Error 404 when trying to access Kubernetes dashboard from remote laptop using SSH proxy

Question

I have a remote cluster on a remote private Cloud to which I have only SSH access (no GUI). I started the proxy server with:

kubectl proxy --address=0.0.0.0 --accept-hosts=.*

And started a local SSH proxy to the remote K8s master with:

ssh -L 8001:127.0.0.1:8001 -N -f $MASTER_IP

The dashboard is accessible from the following address on my local laptop:

http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

For the token I created a CluserRoleBinding and retrieved the token using (You can find detailed instructions in a reply on this link) :

kubectl describe secret $ROLE-TOKEN

But once I click sign in, I get:

404 Not found. The server could not find the requested resource.

What is the reason for this and how to get around it ?

Technical details:

OS: Debian 10
Kubernetes installed with Kubespray
Kubespray version: 2.12.0
Kubernetes version: 1.16.3
Dashboard version: 1.10.1

Most likely there is an issue between your Dashboard and Kubernetes versions. I will check that and let you know. — Wytrzymały Wiktor, Feb 11 '20 at 08:28

score 0 · Answer 1 · answered Feb 11 '20 at 09:57

0

There is a conflict between Dashboard version: 1.10.1 and Kubernetes version: 1.16 (source) where dashboard token auth does not work.

In order to fix it you should use dashboard version 2.0.0-x that works with Kubernetes 1.16. Here you can chose a 1.16 compatible version to install.

Please let me know if that helped.

answered Feb 11 '20 at 09:57

Hi @OhHiMark. Thanks for the suggestion. I actually did the following to debug the thing: I gited Kubernetes current stable branch and I launched a local development cluster with "k8s.io/hack/local-up-cluster.sh" with the dashboard included (An env variable to be set to true). The binaries got compiled and the cluster was started, the pods were created and the dashboard is accessible. I installed Xfce and VNC on the remote server and I setup an SSH tunnel to the VNC port. I started a VNC session from my laptop and launched firefox on the server (see next comment). – Karim Manaouil Feb 11 '20 at 14:58
The dashboard is accessible and I logged in with a token of some minimal role that was already created by the hack scripts but basically I couldn't see any resource because it was very restricted. I create a new service account and a clusterRoleBinding that binds it with the cluster-admin clusterRole. I retrieved the token, I accessed the dashboard again and boom, it doesn't work (Same error as above, 404 error resource not found). So the conclusion is I think its something related to IAM and RBAC stuff. – Karim Manaouil Feb 11 '20 at 15:01
I see. In that case we will need more details regarding your IAM and RBAC configuration. Could you please provide them by editing your question? – Wytrzymały Wiktor Feb 12 '20 at 09:59

1 Answers1