Kubernetes 仪表板通过 kubectl 代理 - 端口混淆

Question

I have seen that the standard way to access http services through the kubectl proxy is the following: http://api.host/api/v1/namespaces/NAMESPACE/services/SERVICE_NAME:SERVICE_PORT/proxy/

Why is it that the kubernetes-dashboard uses https:kubernetes-dashboard: for SERVICE_NAME:SERVICE_PORT ?

I would assume from the following that it would be kubernetes_dashboard:443 .

kubectl -n kube-system get service kubernetes-dashboard -o wide
NAME                   TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE   SELECTOR
kubernetes-dashboard   ClusterIP   10.233.50.212   <none>        443:31663/TCP   15d   k8s-app=kubernetes-dashboard

Additionally, what is the meaning of the port show 443:31663 when all other services will just have x/TCP ( x being one number instead of x : y )

Lastly, kubectl cluster-info will show

Kubernetes master is running at https://x.x.x.x:x
kubernetes-dashboard is running at https://x.x.x.x:x/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy

I have created a simple service but it does not show here and I am confused how to determine what services show here or not.

Answer 1

Why is it that the kubernetes-dashboard uses https:kubernetes-dashboard: for SERVICE_NAME:SERVICE_PORT?

Additionally, what is the meaning of the port show 443:31663 when all other services will just have x/TCP (x being one number instead of x:y)

As described in Manually constructing apiserver proxy URLs , the default way is

http://kubernetes_master_address/api/v1/namespaces/namespace_name/services/service_name[:port_name]/proxy

By default, the API server proxies to your service using http. To use https, prefix the service name with https::

http://kubernetes_master_address/api/v1/namespaces/namespace_name/services/https:service_name:[port_name]/proxy

The supported formats for the name segment of the URL are:

<service_name> - proxies to the default or unnamed port using http

<service_name>:<port_name> - proxies to the specified port using http

https:<service_name>: - proxies to the default or unnamed port using https (note the trailing colon)

https:<service_name>:<port_name> - proxies to the specified port using https

Next:

I have created a simple service but it does not show here and I am confused how to determine what services show here or not.

What is what I found and tested for you:

cluster-info API reference :

Display addresses of the master and services with label kubernetes.io/cluster-service=true To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

So, as soon as you add kubernetes.io/cluster-service: "true" label - the service starts to be seen under kubectl cluster-info .

BUT.! There is an expected behavior when you see that you service disappear from output in couple of minutes. Explanation has been found here - I only copy paste it here for future reference.

The other part is the addon manager. It uses this annotation to synchronizes the cluster state with static manifest files. The behavior was something like this:

1) addon manager reads a yaml from disk -> deploys the contents

2) addon manager reads all deployments from api server with annotation cluster-service:true -> deletes all that do not exist as files

As a result, if you add this annotation, addon manager will remove dashboard after a minute or so.

So,

dashboard is deployed after cluster creation -> annotation should not be set: https://github.com/kubernetes/dashboard/blob/b98d167dadaafb665a28091d1e975cf74eb31c94/src/deploy/kubernetes-dashboard.yaml

dashboard is deployed part of cluster creation -> annotation should be set: https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dashboard/dashboard-controller.yaml

At least this was the behavior some time ago. I think kubeadm does not use addon-manager. But it is still part of kube-up script.

Solution for this behavior also exists: add additional label addonmanager.kubernetes.io/mode: EnsureExists

Explanation is here

You final service should look like:

# ------------------- Dashboard Service ------------------- #

kind: Service
apiVersion: v1
metadata:
  labels:
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"
    addonmanager.kubernetes.io/mode: EnsureExists
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  ports:
    - port: 443
      targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard



kubectl get svc kubernetes-dashboard -n kube-system -o yaml
apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"addonmanager.kubernetes.io/mode":"EnsureExists","k8s-app":"kubernetes-dashboard","kubernetes.io/cluster-service":"true"},"name":"kubernetes-dashboard","namespace":"kube-system"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s-app":"kubernetes-dashboard"}}}
  labels:
    addonmanager.kubernetes.io/mode: EnsureExists
    k8s-app: kubernetes-dashboard
    kubernetes.io/cluster-service: "true"



kubectl cluster-info
Kubernetes master is running at https://*.*.*.*
...
kubernetes-dashboard is running at https://*.*.*.*/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
...