如何在没有 Ingress 的情况下远程访问 kube.netes microk8s 仪表板？

Question

I am new to Kube.netes and i am trying to deploy a MicroKube.netes cluster on 4 raspberry PIs. I am struggling with setting up the dashboard since (no joke) a total of about 30 hours now and starting to be extremely frustrated. I just cannot access the dashboard remotely.

Solutions that didnt work out:

No.1 Ingress:

I managed to enable ingress but it seems to be extremely complicated to connect it to the dashboard since i manually have to resolve DNS properties inside pods and host machines. I eventually gave up on that. There is also no documentation whatsoever available how to set an ingress up without having a valid bought domain pointing at your Ingress Node.

If you are able to guide me through this, i am up for it.

No.2 Change service type of dashboard to LoadBalancer or NodePort:

With this method i can actually expose the dashboard... but it can only be accessed through https.... Since dashbaord seems to use self signed certificates or some other mechanism i cannot access the dashboard via a browser. The browsers(chrome firefox) always refuse to connect to the dashboard... When i try to access via http the browsers say i need to use https.

No.3 kube-proxy:

This only allows Localhost connections. YOu can pass arguments to kube proxy to allow other hosts to access the dashboard... but then again we have the https/http problem

At this point it is just amazing to me how extremly hard it is to just access this simple dashboard... Can anybody give any advice on how to access it?

a@k8s-node-1:~/kubernetes$ kctl describe service kubernetes-dashboard -n kube-system
Name:                     kubernetes-dashboard
Namespace:                kube-system
Labels:                   k8s-app=kubernetes-dashboard
Annotations:              <none>
Selector:                 k8s-app=kubernetes-dashboard
Type:                     NodePort
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.152.183.249
IPs:                      10.152.183.249
Port:                     <unset>  443/TCP
TargetPort:               8443/TCP
NodePort:                 <unset>  32228/TCP
Endpoints:                10.1.140.67:8443
Session Affinity:         None
External Traffic Policy:  Cluster

$ kubectl edit svc -n kube-system kubernetes-dashboard

# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"Service","metadata":{"annotations":{},"labels":{"k8s-app":"kubernetes-dashboard"},"name":"kubernetes-dashboard","namespace":"kube-system"},"spec":{"ports":[{"port":443,"targetPort":8443}],"selector":{"k8s>
  creationTimestamp: "2022-03-21T14:30:10Z"
  labels:
    k8s-app: kubernetes-dashboard
  name: kubernetes-dashboard
  namespace: kube-system
  resourceVersion: "43060"
  selfLink: /api/v1/namespaces/kube-system/services/kubernetes-dashboard
  uid: fcb45ccc-070b-4a4d-b987-41f5b7777559
spec:
  clusterIP: 10.152.183.249
  clusterIPs:
  - 10.152.183.249
  externalTrafficPolicy: Cluster
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - nodePort: 32228
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    k8s-app: kubernetes-dashboard
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

a@k8s-node-1:~/kubernetes$ kctl get services -n kube-system
NAME                        TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                  AGE
metrics-server              ClusterIP   10.152.183.233   <none>        443/TCP                  165m
kube-dns                    ClusterIP   10.152.183.10    <none>        53/UDP,53/TCP,9153/TCP   142m
dashboard-metrics-scraper   ClusterIP   10.152.183.202   <none>        8000/TCP                 32m
kubernetes-dashboard        NodePort    10.152.183.249   <none>        443:32228/TCP            32m

a@k8s-node-1:~/kubernetes$ cat dashboard-ingress.yaml 
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  annotations:
    kubernetes.io/ingress.class: nginx
    nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
  name: dashboard
  namespace: kube-system
spec:
  rules:
    - host: nonexistent.net
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard
                port:
                  number: 8080

a@k8s-node-1:~/kubernetes$ kctl get pods --all-namespaces -o wide
NAMESPACE     NAME                                         READY   STATUS    RESTARTS        AGE     IP               NODE         NOMINATED NODE   READINESS GATES
kube-system   calico-node-c4shb                            1/1     Running   0               3h23m   192.168.180.47   k8s-node-2   <none>           <none>
ingress       nginx-ingress-microk8s-controller-nvcvx      1/1     Running   0               3h12m   10.1.140.66      k8s-node-2   <none>           <none>
kube-system   calico-node-ptwmk                            1/1     Running   0               3h23m   192.168.180.48   k8s-node-3   <none>           <none>
ingress       nginx-ingress-microk8s-controller-hksg7      1/1     Running   0               3h12m   10.1.55.131      k8s-node-4   <none>           <none>
ingress       nginx-ingress-microk8s-controller-tk9dj      1/1     Running   0               3h12m   10.1.76.129      k8s-node-3   <none>           <none>
ingress       nginx-ingress-microk8s-controller-c8t54      1/1     Running   0               3h12m   10.1.109.66      k8s-node-1   <none>           <none>
kube-system   calico-node-k65fz                            1/1     Running   0               3h22m   192.168.180.52   k8s-node-4   <none>           <none>
kube-system   coredns-64c6478b6c-584s8                     1/1     Running   0               177m    10.1.109.67      k8s-node-1   <none>           <none>
kube-system   calico-kube-controllers-6966456d6b-vvnm6     1/1     Running   0               3h24m   10.1.109.65      k8s-node-1   <none>           <none>
kube-system   calico-node-7jhz9                            1/1     Running   0               3h33m   192.168.180.46   k8s-node-1   <none>           <none>
kube-system   metrics-server-647bdc584d-ldf8q              1/1     Running   1 (3h19m ago)   3h20m   10.1.55.129      k8s-node-4   <none>           <none>
kube-system   kubernetes-dashboard-585bdb5648-8s9xt        1/1     Running   0               67m     10.1.140.67      k8s-node-2   <none>           <none>
kube-system   dashboard-metrics-scraper-69d9497b54-x7vt9   1/1     Running   0               67m     10.1.55.132      k8s-node-4   <none>           <none>

Answer 1

Using an ingress is indeed the preferred way, but since you seem to have trouble in your environment, you can indeed use a LoadBalancer service.

To avoid the problem with the automatically generated certificates, provide your certificate and private key to the dashboard, for example as a secret, and use the flags --tls-key-file and --tls-cert-file to point to the certificate. More details: https://github.com/kube.netes/dashboard/blob/master/docs/user/certificate-management.md