Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot connect to kubectl proxy #14

Closed
koss822 opened this Issue Sep 29, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@koss822
Copy link

koss822 commented Sep 29, 2018

Hello,

I did a clear installation, and I had few issues

  1. documentation - there is written that it is enough just to run "kubectl proxy", this is not really true, you have to export different port than 8080 first:

export KUBERNETES_MASTER=https://your.domain:6443

  1. documentation - it is not mentioned that if you are using SSL which is enabled by default, you have to use also CA validation, so

kubectl --certificate-authority=/etc/kubernetes/pki/ca.crt

  1. RBAC - In documantation is stated

This is intentional for security reasons (no authentication / authorization)

This is not exactly true with new version of Kubernetes, which is included in actual package. You have to use RBAC authentification according to Kubernetes documentation. I am still fighting how to get rid of this message

"message": "services "https:kubernetes-dashboard:" is forbidden: User "system:anonymous" cannot get services/proxy in the namespace "kube-system"",

After running
kubectl --certificate-authority=/etc/kubernetes/pki/ca.crt proxy

and tunneling it through SSH to my localhost

and accessing

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

Can you please help. I cannot even get pods even when I use

kubeadm token list

and use selected tokens because tokens has low privileges

[root@ip-10-0-0-18 kubernetes]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
******* 23h 2018-09-30T14:34:31Z authentication,signing system:bootstrappers:kubeadm:default-node-token

******** authentication,signing system:bootstrappers:kubeadm:default-node-token

I need a token with system.master privileges but I have no idea how to get it.

@scholzj

This comment has been minimized.

Copy link
Owner

scholzj commented Sep 29, 2018

This is what I normally do and what works:

  1. SCP the kubeconfig from the minukube (the remote host) to your localhost. The scp command is printed at the end of the Terraform execution.
  2. Do export KUBECONFIG=<pathToWhereYouCopiedTheKubeconfigFile>
  3. Do kubectl proxy on your local computer, not in the AWS machine

For this I never needed to do anything with certificates etc. These should be all in the kubeconfig file.

@koss822

This comment has been minimized.

Copy link
Author

koss822 commented Sep 30, 2018

Hello,

firstly I am very happy with your prompt and fast response. When I copied kubeconfig to my local machine I was able to see login screen to dashboard on

Unfortunately I was not able to login with kubeconfig. I had to create an user following documentation here

After this I was able to login to Dashboard with Token 🥇

It would be perfect if you would be update documentation also for others because it is very difficult for a person who is beginning with Kubernetes to start when a lot of things is not working out of the box even in demo installation.

@koss822 koss822 closed this Sep 30, 2018

@scholzj

This comment has been minimized.

Copy link
Owner

scholzj commented Sep 30, 2018

TBH, the login screen in the dashboard should normally not appear. If it does, I think there is some button to either continue or skip it (I do not have it installed right now to check it). Since the AWS Minikube is more or less intended for development work, the Dashboard is deployed with the rights it needs and should not require login. I will have a look why the login screen appears sometimes. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.