search

kubernetes / dashboard

General-purpose web UI for Kubernetes clusters
Apache License 2.0
14.37k stars 4.15k forks source link

Accessing the Kubernetes Dashboard in Rancher 2.0 #3039

Closed fbotha-stratuscloud closed 6 years ago

fbotha-stratuscloud commented 6 years ago
Environment

Heapster version: 0.2.9 Dashboard version: 0.6.3 Rancher version: 2.0.0 Kubernetes version: v1.10.1-rancher1 Operating system: Ubuntu 16.04 LTS

Steps to reproduce

Deploy heapster using kubernetes helm chart in Rancher 2.0 Catalog Apps Deploy kubernetes-dashboard using kubernetes helm chart in Rancher 2.0 Catalog Apps Run kubectl proxy Access http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Observed result

Rancher 2.0 returns 404 - The page you were looking for doesn't exist!

Expected result

Expected to see the Kubernetes Dashboard

Comments

Haven't been able to get the Kubernetes Dashboard working on Rancher 2.0. Any assistance would be appreciated.

fbotha-stratuscloud commented 6 years ago

Also tried accessing http://localhost:8001/k8s/clusters/c-cdlfs/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy

Which results in a {"type":"error","status":"401","message":"must authenticate"}

weslleycamilo commented 6 years ago

+1

bootc commented 6 years ago

I managed to gain access to the Kubernetes Dashboard. You first need to login to Rancher 2.0 as usual, then access it at the following URL through Rancher:

https://rancher.example.com/k8s/clusters/local/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

mgamboa commented 6 years ago

I have the same issue why Rancher is not documenting all this

http://localhost:8001/k8s/clusters/local/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ {"Code":{"Code":"ServerError","Status":500},"Message":"NotFound 404: clusters.management.cattle.io \"local\" not found","Cause":null,"FieldName":""}

same issue

Try https://mydomain site and localhost:8001/k8s/clusters/local/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ in both cases give the same error {"Code":{"Code":"ServerError","Status":500},"Message":"NotFound 404: clusters.management.cattle.io \"local\" not found","Cause":null,"FieldName":""}

alexandrem commented 6 years ago

bootc has the correct answer.

You must combine the rancher server URL and the /k8s/clusters/<cluster id> prefix to the api path for the dashboard service (/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/).

If you browse to your cluster page in the Rancher UI you will see the cluster id in the URL which looks like c-dc2mk.

You first need to have a valid rancher UI session token, so keep a page to your rancher cluster open in the browser.

Then:

https://rancher.example.com/k8s/clusters/<cluster id>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

kamilgregorczyk commented 6 years ago

Hi, I tried: https://blablabla.pl/k8s/clusters/c-c2ntk/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

and when I'm providing kube config (which works locally as I can do kubectl get nodes) I'm getting "Authentication failed. Please try again."

alexandrem commented 6 years ago

You can't use kubeconfig sign-in with Rancher.

You must skip this in the dashboard login and must define a serviceaccount with clusterrole in the dashboard deployment.

dommgifer commented 6 years ago

I used Rancher 2.0 Catalog Apps helm to deploy kubernetes-dashboard But it can't deploy in kube-system namespace, just used default namespace or create new namespace. kubernetes-dashboard pod CrashLoopBackOff , I got log from pod: secrets is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot create secrets in the namespace "kube-system"

kamilgregorczyk commented 6 years ago

I deployed it with kubectl and then I also had to create some account in kubernetes and it worked. But that's weird that you can't deploy something in the kube-system ns

wt., 10 lip 2018, 06:02 użytkownik dommgifer notifications@github.com napisał:

I used Rancher 2.0 Catalog Apps helm to deploy kubernetes-dashboard But it can't deploy in kube-system namespace, just used default namespace or create new namespace. kubernetes-dashboard pod CrashLoopBackOff , I got log from pod: secrets is forbidden: User "system:serviceaccount:kubernetes-dashboard:kubernetes-dashboard" cannot create secrets in the namespace "kube-system"

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/kubernetes/dashboard/issues/3039#issuecomment-403693018, or mute the thread https://github.com/notifications/unsubscribe-auth/AI1koGG4dwInjm26ARG6_cV2NsCr0y9Iks5uFCcfgaJpZM4UEmi4 .

apoorva11029 commented 6 years ago

@alexandrem I skipped the dashboard login, how do you define a serviceaccount with clusterrole now? Do I do that in the k8s UI or rancher UI? screen shot 2018-07-12 at 11 09 30 am

alexandrem commented 6 years ago

@apoorva11029 You can find an example of clusterrole documented here:

https://github.com/kubernetes/dashboard/wiki/Access-control#admin-privileges

You must create this in Kubernetes (e.g with kubectl).

jimangel commented 6 years ago

/close