Dashboard: Unable to connect to kuberneter dashboard

Created on 11 Dec 2017 · 11Comments · Source: kubernetes/dashboard

Environment

Dashboard version: Latest
Kubernetes version: Client Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.4", GitCommit:"9befc2b8928a9426501d3bf62f72849d5cbcd5a3", GitTreeState:"clean", BuildDate:"2017-11-20T05:28:34Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"8", GitVersion:"v1.8.4", GitCommit:"9befc2b8928a9426501d3bf62f72849d5cbcd5a3", GitTreeState:"clean", BuildDate:"2017-11-20T05:17:43Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}

Operating system:centos 7
Node.js version:v6.12.0
Go version: 1.9.2

Steps to reproduce

i deployed the dashboard following the below link
https://github.com/kubernetes/dashboard
i run kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
then i try to access it from another machine using the url
https://10.157.145.187:6443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/
but i get error mentioned in the observer result

Observed result

{
"kind": "Status",
"apiVersion": "v1",
"metadata": {

},
"status": "Failure",
"message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get services/proxy in the namespace \"kube-system"",
"reason": "Forbidden",
"details": {
"name": "https:kubernetes-dashboard:",
"kind": "services"
},
"code": 403
}

Expected result

Dashboard UI should come up

Comments

Unable to understand why this forbidden error and what steps to follow to overcome it.

Source

Katiyman

Most helpful comment

Would be useful to at least link to a configuration

abhishekunotech on 4 Dec 2018

👍9

All 11 comments

Are you able to do kubectl get services -n kube-system? It seems like RBAC configuration issue.

maciaszczykm on 11 Dec 2017

Yes
kubectl get services -n kube-system
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kube-dns ClusterIP 10.96.0.10 53/UDP,53/TCP 4d
kubernetes-dashboard ClusterIP 10.100.83.130 443/TCP 9s

Katiyman on 11 Dec 2017

Okay, I have just noticed that you are trying to enter Dashboard from a different machine. When you will take a look at https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above#kubectl-proxy you will notice following information:

By default it is only accessible locally (from the machine that started it).

NOTE: Dashboard should not be exposed publicly using kubectl proxy command as it only allows HTTP connection. For domains other than localhost and 127.0.0.1 it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.

maciaszczykm on 11 Dec 2017

Thanks
I checked and followed this
API Server

In case Kubernetes API server is exposed and accessible from outside you can directly access dashboard at: https://:/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

but got the error i have mentioned

Katiyman on 11 Dec 2017

Your api server is exposed but not accessible from outside. You can not access any kubernetes endpoints if you do not authenticate and authorize yourself. This is not a Dashboard issue, but rather configuration.

floreks on 11 Dec 2017

❤3

Closing as this is not a Dashboard issue.

floreks on 12 Dec 2017

Would be useful to at least link to a configuration

abhishekunotech on 4 Dec 2018

👍9

how to allow acces with certificat, the https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above#api-server link explain that is possible but not explain how to do...

mcarbonneaux on 31 Dec 2018

Would be useful to at least link to a configuration

The authentication and authorization setup needed to access the dashboard is described here
https://github.com/kubernetes/dashboard/wiki/Access-control