Login/Register
How to access local Kubernetes minikube dashboard remotely?
Asked Answered
networkingkubernetesvirtualboxportforwarding
N

11

45

Kubernetes newbie (or rather basic networking) question: Installed single node minikube (0.23 release) on a Ubuntu box running in my LAN (on IP address 192.168.0.20) with VirtualBox.

minikube start command completes successfully as well:

minikube start
Starting local Kubernetes v1.8.0 cluster...
Starting VM...
Getting VM IP address...
Moving files into cluster...
Setting up certs...
Connecting to cluster...
Setting up kubeconfig...
Starting cluster components...
Kubectl is now configured to use the cluster.

minikube dashboard also comes up successfully (running on 192.168.99.100:30000).

What I want to do is access minikube dashboard from my MacBook (running on 192.168.0.11) in the same LAN.

Also I want to access the same minikube dashboard from the internet.

For LAN Access

Now from what I understand I am using VirtualBox (the default vm option), I can change the networking type (to NAT with port forwarding) using vboxnet command

VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,,22"

as listed here

In my case it will be something like this

VBoxManage modifyvm "VM name" --natpf1 "guesthttp,http,,30000,,8080"

Am I thinking along the right lines here?

Also for remotely accessing the same minikube dashboard address, I can setup a no-ip.com like service. They asked to install their utility on Linux box and also setup port forwarding in the router settings which will port forward from host port to guest port.

Is that about right? Am I missing something here?

Neuberger answered 8/11, 2017 at 7:1 Comment(2)
I am looking for an answer to this question, so if you succeeded in setting this up and forgot to self-answer, please revisit.Stereoscopy
I tried kubectl proxy and replacing localhost with the local network IP of the host where minikube is running but it doesn't seem to be listening on all interfaces, just localhost. I don't run a graphical interface on that host so I'd really like to be able to access it from the outside.Stereoscopy
F
72

I was able to get running with something as simple as:

kubectl proxy --address='0.0.0.0' --disable-filter=true
Flanch answered 16/11, 2018 at 23:47 Comment(2)
Why do you need to use --disable-filer=true?Eire
The docs link hao's provided has moved. The command kubectl proxy --help shows the following: --disable-filter=false: If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks, when used with an accessible port.Boiardo
J
43

@Jeff provided the perfect answer, put more hints for newbies.

  1. Start a proxy using @Jeff's script, as default it will open a proxy on '0.0.0.0:8001'.

    kubectl proxy --address='0.0.0.0' --disable-filter=true

  2. Visit the dashboard via the link below:

    curl http://your_api_server_ip:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/

More details please refer to the official documentation.

Jerol answered 18/12, 2018 at 10:2 Comment(7)
I'm not sure if it's a recent change, but for me (using Minikube v1.12.1, Kubernetes v1.18.3) the dashboard namespace is kubernetes-dashboard, so the url would use: ... /api/v1/namespaces/kubernetes-dashboard/services ...Chirm
@Xeozim, according to your url, your dashboard was installed under namespace kubernetes-dashboard but not kube-system.Jerol
@Jerol I used minikube dashboard to create it so I assume that's what it defaults to now?Chirm
Same as for Jeff: Why do you need the --disable-filter=true flag?Eire
without --disable-filter=true ,you cannot access. And on that time, you should set something like this --accept-hosts=^192\.168 to allow some addresses to access.Bath
To leave filter on, you can specify your GCE vm instance's external IP here with --accept-hosts='35.246.xx.xx' . It's external here, because kube-proxy faces commutication through the CE bastion host.Glad
works for me with minikube version: v1.32.0Southwestwards
C
42

I reached this url with search keywords: minikube dashboard remote. In my case, minikube (and its dashboard) were running remotely and I wanted to access it securely from my laptop.

[my laptop] --ssh--> [remote server with minikube]

Following gmiretti's answer, my solution was local forwarding ssh tunnel:

On minikube remote server, ran these:

minikube dashboard
kubectl proxy

And on my laptop, ran these (keep localhost as is):

ssh -L 12345:localhost:8001 myLogin@myRemoteServer

The dashboard was then available at this url on my laptop:

http://localhost:12345/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/
Ciceronian answered 27/11, 2020 at 13:20 Comment(6)
Wonderful! Works a charm. Thank you!Hohenzollern
I have tried tens of answers and so far this one works like a charm!!!Guano
Whose port is 8001? Is it from the container or the VM?Detrition
port 8001 is the port on the VM. Should be open in firewall to be able to work with above command .Tellurate
minikube dashboard --port 8001Torrent
I created a bookmark folder called “Genius answers” and added this there, thank you. :-)Mestas
S
26

The ssh way

Assuming that you have ssh on your ubuntu box.

First run kubectl proxy & to expose the dashboard on http://localhost:8001

Then expose the dashboard using ssh's port forwarding, executing:

ssh -R 30000:127.0.0.1:8001 [email protected]

Now you should access the dashboard from your macbook in your LAN pointing the browser to http://192.168.0.20:30000

To expose it from outside, just expose the port 30000 using no-ip.com, maybe change it to some standard port, like 80.

Note that isn't the simplest solution but in some places would work without having superuser rights ;) You can automate the login after restarts of the ubuntu box using a init script and setting public key for connection.

Squarerigger answered 1/12, 2017 at 2:9 Comment(3)
Can you please flesh this answer out? I ran kubectl proxy & on the Ubuntu Server host and ssh -R … on the Mac and connected to it, but accessing {ubuntuServerHostLocalIp}:30000 didn't work. Do I have it right?Stereoscopy
kubectl and ssh should be run in Ubuntu so you route localhost:8001 to 192.168.0.20:3000 (if 192.168.0.20 is ubuntu box ip address). In this case, you're opening an internal port as an open port on the same computer. (Yep, you're creating an ssh connection inside your computer, just for routing) More about ssh magic here. This will be port forwarding.Squarerigger
I misunderstood kubectl proxy originally, turns out one is supposed to run that on the host where they want to see the dashboard at. That said when running on master node, SSH proxying is indeed a solution. github.com/kubernetes/dashboard/issues/692 was very helpful to me.Stereoscopy
P
8

I had the same problem recently and solved it as follows:

  1. Get your minikube VM onto the LAN by adding another network adapter in bridge network mode. For me, this was done through modifying the minikube VM in the VirtualBox UI and required VM stop/start. Not sure how this would work if you're using hyperkit. Don't muck with the default network adapters configured by minikube: minikube depends on these. https://github.com/kubernetes/minikube/issues/1471
  2. If you haven't already, install kubectl on your mac: https://kubernetes.io/docs/tasks/tools/install-kubectl/

  3. Add a cluster and associated config to the ~/.kube/config as below, modifying the server IP address to match your newly exposed VM IP. Names can also be modified if desired. Note that the insecure-skip-tls-verify: true is needed because the https certificate generated by minikube is only valid for the internal IP addresses of the VM. 

    clusters:
- cluster:
    insecure-skip-tls-verify: true
    server: https://192.168.0.101:8443
  name: mykubevm
contexts:
- context:
    cluster: mykubevm
    user: kubeuser
  name: mykubevm
users:
- name: kubeuser
  user:
    client-certificate: /Users/myname/.minikube/client.crt
    client-key: /Users/myname/.minikube/client.key

  4. Copy the ~/.minikube/client.* files referenced in the config from your linux minikube host. These are the security key files required for access.

  5. Set your kubectl context: kubectl config set-context mykubevm. At this point, your minikube cluster should be accessible (try kubectl cluster-info).

  6. Run kubectl proxy http://localhost:8000 to create a local proxy for access to the dashboard. Navigate to that address in your browser.

It's also possible to ssh to the minikube VM. Copy the ssh key pair from ~/.minikube/machines/minikube/id_rsa* to your .ssh directory (renaming to avoid blowing away other keys, e.g. mykubevm & mykubevm.pub). Then ssh -i ~/.ssh/mykubevm docker@<kubevm-IP>

Palmate answered 13/8, 2018 at 4:15 Comment(2)
for this line, "insecure-skip-tls-verify: true", what if I still want use the verify? Is there any solutions that I can regenerate the ca.crt based in the new ip?Collimate
It should be possible, but you'd need to find the minikube private key to create a new certificate. I haven't tried yet.Palmate
H
3

Thanks for your valuable answers, If you have to use the kubectl proxy command unable to view permanently, using the below "Service" object in YAML file able to view remotely until you stopped it. Create a new yaml file minikube-dashboard.yaml and write the code manually, I don't recommend copy and paste it.

apiVersion : v1
kind: Service
metadata:
  labels:
    app: kubernetes-dashboard
  name: kubernetes-dashboard-test
  namespace: kube-system
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 9090
    nodePort: 30000
  selector:
    app: kubernetes-dashboard
  type: NodePort

Execute the command,

$ sudo kubectl apply -f minikube-dashboard.yaml

Finally, open the URL: http://your-public-ip-address:30000/#!/persistentvolume?namespace=default

Heterodyne answered 28/8, 2019 at 10:32 Comment(0)
M
1

Slight variation on the approach above.

I have an http web service with NodePort 30003. I make it available on port 80 externally by running:

sudo ssh -v -i ~/.ssh/id_rsa -N -L 0.0.0.0:80:localhost:30003 ${USER}@$(hostname)

Malathion answered 21/9, 2018 at 14:16 Comment(0)
A
1

Jeff Prouty added useful answer:

I was able to get running with something as simple as:

kubectl proxy --address='0.0.0.0' --disable-filter=true

But for me it didn't worked initially.

I run this command on the CentOS 7 machine with running kubectl (local IP: 192.168.0.20).

When I tried to access dashboard from another computer (which was in LAN obviously):

http://192.168.0.20:8001/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy/

then only timeout was in my web browser.

The solution for my case is that in CentOS 7 (and probably other distros) you need to open port 8001 in your OS firewall.

So in my case I need to run in CentOS 7 terminal:

 sudo firewall-cmd --zone=public --add-port=8001/tcp --permanent
 sudo firewall-cmd --reload

And after that. It works! :)

Of course you need to be aware that this is not safe solution, because anybody have access to your dashbord now. But I think that for local lab testing it will be sufficient.

In other linux distros, command for opening ports in firewall can be different. Please use google for that.

Acceptant answered 2/3, 2019 at 17:5 Comment(0)
H
1

Just for my learning purposes I solved this issue using nginx proxy_pass. For example if the dashboard has been bound to a port, lets say 43587. So my local url to that dashboard was

http://127.0.0.1:43587/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/

Then I installed nginx and went to the out of the box config

sudo nano /etc/nginx/sites-available/default

and edited the location directive to look like this:

    location / {
        proxy_set_header Host "localhost";
        proxy_pass http://127.0.0.1:43587;
    }

then I did

sudo service nginx restart

then the dashboard was available from outside at:

http://my_server_ip/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/#/cronjob?namespace=default
Herrle answered 8/5, 2021 at 13:41 Comment(1)
Getting 404 Not foundKerato
H
0

Wanted to link this answer by iamnat.

https://stackoverflow.com/a/40773822

  1. Use minikube ip to get your minikube ip on the host machine
  2. Create the NodePort service
  3. You should be able to access the configured NodePort id via < minikubeip >:< nodeport >

This should work on the LAN as well as long as firewalls are open, if I'm not mistaken.

Harvison answered 22/11, 2020 at 15:20 Comment(0)
H
0

I have an Ubunto server, with minikube installed, and I use PuTTY on my windows 10 to connect to the server with ssh private key.

I had the same problem, and I solved it like this ( using PuTTY ) :

After connect to your server, run :

minikube dashboard --url

The output is like :

* Verifying dashboard health ...
* Launching proxy ...
* Verifying proxy health ...
http://127.0.0.1:41375/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/

Remember those two : 127.0.0.1:41375 and port 41375.

Then, in PuTTY, open new session to your server [with ssh private key] and this time with tunnels :

  1. Open PuTTY
  2. Host: [email protected]
  3. Port: 22 img: Session setting
  4. SSH required SSH private key, load your private key in: Connection --> SSH --> Auth --> Credentials img: Loading private key
  5. Now, go to Connection --> SSH --> Tunnels --> Source port: 41375 --> Destination: 127.0.0.1:41375 (the port 41375 will change ever time you run minikube dashboard --url) img: Setup tunnels
  6. --> Click Add
  7. [ you can save the those information: Session --> Saved Sessions: (choose a name) --> Save ] img: Save and open
  8. --> Click Open

Now, on your laptop (windows 10/11/...), open this link on your browser: localhost:41375/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/

Hirschfeld answered 14/3 at 12:18 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.