Accessing Kubernetes Dashboard from outside the cluster
Hello,
actually i am playing around with my first 2 node kubernetes cluster (hosted in 2 vm's on proxmox host).
I did a fresh install, the master node is init, the worker already joined - everything seems fine so far.
Now i would like to run the kubernetes dashboard and get access to it from outside the cluster (both nodes are running on headless debian 11).
I already tried it with proxy and port forwarding, but without success:
root@kube01:~# kubectl get services --all-namespaces NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 31m kube-system kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 31m kubernetes-dashboard dashboard-metrics-scraper ClusterIP 10.98.176.161 <none> 8000/TCP 6m26s kubernetes-dashboard kubernetes-dashboard ClusterIP 10.96.169.44 <none> 443/TCP 6m26s
At the beginning port forwarding looks fine:
root@kube01:~# kubectl port-forward -n kubernetes-dashboard service/kubernetes-dashboard 10443:443 --address 0.0.0.0 Forwarding from 0.0.0.0:10443 -> 8443
But when i call the dashboard in my browser (from outside the cluster) i get this error message and the service stops:
Handling connection for 10443 E0208 21:02:38.845683 16694 portforward.go:406] an error occurred forwarding 10443 -> 8443: error forwarding port 8443 to pod 2baa1be6282275294fc218b8341e4d23850f448314f3f49114494c299b10b5fd, uid : exit status 1: 2022/02/08 21:02:38 socat[32157] E connect(5, AF=2 127.0.0.1:8443, 16): Connection refused E0208 21:02:38.846490 16694 portforward.go:234] lost connection to pod
Any ideas, whats the problem and how to solve it?
Thanks in advance,
Alex
Archived post. New comments cannot be posted and votes cannot be cast.
Sort by:
Best
Open comment sort options
Best
Top
New
Controversial
Old
Q&A
Don't expose your dashboard, that's just giving hackers a nice peek at what they can try to exploit. I put mine up as an internal service and use a client cert for my ingress to access it: https://docs.nginx.com/nginx-ingress-controller/configuration/policy-resource/#ingressmtls
If you want to expose a service outside your cluster, assign a either a service of type nodeport or loadbalancer. Or you can deploy an ingress and do the config there.
If you want something to provision your loadbalancer services with external ip's (relative to your cluster), you should run metallb on your cluster
Kubectl port-forward isn't really the solution here, it's useful for troubleshooting but shouldn't be used to expose services outside the cluster.
You should get the kubeconfig on your pc and use that to connect to your cluster, it'll be more efficient than ssh-ing to your master node and running commands there. If you want a fancy gui, I'd suggest k8s Lens, which will let you interact with your objects and see what's up.
Hey Alex,
I can't help with the connection error much. When I tried the port-forward command you used it worked fine for me.
An alternative may be to change the service type from ClusterIP to NodePort. This will give you a port external to the cluster that can be used to access the dashboard. This wouldn't require kubectl to constantly run the port-forward.
To do this, edit the service (kubectl edit svc -n kubernetes-dashboard kubernetes-dashboard) and change "ClusterIP" to "NodePort". Then check you services again to get the node port (kubectl get svc -n kubernetes-dashboard) and try hitting that from a browser (https://<node IP>:<nodePort>). If your original problem was specific to the port-forward, this should get around it.