As some of you may have noticed I have been spending some time working with VMware PKS and Google's Kubernetes (K8S). In fact, I have an entire blog series which you can find below if you are interested.
- Getting started with VMware Pivotal Container Service (PKS) Part 1: Overview
- Getting started with VMware Pivotal Container Service (PKS) Part 2: PKS Client
- Getting started with VMware Pivotal Container Service (PKS) Part 3: NSX-T
- Getting started with VMware Pivotal Container Service (PKS) Part 4: Ops Manager & BOSH
- Getting started with VMware Pivotal Container Service (PKS) Part 5: PKS Control Plane
- Getting started with VMware Pivotal Container Service (PKS) Part 6: Kubernetes Go!
- Getting started with VMware Pivotal Container Service (PKS) Part 7: Harbor
- Getting started with VMware Pivotal Container Service (PKS) Part 8: Monitoring Tool Overview
- Getting started with VMware Pivotal Container Service (PKS) Part 9: Logging
- Getting started with VMware Pivotal Container Service (PKS) Part 10: Infrastructure Monitoring
- Getting started with VMware Pivotal Container Service (PKS) Part 11: Application Monitoring
- vGhetto Automated Pivotal Container Service (PKS) Lab Deployment
While consuming one of my PKS managed K8S Cluster, I wanted to access the built-in K8S Web UI Dashboard (which is installed by default as part of the K8S setup by PKS) but I was not able to find a way to access it. After speaking with Michael West, who works in our CNABU, I found out that the K8S Dashboard currently does not support OAuth Tokens which prevents us from easily accessing the UI. However, there is a workaround which involves using an SSH tunnel and leveraging K8S proxy to proxy the Dashboard UI to the K8S Master Node which we can then access from our desktop machine.
Step 1 - We need to configure port forwarding using an SSH Tunnel, depending on the OS type that you wish to connect to the Dashboard UI, take a look at the specific steps below.
Windows - You can use any number of SSH Clients, I normally use Putty. Enter the username/hostname as you normally would but before connecting, expand Connection->SSH->Tunnels and add a new forwarded port with source port being 8001 and destination being localhost:8001. Once you have completed this step, you can connect like you normally would.
MacOS/Linux - You can simply use the built-in ssh client and run the following:
ssh root@pks-client -L 8001:127.0.0.1:8001 -N
Note: If the system that you are trying to access the Dashboard UI also has kubectl installed, then an SSH tunnel is not required and you can simply go straight to Step 2.
Step 2 - Once you have successfully SSH'ed to your PKS Client VM, you can then run the following command to start the K8S proxy:
kubectl proxy
Step 3 - To access the K8S Dashboard, open a browser and connect to http://localhost:8001/ui which should take you to login page. From here, you will need a copy of the specific K8S Cluster configuration file (stored in ~/.kube/config which can be pulled using pks get-credentials [NAME-OF-PKS-CLUSTER]) and provide that as shown in the screenshot below to login to dashboard.
After signing in with the K8S Configuration file, you should be taken the dashboard for your specific K8S Cluster. If you do not see any of your pods, make sure to toggle the Namespace from the system "Default". Below is a screenshot of my K8S Cluster which was deployed with our Yelb application as shown in Part 6 of my VMware PKS series.
Thanks for the comment!