问题
I have a testing Kubernetes cluster running in remote VMs (on VSphere), I have full access to the VMs through ssh (they have private IPs). How can I expose services and access them from outside the cluster (from my remote laptop trying to get access to the machines) knowing that I can remotely perform all kubectl commands.
For example: I tried with the dashboard, I installed it, I have changed the service to NodePort, and I tried to access to it from my laptop using this URL http:master-private-ip:exposedport, also with worker IPs, but it does not work. It returns in browser only � (binary output). When I try to connect through https, it trows a certificates error.
$ kubectl get svc -n kube-system -l k8s-app=kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard NodePort 10.97.143.110 <none> 443:30714/TCP 42m
$ kubectl proxy -p 8001
$ curl http://172.16.5.226:30714 --output -
I have expected that the output shows me the html from the UI of the Kubernetes dashboard
回答1:
NOTE: Dashboard should not be exposed publicly over HTTP. For domains accessed over HTTP it will not be possible to sign in. Nothing will happen after clicking Sign in button on login page.
If you have done everything correctly it should work over HTTPS
As it's explained in Accessing Dashboard 1.7.X and above.
In order to expose Dashboard using NodePort you need to edit kubernetes-dashboard service.
kubectl -n kube-system edit service kubernetes-dashboard
Find type: ClusterIP and change it to type: NodePort, then save the file.
Then, check which port was the Dashboard exposed to:
kubectl -n kube-system get service kubernetes-dashboard
which might look:
NAME CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes-dashboard 10.100.124.90 <nodes> 443:31707/TCP 21h
To access the Dashboard navigate your browser to https://<server_IP>:31707
EDIT:
In your case with self-signed certificate, you need to put it into a secret. It has to be named kubernetes-dashboard-certs and it has to be in kube-system namespace.
You have to save the cert as dashboard.crt and dashboard.key and store them under $HOME/certs.
kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system
This installation process is explained here.
来源:https://stackoverflow.com/questions/54130046/how-can-i-access-to-kubernetes-dashboard-using-nodeport-in-a-remote-cluster-for