What is the correct way to access the K8S dashboard?
As far as I know, You would not want to expose your k8s dashboard to external world Since It's a graphical way to get access to your k8s cluster that's why the service type of k8s-dashboard is clusterIP instead of LoadBalancer or NodePort( Minikube uses it).
Now If you want to access the dashboard without exposing it to the external world.There are 2 ways which you have described in the question.
- Kubectl proxy (It create HTTP proxy to kube-api Server)
- Kubectl port-forward (it create TCP proxy to k8s-dashboard pod)
As no time to test the suggestion by Suresh, used below for now.
Get the kubernetes-dashboard service account token (given cluster-admin role).
$ kubectl get secret -n kube-system | grep kubernetes-dashboardkubernetes-dashboard-token-42b78 kubernetes.io/service-account-token 3 1h$ kubectl describe secret kubernetes-dashboard-token-42b78 -n kube-systemName: kubernetes-dashboard-token-42b78Namespace: kube-systemLabels: <none>Annotations: kubernetes.io/service-account.name=kubernetes-dashboard kubernetes.io/service-account.uid=36347792-ecdf-11e7-9ca8-06bb783bb15cType: kubernetes.io/service-account-tokenData====ca.crt: 1025 bytesnamespace: 11 bytestoken: <TOKEN>
Start SSH tunnel.
ssh -L localhost:8001:172.31.4.117:6443 centos@<K8SServer>
Use Chrome ModHeader extension to send the Bearer token.
Access the API server endpoint via SSH tunnel (local port 8001).
https://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
For those stuck with a status-code 403
and coredns- containers stuck during creation, try installing a pod network add-on for your cluster:
Calico for example:
kubectl apply -f https://docs.projectcalico.org/v3.8/manifests/calico.yaml
source: https://kubernetes.io/fr/docs/setup/independent/create-cluster-kubeadm/