如何使用令牌远程访问 kubernetes 仪表板

Question

There are many guides, answers, etc... that specifically show how to enable the kubernetes dashboard, and several that attempt to explain how to remotely access them, but many have an issue with regard to accepting the token once you get to the login screen.

The problem as I understand it is that the service does not (rightfully) accept remote tokens over http. Even though I can get to the login screen I can't get into the dashboard due to the inability to use the token. How can I get around this limitation?

Answer 1

Taken from https://www.edureka.co/community/31282/is-accessing-kubernetes-dashboard-remotely-possible :

you need to make the request from the remote host look like it's coming from a localhost (where the dashboard is running):

From the system running kubernetes / dashboard:

Deploy the dashboard UI:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta6/aio/deploy/recommended.yaml

Start the proxy:

kubectl proxy&

Create a secret:

kubectl create serviceaccount [account name]

kubectl create clusterrolebinding dashboard-admin --clusterrole=cluster-admin --serviceaccount=default:[account name]

kubectl get secret

kubectl describe secret [account name]

From the system you wish to access the dashboard:

Create an ssh tunnel to the remote system (the system running the dashboard):

ssh -L 9999:127.0.0.1:8001 -N -f -l [remote system username] [ip address of remote system] -P [port you are running ssh on]

You will likely need to enter a password unless you are using keys. Once you've done all this, from the system you established the ssh connection access http://localhost:9999/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

You can change the port 9999 to anything you'd like.

Once you open the browser url, copy the token from the "describe secret" step and paste it in.