dashboard not working with https

[dorsegal]

Hi I upgraded the dashboard from 1.7 using the recommended steps and for some reason https is not working.

I created a secret with our certificates (issued from godaddy). when i try https://api.example.com/ui im getting this:

Error: 'malformed HTTP response "\x15\x03\x01\x00\x02\x02"'
Trying to reach: 'http://100.96.0.9:8443/'

here is the startup logs from the dashboard container:

2017/09/25 11:13:41 Starting overwatch
2017/09/25 11:13:41 Using in-cluster config to connect to apiserver
2017/09/25 11:13:41 Using service account token for csrf signing
2017/09/25 11:13:41 No request provided. Skipping authorization
2017/09/25 11:13:41 Successful initial request to the apiserver, version: v1.7.0
2017/09/25 11:13:41 New synchronizer has been registered: kubernetes-dashboard-key-holder-kube-system. Starting
2017/09/25 11:13:41 Starting secret synchronizer for kubernetes-dashboard-key-holder in namespace kube-system
2017/09/25 11:13:41 Initializing secret synchronizer synchronously using secret kubernetes-dashboard-key-holder from namespace kube-system
2017/09/25 11:13:41 Initializing JWE encryption key from synchronized object
2017/09/25 11:13:41 Creating in-cluster Heapster client
2017/09/25 11:13:41 Trying to update secret with same object. Skipping
2017/09/25 11:13:41 Serving securely on HTTPS port: 8443
2017/09/25 11:13:41 Successful request to heapster
2017/09/25 11:13:49 Getting application global configuration
2017/09/25 11:13:49 Application configuration {"serverTime":1506338029475}

Dashboard version: 1.7
Kubernetes version: 1.7

[floreks]

https://github.com/kubernetes/dashboard/wiki/Accessing-dashboard

[dorsegal]

I can connect via https://<master-ip>:<apiserver-port>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ but browser still warns about unsecure connection

[floreks]

In this case certificate presented in the browser will be certificate of the API server. The one specified by --tls-cert-file flag in kube-apiserver.

[cheld]

@dorsegal with kubectl proxy creates a secure channel to apiserver. It is the simplest way to connect to apiserver.

[cloorc]

@cheld Hi, I started my cluster through kubeadm init and create proxy with --kubeconfig ${HOME}/.kube/config option. The ${HOME}/.kube/config file is actually copied from /etc/kubernetes/admin.conf. After my proxy started, access /ui threw this exception too. Would you please give me some advice about how to solve this problem?

Pods already started are as following:

NAME                                    READY     STATUS    RESTARTS   AGE
etcd-z0228                              1/1       Running   0          48m
kube-apiserver-z0228                    1/1       Running   0          49m
kube-controller-manager-z0228           1/1       Running   0          48m
kube-dns-545bc4bfd4-2d5b2               3/3       Running   0          49m
kube-flannel-ds-8dtz2                   1/1       Running   0          45m
kube-proxy-fzpsv                        1/1       Running   0          49m
kube-scheduler-z0228                    1/1       Running   0          48m
kubernetes-dashboard-79d9896c7b-kjk7w   1/1       Running   0          29m

Proxy command is sudo kubectl --kubeconfig ${HOME}/.kube/config proxy --port 80. http://127.0.0.1/ works, however, http://127.0.0.1/ui will be redirected to http://127.0.0.1/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy/ and the content is as following:

Error: 'malformed HTTP response "\x15\x03\x01\x00\x02\x02"'
Trying to reach: 'http://10.244.0.4:8443/'

---

Images already downloaded:

REPOSITORY                                                 TAG                 IMAGE ID            CREATED             SIZE
gcr.io/google_containers/kubernetes-dashboard-init-amd64   v1.0.1              95bfc2b3e5a3        21 hours ago        250.5 MB
gcr.io/google_containers/kube-controller-manager-amd64     v1.8.1              08514038038e        5 days ago          129.2 MB
gcr.io/google_containers/kube-apiserver-amd64              v1.8.1              e24ccd46aab5        5 days ago          194 MB
gcr.io/google_containers/kube-scheduler-amd64              v1.8.1              e9999818cef2        5 days ago          54.88 MB
gcr.io/google_containers/kube-proxy-amd64                  v1.8.1              30643046b829        5 days ago          93.14 MB
gcr.io/google_containers/kubernetes-dashboard-amd64        v1.7.1              294879c6444e        2 weeks ago         128.4 MB
gcr.io/google_containers/k8s-dns-sidecar-amd64             1.14.5              fed89e8b4248        2 weeks ago         41.82 MB
gcr.io/google_containers/k8s-dns-kube-dns-amd64            1.14.5              512cd7425a73        2 weeks ago         49.39 MB
gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64       1.14.5              459944ce8cc4        2 weeks ago         41.42 MB
quay.io/coreos/flannel                                     v0.9.0-amd64        4c600a64a18a        3 weeks ago         51.34 MB
gcr.io/google_containers/etcd-amd64                        3.0.17              243830dae7dd        7 months ago        168.9 MB
gcr.io/google_containers/pause-amd64                       3.0                 99e59f495ffa        17 months ago       746.9 kB

[floreks]

Do not use /ui redirect as it has not been updated yet. Our main README and Acessing Dashboard guide on wiki pages have correct link to Dashboard. Read them please.

[cheld]

Copy & paste the correct link. /ui is currently not working

[cloorc]

@floreks @cheld Ok, thanks a lot! However, it tolds me handshake timeout. Actually I'm reusing /etc/kubernetes/pki/front-proxy-client.crt and /etc/kubernetes/pki/front-proxy-client.key as its certs according to https://github.com/kubernetes/dashboard/wiki/Installation#recommended-setup .

My steps are(I just want to reuse these keys instead of generating new keys manually):

cp /etc/kubernetes/pki/front-proxy-client.crt $HOME/certs/dashboard.crt
cp /etc/kubernetes/pki/front-proxy-client.key $HOME/certs/dashboard.key
kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system
kubectl apply -f https://github.com/kubernetes/dashboard/wiki/Installation#recommended-setup
kubectl --kubeconfig $HOME/.kube/config proxy --port 80

When I trying to access http://127.0.0.1/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/, it tells me like this:

Error: 'net/http: TLS handshake timeout'
Trying to reach: 'https://10.244.0.6:8443/'

I guess it's a problem about certificate, I've no idea what's wrong with it. Could you guys please give me some suggestion? Thanks a head!

[floreks]

Can you show us the logs from dashboard pod?

[cloorc]

@floreks Sorry, logs from dashboad are as following:

z0228@z0228:~$ kubectl -n kube-system logs kubernetes-dashboard-79d9896c7b-rnknc
2017/10/17 07:47:41 Starting overwatch
2017/10/17 07:47:41 Using in-cluster config to connect to apiserver
2017/10/17 07:47:41 Using service account token for csrf signing
2017/10/17 07:47:41 No request provided. Skipping authorization
2017/10/17 07:47:41 Successful initial request to the apiserver, version: v1.8.1
2017/10/17 07:47:41 New synchronizer has been registered: kubernetes-dashboard-key-holder-kube-system. Starting
2017/10/17 07:47:41 Starting secret synchronizer for kubernetes-dashboard-key-holder in namespace kube-system
2017/10/17 07:47:41 Initializing secret synchronizer synchronously using secret kubernetes-dashboard-key-holder from namespace kube-system
2017/10/17 07:47:41 Initializing JWE encryption key from synchronized object
2017/10/17 07:47:41 Trying to update secret with same object. Skipping
2017/10/17 07:47:41 Creating in-cluster Heapster client
2017/10/17 07:47:41 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 07:47:41 Serving securely on HTTPS port: 8443
2017/10/17 07:48:11 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 07:48:41 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 07:49:11 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 07:49:41 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 07:50:11 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 07:50:41 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 07:51:02 http: TLS handshake error from 10.244.0.1:42704: tls: first record does not look like a TLS handshake
2017/10/17 07:51:03 http: TLS handshake error from 10.244.0.1:42706: tls: first record does not look like a TLS handshake
2017/10/17 07:51:03 http: TLS handshake error from 10.244.0.1:42708: tls: first record does not look like a TLS handshake
2017/10/17 07:51:08 http: TLS handshake error from 10.244.0.1:42718: tls: first record does not look like a TLS handshake
2017/10/17 07:51:11 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 08:20:11 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 08:20:34 http: TLS handshake error from 10.244.0.1:47162: tls: first record does not look like a TLS handshake
2017/10/17 08:20:41 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.

[floreks]

Have you tried to use autogenerated certificates (do not provide your own, let them be created by init container)? If it will work then possibly there is a problem with your certificates and they can not be used.

[cloorc]

@floreks Actually, just let dashboard do everything is my first solution and my actually command is as following:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml

I've removed these pods before I recreating them. Now the response is as following:

Error: 'net/http: TLS handshake timeout'
Trying to reach: 'https://10.244.0.7:9090/'

Logging information looks like this:

2017/10/17 08:53:54 Starting overwatch
2017/10/17 08:53:54 Using in-cluster config to connect to apiserver
2017/10/17 08:53:54 Using service account token for csrf signing
2017/10/17 08:53:54 No request provided. Skipping authorization
2017/10/17 08:53:54 Successful initial request to the apiserver, version: v1.8.1
2017/10/17 08:53:54 New synchronizer has been registered: kubernetes-dashboard-key-holder-kube-system. Starting
2017/10/17 08:53:54 Starting secret synchronizer for kubernetes-dashboard-key-holder in namespace kube-system
2017/10/17 08:53:54 Initializing secret synchronizer synchronously using secret kubernetes-dashboard-key-holder from namespace kube-system
2017/10/17 08:53:54 Initializing JWE encryption key from synchronized object
2017/10/17 08:53:54 Trying to update secret with same object. Skipping
2017/10/17 08:53:54 Creating in-cluster Heapster client
2017/10/17 08:53:54 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 08:53:54 Serving insecurely on HTTP port: 9090
2017/10/17 08:54:24 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 08:54:54 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 08:55:24 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 08:55:54 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 08:56:24 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 08:56:54 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 08:57:24 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.

This time, the ip address seems changed from https://10.244.0.6:8443/ to https://10.244.0.7:9090/. And the /ui is working now, although there are still some errors as following:

Actually, there are no functions can be retrieved.

[floreks]

These are not errors but warnings that current user does not have access to listed resources.

Serving insecurely on HTTP port: 9090

This means that --tls-key-file and --tls-cert-file flags were not passed to Dashboard and certs were not used to serve Dashboard securely. /ui point to old, insecure Dashboard (HTTP endpoint).

[cloorc]

Ok, I've copied my apiserver.crt and apiserver.key to $HOME/certs and rename them to dashboard.crt and dashboard.key, I recreated resources as following:

kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system
wget https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl apply -f kubernetes-dashboard.yaml

Logs from dashboard are as following:

2017/10/17 09:29:44 Starting overwatch
2017/10/17 09:29:44 Using in-cluster config to connect to apiserver
2017/10/17 09:29:44 Using service account token for csrf signing
2017/10/17 09:29:44 No request provided. Skipping authorization
2017/10/17 09:29:44 Successful initial request to the apiserver, version: v1.8.1
2017/10/17 09:29:44 New synchronizer has been registered: kubernetes-dashboard-key-holder-kube-system. Starting
2017/10/17 09:29:44 Starting secret synchronizer for kubernetes-dashboard-key-holder in namespace kube-system
2017/10/17 09:29:44 Initializing secret synchronizer synchronously using secret kubernetes-dashboard-key-holder from namespace kube-system
2017/10/17 09:29:44 Initializing JWE encryption key from synchronized object
2017/10/17 09:29:44 Trying to update secret with same object. Skipping
2017/10/17 09:29:44 Creating in-cluster Heapster client
2017/10/17 09:29:44 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 09:29:44 Serving securely on HTTPS port: 8443
2017/10/17 09:30:14 Metric client health check failed: the server could not find the requested resource (get services heapster). Retrying in 30 seconds.
2017/10/17 09:30:33 http: TLS handshake error from 10.244.0.1:41198: tls: first record does not look like a TLS handshake
2

Then I retried http://127.0.0.1/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ and been told:

Error: 'net/http: TLS handshake timeout'
Trying to reach: 'https://10.244.0.9:8443/'

Browser http://127.0.0.1/ui and it was redirected to http://127.0.0.1/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy/#!/overview?namespace=default and it told me like this:

Error: 'malformed HTTP response "\x15\x03\x01\x00\x02\x02"'
Trying to reach: 'http://10.244.0.9:8443/'

I 've checked the yaml file, and I know kubernetes-dashboard-secret will be mounted as /certs. Furthermore, --tls-cert-file will actually bind to /certs/dashboard.crt and --tls-key-file will actually bind to /certs/dashboard.key. BTW, dashboard will access apiserver by apiserver certificates, which are providded in certs, am I right? Why it won't work yet?

[floreks]

I asked you not to provide your own certs and let them be autogenerated. Delete created secret and use command from our README. I need to know if this will work.

[cloorc]

I've done that already. Please check my last post(#issuecomment-337165510).

---

Sorry, the only difference between #issuecomment-337165510 is this test based on https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml and #issuecomment-337165510 based on https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml . In post #issuecomment-337165510 , /ui can be accessed but accessing resources is forbidden.

---

1. Remove old resources(kubectl delete -f kubernetes-dashboard.yaml) and make sure old dashboard pod has already been destroyed(kubectl -n kube-system get pods won't show it already);
2. Create everything as kubernetes-dashboard.yaml(kubectl apply -f kubernetes-dashboard.yaml);
3. Make sure dashboard pod has already been created and started(kubernetes-dashboard-79d9896c7b-bfrwr 1/1 Running 0 7s)
4. Start my proxy sudo kubectl --kubeconfig $HOME/.kube/config proxy --port 80
5. Open my browser and point it to http://127.0.0.1/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/, shows Error: 'net/http: TLS handshake timeout' Trying to reach: 'https://10.244.0.11:8443/'
6. Try to access /ui and the location was redirected to http://127.0.0.1/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy/ and told me Error: 'malformed HTTP response "\x15\x03\x01\x00\x02\x02"' Trying to reach: 'http://10.244.0.10:8443/'

My last post is trying to resolve the problem of forbidden access of resources, in which you told me there are no flags of --tls-cert-file and --tls-key-file provided. However, I thought copying apiserver.{crt,key} as dashboard.{crt,key} and creating kubernetes-dashboard-certs manully would solve this problem, but it is not. Isn't it what you are mean? And what should be the right solution for supply these flags?

BTW, kubernetes-dashboard.yaml is freshly downloaded from https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml supplied in README.md

[floreks]

If you do not provide certificates manually (kubectl create secret --from-file ...), they are created automatically by our init container. I am certain that it generates correct certificates and I wanted to make sure that it is not certificates fault. That is why I asked you not to create secret manually.

If this scenario does not work then kubernetes version 1.8.1 might be the cause. They might have changed something. Dashboard 1.7.X is known to be working only with same core version 1.7.X. We can not guarantee that future versions of core will work with older versions of Dashboard.

Are you able to check if version is the cause?

[cloorc]

Yes, create kubernetes-dashboard based on https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml won't work in my circumstance. Now I'm sure dashboard created based on https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml would make /ui work (old style), but all resources can not be accessed.

I'll downgrade my kubernetes to 1.7.8 and test it later.

[cloorc]

Kubernetes : v1.7.8 Dashboard : v1.7.1

Version information:

kubeadm version: &version.Info{Major:"1", Minor:"7", GitVersion:"v1.7.8", GitCommit:"bc6162cc70b4a39a7f39391564e0dd0be60b39e9", GitTreeState:"clean", BuildDate:"2017-10-05T06:35:40Z", GoVersion:"go1.8.3", Compiler:"gc", Platform:"linux/amd64"}

Steps:

https_proxy=http://127.0.0.1:2080 wget -O readme.yaml https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl apply -f readme.yaml
sudo kubectl --kubeconfig /home/z0228/.kube/config proxy --port 80

Results:

https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml not work for both old style and new style. https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml just as former post.

I'm not sure what's the real reason for this problem.

I'm going to do some study about access control based on alternative dashboard creation.

[cloorc]

I'm going to deploy dashboard through alternative method according to wiki and grant admin access for local usage. /ui works in this manner. Thanks a lot!

[dotw]

I have the same issue with k8s 1.8. @cloorc , could you let us know how to make it work?

[KeithTt]

There are many TLS errors in my case:

# kubectl logs -f kubernetes-dashboard-3168217588-6vdz0 -n kube-system

...
2017/11/02 18:13:50 http: TLS handshake error from 172.17.0.1:27531: EOF
2017/11/02 18:13:50 http: TLS handshake error from 172.17.0.1:26333: EOF
2017/11/02 18:13:51 http: TLS handshake error from 172.17.0.1:28635: EOF
2017/11/02 18:13:51 http: TLS handshake error from 172.17.0.1:36110: EOF
2017/11/02 18:13:51 http: TLS handshake error from 172.17.0.1:33731: EOF
2017/11/02 18:13:51 http: TLS handshake error from 172.17.0.1:29863: EOF
2017/11/02 18:13:51 http: TLS handshake error from 172.17.0.1:18200: EOF
2017/11/02 18:13:51 http: TLS handshake error from 172.17.0.1:20909: EOF
2017/11/02 18:13:52 http: TLS handshake error from 172.17.0.1:7458: EOF
2017/11/02 18:13:52 http: TLS handshake error from 172.17.0.1:5308: EOF
2017/11/02 18:13:52 http: TLS handshake error from 172.17.0.1:20494: EOF
2017/11/02 18:13:52 http: TLS handshake error from 172.17.0.1:26512: EOF
2017/11/02 18:13:52 http: TLS handshake error from 172.17.0.1:37642: EOF
2017/11/02 18:13:52 http: TLS handshake error from 172.17.0.1:59152: EOF
...

I followed the official guide:

https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/

[cloorc]

In my circumstance, I tried installing k8s in a fresh new initialized virtual machine, in which there will have no port conflicting problems. By the way, how have you installed kube*? I've installed them by command apt install. TLS problems mostly because of the kubelet is not running.

[KeithTt]

kubelet is running. And the kubernetes seems healthy, I guess there is something wrong with dashboard, I am reading the wiki page of dashboard project.

[rama-arun]

This helped me --- take it for what its worth.

https://github.com/kubernetes/dashboard/issues/2465

[ngocketit]

Instructions on this work for me.

[thomasjungblut]

so indeed something changed. I tried to create a dashboard with the current latest 1.7.1 (https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml). I get the TLS handshake issue.

I works however with the 1.6.3 version of this. Any idea? None of the instructions above seem to do it so far.

[nelson-cf]

To make a long story short - BEFORE authentication, the /ui redirect will not work. Go here instead and it will ask you to authenticate: http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

It should redirect here after login: http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Thanks to @rama-arun for the link.

[HolimaX]

To make a long story short - BEFORE authentication, the /ui redirect will not work. Go here instead and it will ask you to authenticate: http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

It should redirect here after login: http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Thanks to @rama-arun for the link.

Hmm. It still does not work for me. Tried to do kubectl proxy both from dashboard node, both from master node on windows 10, still nothing opens. Tried both ClusterIP, both NodePort setting for Service, nothing helps.

Cluster set up using https://www.cloudtechnologyexperts.com/kubeadm-on-aws/ and the kubernetes-dashbaord made deployed using https://github.com/HolimaX/React/blob/feature/update_k8s_resources/.k8sconfig/README.md .

Logs from pod: 2019/08/08 12:14:43 Using namespace: kubernetes-dashboard 2019/08/08 12:14:43 Using in-cluster config to connect to apiserver 2019/08/08 12:14:43 Using secret token for csrf signing 2019/08/08 12:14:43 Initializing csrf token from kubernetes-dashboard-csrf secret 2019/08/08 12:14:43 Starting overwatch 2019/08/08 12:14:43 Empty token. Generating and storing in a secret kubernetes-dashboard-csrf 2019/08/08 12:14:43 Successful initial request to the apiserver, version: v1.15.1 2019/08/08 12:14:43 Generating JWE encryption key 2019/08/08 12:14:43 New synchronizer has been registered: kubernetes-dashboard-key-holder-kubernetes-dashboard. Starting 2019/08/08 12:14:43 Starting secret synchronizer for kubernetes-dashboard-key-holder in namespace kubernetes-dashboard 2019/08/08 12:14:44 Initializing JWE encryption key from synchronized object 2019/08/08 12:14:44 Creating in-cluster Sidecar client 2019/08/08 12:14:44 Auto-generating certificates 2019/08/08 12:14:44 Successfully created certificates 2019/08/08 12:14:44 Serving securely on HTTPS port: 8443 2019/08/08 12:14:45 Metric client health check failed: the server is currently unable to handle the request (get services dashboard-metrics-scraper). Retrying in 30 seconds. 2019/08/08 12:15:15 Successful request to sidecar 2019/08/08 13:02:43 http: TLS handshake error from 10.36.0.2:61505: remote error: tls: unknown certificate 2019/08/08 13:02:43 http: TLS handshake error from 10.36.0.2:61504: remote error: tls: unknown certificate 2019/08/08 13:02:43 http: TLS handshake error from 10.36.0.2:61507: remote error: tls: unknown certificate 2019/08/08 13:02:43 http: TLS handshake error from 10.36.0.2:61506: remote error: tls: unknown certificate 2019/08/08 13:02:52 http: TLS handshake error from 10.36.0.2:61510: remote error: tls: unknown certificate 2019/08/08 13:02:52 http: TLS handshake error from 10.36.0.2:61509: remote error: tls: unknown certificate 2019/08/08 13:03:25 http: TLS handshake error from 10.36.0.2:61518: remote error: tls: unknown certificate 2019/08/08 13:03:25 http: TLS handshake error from 10.36.0.2:61519: remote error: tls: unknown certificate 2019/08/08 13:03:55 http: TLS handshake error from 10.36.0.2:61530: remote error: tls: unknown certificate 2019/08/08 13:03:55 http: TLS handshake error from 10.36.0.2:61529: remote error: tls: unknown certificate 2019/08/08 13:06:41 http: TLS handshake error from 10.36.0.2:61596: EOF 2019/08/08 13:26:38 http: TLS handshake error from 10.36.0.2:62152: EOF 2019/08/08 13:27:01 http: TLS handshake error from 10.36.0.2:62156: EOF 2019/08/08 13:27:35 http: TLS handshake error from 10.36.0.2:62165: EOF

[jturi]

• Make sure kubernetes is running with minikube or Docker for Windows/Mac, etc.
• Check kubectl version
• Download a dashboard file: curl -O https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
• Load kubectl apply -f kubernetes-dashboard.yaml
• Run dashboard kubectl proxy
• Go to the login page and select Token option:
• (Link1) http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
• Generate token with kubectl: kubectl -n kube-system get secret
• Look for something like this:

  deployment-controller-token-fwwd4     kubernetes.io/service-account-token   3  9d

• Run kubectl -n kube-system describe secret deployment-controller-token-fwwd4 (your last 5 letters will be different, not fwwd4)
• Copy the generated token and paste it in (Link1)
• Go to dashboard :
• (Link2) http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/overview?namespace=default

Source: (Link3) https://stackoverflow.com/questions/46664104/how-to-sign-in-kubernetes-dashboard

[floreks]

Download a dashboard file: curl -O https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml

IMPORTANT: Do not use v1.10.1 as it is outdated. Use v2.0.0-rcX.