how to access local kubernetes minikube dashboard remotely
Solution 1
I was able to get running with something as simple as:
kubectl proxy --address='0.0.0.0' --disable-filter=true
Solution 2
@Jeff provided the perfect answer, put more hints for newbies.
-
Start a proxy using @Jeff's script, as default it will open a proxy on '0.0.0.0:8001'.
kubectl proxy --address='0.0.0.0' --disable-filter=true
-
Visit the dashboard via the link below:
curl http://your_api_server_ip:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/
More details please refer to the officially doc.
Solution 3
I reached this url with search keywords: minikube dashboard remote. In my case, minikube (and its dashboard) were running remotely and I wanted to access it securely from my laptop.
[my laptop] --ssh--> [remote server with minikube]
Following gmiretti's answer, my solution was local forwarding ssh tunnel:
On minikube remote server, ran these:
minikube dashboard
kubectl proxy
And on my laptop, ran these (keep localhost as is):
ssh -L 12345:localhost:8001 myLogin@myRemoteServer
The dashboard was then available at this url on my laptop:
http://localhost:12345/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/
Solution 4
The ssh way
Assuming that you have ssh on your ubuntu box.
First run kubectl proxy &
to expose the dashboard on http://localhost:8001
Then expose the dashboard using ssh's port forwarding, executing:
ssh -R 30000:127.0.0.1:8001 [email protected]
Now you should access the dashboard from your macbook in your LAN pointing the browser to http://192.168.0.20:30000
To expose it from outside, just expose the port 30000 using no-ip.com, maybe change it to some standard port, like 80.
Note that isn't the simplest solution but in some places would work without having superuser rights ;) You can automate the login after restarts of the ubuntu box using a init script and setting public key for connection.
Solution 5
I had the same problem recently and solved it as follows:
- Get your minikube VM onto the LAN by adding another network adapter in
bridge
network mode. For me, this was done through modifying the minikube VM in the VirtualBox UI and required VM stop/start. Not sure how this would work if you're using hyperkit. Don't muck with the default network adapters configured by minikube: minikube depends on these. https://github.com/kubernetes/minikube/issues/1471 - If you haven't already, install kubectl on your mac: https://kubernetes.io/docs/tasks/tools/install-kubectl/
-
Add a cluster and associated config to the
~/.kube/config
as below, modifying the server IP address to match your newly exposed VM IP. Names can also be modified if desired. Note that theinsecure-skip-tls-verify: true
is needed because the https certificate generated by minikube is only valid for the internal IP addresses of the VM.clusters: - cluster: insecure-skip-tls-verify: true server: https://192.168.0.101:8443 name: mykubevm contexts: - context: cluster: mykubevm user: kubeuser name: mykubevm users: - name: kubeuser user: client-certificate: /Users/myname/.minikube/client.crt client-key: /Users/myname/.minikube/client.key
Copy the
~/.minikube/client.*
files referenced in the config from your linux minikube host. These are the security key files required for access.Set your kubectl context:
kubectl config set-context mykubevm
. At this point, your minikube cluster should be accessible (trykubectl cluster-info
).Run
kubectl proxy http://localhost:8000
to create a local proxy for access to the dashboard. Navigate to that address in your browser.
It's also possible to ssh to the minikube VM. Copy the ssh key pair from ~/.minikube/machines/minikube/id_rsa*
to your .ssh directory (renaming to avoid blowing away other keys, e.g. mykubevm
& mykubevm.pub
). Then ssh -i ~/.ssh/mykubevm docker@<kubevm-IP>
Robin Bajaj
Updated on May 09, 2021Comments
-
Robin Bajaj about 3 years
Kubernetes newbie (or rather basic networking) question: Installed single node minikube (0.23 release) on a ubuntu box running in my lan (on IP address 192.168.0.20) with virtualbox.
minikube start command completes successfully as well
minikube start Starting local Kubernetes v1.8.0 cluster... Starting VM... Getting VM IP address... Moving files into cluster... Setting up certs... Connecting to cluster... Setting up kubeconfig... Starting cluster components... Kubectl is now configured to use the cluster.
minikube dashboard also comes up successfully. (running on 192.168.99.100:30000)
what i want to do is access minikube dashboard from my macbook (running on 192.168.0.11) in the same LAN.
Also I want to access the same minikube dashboard from the internet.
For LAN Access: Now from what i understand i am using virtualbox (the default vm option), i can change the networking type (to NAT with port forwarding) using vboxnet command
VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,,22"
as listed here
In my case it will be something like this
VBoxManage modifyvm "VM name" --natpf1 "guesthttp,http,,30000,,8080"
Am i thinking along the right lines here?
Also for remotely accessing the same minikube dashboard address, i can setup a no-ip.com like service. They asked to install their utility on linux box and also setup port forwarding in the router settings which will port forward from host port to guest port. Is that about right? Am i missing something here?
-
Tomáš Hübelbauer over 6 yearsCan you please flesh this answer out? I ran
kubectl proxy &
on the Ubuntu Server host andssh -R …
on the Mac and connected to it, but accessing{ubuntuServerHostLocalIp}:30000
didn't work. Do I have it right? -
Gabriel Miretti aka gmiretti over 6 years
kubectl
andssh
should be run in Ubuntu so you route localhost:8001 to 192.168.0.20:3000 (if 192.168.0.20 is ubuntu box ip address). In this case, you're opening an internal port as an open port on the same computer. (Yep, you're creating an ssh connection inside your computer, just for routing) More about ssh magic here. This will be port forwarding. -
Tomáš Hübelbauer over 6 yearsI misunderstood
kubectl proxy
originally, turns out one is supposed to run that on the host where they want to see the dashboard at. That said when running on master node, SSH proxying is indeed a solution. github.com/kubernetes/dashboard/issues/692 was very helpful to me. -
MarcuX over 4 yearsfor this line, "insecure-skip-tls-verify: true", what if I still want use the verify? Is there any solutions that I can regenerate the ca.crt based in the new ip?
-
AndyB over 4 yearsIt should be possible, but you'd need to find the minikube private key to create a new certificate. I haven't tried yet.
-
Xeozim almost 4 yearsI'm not sure if it's a recent change, but for me (using Minikube v1.12.1, Kubernetes v1.18.3) the dashboard namespace is kubernetes-dashboard, so the url would use: ... /api/v1/namespaces/kubernetes-dashboard/services ...
-
hao almost 4 years@Xeozim, according to your url, your dashboard was installed under namespace
kubernetes-dashboard
but notkube-system
. -
Xeozim almost 4 years@hao I used
minikube dashboard
to create it so I assume that's what it defaults to now? -
Murmel over 3 yearsWhy do you need to use
--disable-filer=true
? -
Murmel over 3 yearsSame as for Jeff: Why do you need the
--disable-filter=true
flag? -
MeanwhileInHell over 3 yearsWonderful! Works a charm. Thank you!
-
mit over 3 yearssee hao's answer for an explanation
-
Keehl about 3 yearsThe docs link hao's provided has moved. The command
kubectl proxy --help
shows the following: --disable-filter=false: If true, disable request filtering in the proxy. This is dangerous, and can leave you vulnerable to XSRF attacks, when used with an accessible port. -
kyakya about 3 yearswithout
--disable-filter=true
,you cannot access. And on that time, you should set something like this--accept-hosts=^192\.168
to allow some addresses to access. -
Luchao Qi almost 3 yearsI have tried tens of answers and so far this one works like a charm!!!
-
Caterina about 2 yearsWhose port is 8001? Is it from the container or the VM?
-
PravyNandas about 2 yearsport 8001 is the port on the VM. Should be open in firewall to be able to work with above command .