should be in the range (30000-32767)
I am trying to perform a simple operation of logging into my cluster to update image of a deployment. I am stuck at the first step. I get an error that connection to localhost:8080 is refused. Please help.
$ chmod u+x kubectl && mv kubectl /bin/kubectl
$ $KUBE_CERT > ca.crt
$ kubectl config set-cluster cfc --server=$KUBE_URL --certificate-authority=ca.crt
Cluster "cfc" set.
$ kubectl config set-context cfc --cluster=cfc
Context "cfc" created.
$ kubectl config set-credentials gitlab-admin --token=$KUBE_TOKEN
User "gitlab-admin" set.
$ kubectl config set-context cfc --user=gitlab-admin
Context "cfc" modified.
$ kubectl config use-context cfc
Switched to context "cfc".
$ echo "Deploying dashboard with version extracted from tag ${CI_COMMIT_TAG}"
Deploying dashboard with version extracted from tag dev-1.0.4-22
$ kubectl get pods
The connection to the server localhost:8080 was refused - did you specify the right host or port?
The reason why you have you connection refused is because your proxy is not started. Try executing code below so kubectl can access the cluster via proxy (localhost:8080).
kubectl proxy --address 0.0.0.0 --accept-hosts '.*' &
Another approach is to use curl and operate with your cluster just like in the following example:
curl --cacert /path/to/cert -H "Bearer {your token}" "${KUBE_URL}/api"
I also tried changing kubernetes services yaml file to Node port and then tried exposing the dashboard from the new port i am getting error "connection is not private".So how to access the dashboard by making the connection private?
Can you try below steps...
Undeploy the existing dashboard.
Deploy dashboard using the below command:
kubectl create -f https://raw.githubusercontent.com/epasham/docker-repo/master/k8s/dashboard/kubernetes-dashboard.yml
master $ kubectl get svc -n kube-system | grep dashboard
kubernetes-dashboard NodePort 10.110.127.61 <none> 9090:30000/TCP 2m
master $ curl 10.110.127.61:9090 ( within the cluster )
Access the dashboard from browser using HOSTNAME:30000
I'm new to gke/gcp and this is my first project.
I'm setting up istio using https://istio.io/docs/setup/kubernetes/quick-start-gke-dm/ tutorial.
I've exposed grafana as shown in the post using:
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=grafana -o jsonpath='{.items[0].metadata.name}') 3000:3000 &
curl http://localhost:3000/dashboard/db/istio-dashboard
gives me http page on terminal, to access it from the browser I'm using master ip I get after executing kubectl cluster-info.
http://{master-ip}:3000/dashboard/db/istio-dashboard is not accessible.
How do I access services using port-forward on gke?
First grab the name of the Pod
$ kubectl get pod
and then use the port-forward command.
$ kubectl port-forward <pod-name> 3000:3000
It worked for me, I've found it from this nice website also explained on detail how to do it. Hope it can be useful.
What (exact) http page is returned by the curl command? Both of these docs [1]&[2] suggest using the url (with localhost) in the browser after setting up a tunnel to Grafana: http://localhost:3000/dashboard/db/istio-dashboard
Alternatively, have you tried with istio-ingressgateway IP address?
[1] https://github.com/GoogleCloudPlatform/gke-istio-telemetry-demo#view-grafana-ui
[2] https://istio.io/docs/setup/kubernetes/quick-start-gke-dm/#grafana