How to access local Kubernetes minikube dashboard remotely?

Question

Kubernetes newbie (or rather basic networking) question: Installed single node minikube (0.23 release) on a Ubuntu box running in my LAN (on IP address 192.168.0.20) with VirtualBox.

minikube start command completes successfully as well:

minikube start
Starting local Kubernetes v1.8.0 cluster...
Starting VM...
Getting VM IP address...
Moving files into cluster...
Setting up certs...
Connecting to cluster...
Setting up kubeconfig...
Starting cluster components...
Kubectl is now configured to use the cluster.

minikube dashboard also comes up successfully (running on 192.168.99.100:30000).

What I want to do is access minikube dashboard from my MacBook (running on 192.168.0.11) in the same LAN.

Also I want to access the same minikube dashboard from the internet.

For LAN Access

Now from what I understand I am using VirtualBox (the default vm option), I can change the networking type (to NAT with port forwarding) using vboxnet command

VBoxManage modifyvm "VM name" --natpf1 "guestssh,tcp,,2222,,22"

as listed here

In my case it will be something like this

VBoxManage modifyvm "VM name" --natpf1 "guesthttp,http,,30000,,8080"

Am I thinking along the right lines here?

Also for remotely accessing the same minikube dashboard address, I can setup a no-ip.com like service. They asked to install their utility on Linux box and also setup port forwarding in the router settings which will port forward from host port to guest port.

Is that about right? Am I missing something here?

Answer 1

One thing you need be care if you are using windows, use the unquote address like this.

kubectl proxy --address=0.0.0.0 --disable-filter=true

Answer 2

@Jeff provided the perfect answer, put more hints for newbies:

1. Start a proxy using @Jeff's script, as default it will open a proxy on '0.0.0.0:8001'.

   kubectl proxy --address='0.0.0.0' --disable-filter=true
   

2. Visit the dashboard via the link below:

   curl http://your_api_server_ip:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/
   

More details please refer to the official documentation.

Answer 3

I have an Ubunto server, with minikube installed, and I use PuTTY on my windows 10 to connect to the server with ssh private key.

I had the same problem, and I solved it like this ( using PuTTY ) :

After connect to your server, run :

minikube dashboard --url

The output is like :

* Verifying dashboard health ...
* Launching proxy ...
* Verifying proxy health ...
http://127.0.0.1:41375/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/

Remember those two : 127.0.0.1:41375 and port 41375.

Then, in PuTTY, open new session to your server [with ssh private key] and this time with tunnels :

1. Open PuTTY
2. Host: username@server.ip.address
3. Port: 22 img: Session setting
4. SSH required SSH private key, load your private key in: Connection --> SSH --> Auth --> Credentials img: Loading private key
5. Now, go to Connection --> SSH --> Tunnels --> Source port: 41375 --> Destination: 127.0.0.1:41375 (the port 41375 will change ever time you run minikube dashboard --url) img: Setup tunnels
6. --> Click Add
7. [ you can save the those information: Session --> Saved Sessions: (choose a name) --> Save ] img: Save and open
8. --> Click Open

Now, on your laptop (windows 10/11/...), open this link on your browser: localhost:41375/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/

Answer 4

Just for my learning purposes I solved this issue using nginx proxy_pass. For example if the dashboard has been bound to a port, lets say 43587. So my local url to that dashboard was

http://127.0.0.1:43587/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/

Then I installed nginx and went to the out of the box config

sudo nano /etc/nginx/sites-available/default

and edited the location directive to look like this:

    location / {
        proxy_set_header Host "localhost";
        proxy_pass http://127.0.0.1:43587;
    }

then I did

sudo service nginx restart

then the dashboard was available from outside at:

http://my_server_ip/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/#/cronjob?namespace=default

Answer 5

I reached this url with search keywords: minikube dashboard remote. In my case, minikube (and its dashboard) were running remotely and I wanted to access it securely from my laptop.

[my laptop] --ssh--> [remote server with minikube]

Following gmiretti's answer, my solution was local forwarding ssh tunnel:

On minikube remote server, ran these:

minikube dashboard
kubectl proxy

And on my laptop, ran these (keep localhost as is):

ssh -L 12345:localhost:8001 myLogin@myRemoteServer

The dashboard was then available at this url on my laptop:

http://localhost:12345/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/

Answer 6

Wanted to link this answer by iamnat.

https://stackoverflow.com/a/40773822

1. Use minikube ip to get your minikube ip on the host machine
2. Create the NodePort service
3. You should be able to access the configured NodePort id via < minikubeip >:< nodeport >

This should work on the LAN as well as long as firewalls are open, if I'm not mistaken.

Answer 7

Thanks for your valuable answers, If you have to use the kubectl proxy command unable to view permanently, using the below "Service" object in YAML file able to view remotely until you stopped it. Create a new yaml file minikube-dashboard.yaml and write the code manually, I don't recommend copy and paste it.

apiVersion : v1
kind: Service
metadata:
  labels:
    app: kubernetes-dashboard
  name: kubernetes-dashboard-test
  namespace: kube-system
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 9090
    nodePort: 30000
  selector:
    app: kubernetes-dashboard
  type: NodePort

Execute the command,

$ sudo kubectl apply -f minikube-dashboard.yaml

Finally, open the URL: http://your-public-ip-address:30000/#!/persistentvolume?namespace=default

Answer 8

Jeff Prouty added useful answer:

I was able to get running with something as simple as:

kubectl proxy --address='0.0.0.0' --disable-filter=true

But for me it didn't worked initially.

I run this command on the CentOS 7 machine with running kubectl (local IP: 192.168.0.20).

When I tried to access dashboard from another computer (which was in LAN obviously):

http://192.168.0.20:8001/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy/

then only timeout was in my web browser.

The solution for my case is that in CentOS 7 (and probably other distros) you need to open port 8001 in your OS firewall.

So in my case I need to run in CentOS 7 terminal:

 sudo firewall-cmd --zone=public --add-port=8001/tcp --permanent
 sudo firewall-cmd --reload

And after that. It works! :)

Of course you need to be aware that this is not safe solution, because anybody have access to your dashbord now. But I think that for local lab testing it will be sufficient.

In other linux distros, command for opening ports in firewall can be different. Please use google for that.

Answer 9

I was able to get running with something as simple as:

kubectl proxy --address='0.0.0.0' --disable-filter=true

Answer 10

Slight variation on the approach above.

I have an http web service with NodePort 30003. I make it available on port 80 externally by running:

sudo ssh -v -i ~/.ssh/id_rsa -N -L 0.0.0.0:80:localhost:30003 ${USER}@$(hostname)

Answer 11

I had the same problem recently and solved it as follows:

1. Get your minikube VM onto the LAN by adding another network adapter in bridge network mode. For me, this was done through modifying the minikube VM in the VirtualBox UI and required VM stop/start. Not sure how this would work if you're using hyperkit. Don't muck with the default network adapters configured by minikube: minikube depends on these. https://github.com/kubernetes/minikube/issues/1471
2. If you haven't already, install kubectl on your mac: https://kubernetes.io/docs/tasks/tools/install-kubectl/

3. Add a cluster and associated config to the ~/.kube/config as below, modifying the server IP address to match your newly exposed VM IP. Names can also be modified if desired. Note that the insecure-skip-tls-verify: true is needed because the https certificate generated by minikube is only valid for the internal IP addresses of the VM.

   clusters:
   - cluster:
       insecure-skip-tls-verify: true
       server: https://192.168.0.101:8443
     name: mykubevm
   contexts:
   - context:
       cluster: mykubevm
       user: kubeuser
     name: mykubevm
   users:
   - name: kubeuser
     user:
       client-certificate: /Users/myname/.minikube/client.crt
       client-key: /Users/myname/.minikube/client.key
   

4. Copy the ~/.minikube/client.* files referenced in the config from your linux minikube host. These are the security key files required for access.

5. Set your kubectl context: kubectl config set-context mykubevm. At this point, your minikube cluster should be accessible (try kubectl cluster-info).

6. Run kubectl proxy http://localhost:8000 to create a local proxy for access to the dashboard. Navigate to that address in your browser.

It's also possible to ssh to the minikube VM. Copy the ssh key pair from ~/.minikube/machines/minikube/id_rsa* to your .ssh directory (renaming to avoid blowing away other keys, e.g. mykubevm & mykubevm.pub). Then ssh -i ~/.ssh/mykubevm docker@<kubevm-IP>

Answer 12

The ssh way

Assuming that you have ssh on your ubuntu box.

First run kubectl proxy & to expose the dashboard on http://localhost:8001

Then expose the dashboard using ssh's port forwarding, executing:

ssh -R 30000:127.0.0.1:8001 $USER@192.168.0.20

Now you should access the dashboard from your macbook in your LAN pointing the browser to http://192.168.0.20:30000

To expose it from outside, just expose the port 30000 using no-ip.com, maybe change it to some standard port, like 80.

Note that isn't the simplest solution but in some places would work without having superuser rights ;) You can automate the login after restarts of the ubuntu box using a init script and setting public key for connection.