1

Cluster information:

Kubernetes version:1.30.1
Cloud being used: bare-metal
Installation method:kubeadm
Host OS: ubuntu 22
CNI and version:
CRI and version:

Hello. I am fairly new to kubernetes and I have some troubles with installing kubernetes dashboard version 7.x.x via helm chart.
Commands used to install kubernetes dashboard:

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard

And then i just edit the service: kubectl -n kubernetes-dashboard edit svc kubernetes-dashboard-web from ClusterIP to NodePort so I can access it.
I manage to get to the UI via http://{IP}or{hostname}:30916/login but I can’t login with token. I created serviceaccount, clusterrolebind and token like in these instructions: dashboard/docs/user/access-control/creating-sample-user.md at master · kubernetes/dashboard · GitHub but i can’t log in. All I can see is an error in dashboard UI: Unknown error (200): Http failure during parsing for http://{IP}or{hostname}:30916/api/v1/csrftoken/login. I don’t see anything in kube-api server logs or anywhere else. Could you help me out?I successfuly installed kubernetes dashboard version 6.x.x. via helm chart but I really want to have the latest version. The installation for this version is quite easier (at least for me).

2

I ran into the same problem yesterday. Apparently Kubernetes Dashboard versions from 7.0.0 and above use Kong, a cloud-native API gateway that manages distributed applications. The new implementation of the Dashboard consists of a few microservices and Kong proxies the incoming requests to these services. That means you should expose the port of the kubernetes-dashboard-kong-proxy Service, which by default is 8443, like so:

apiVersion: v1
kind: Service
metadata:
  name: kubernetes-dashboard-kong-nodeport
  namespace: kubernetes-dashboard
spec:
  ports:
  - name: kong-proxy-tls
    nodePort: 32001 # Your desired port
    port: 443
    protocol: TCP
    targetPort: 8443
  selector:
    app.kubernetes.io/component: app
    app.kubernetes.io/instance: kubernetes-dashboard
    app.kubernetes.io/name: kong
  type: NodePort
1 Like
3

I forgot to reply it here but I also managed to figure it out. Thank your answer. I found an article that really helped me, maybe it will help someone else too so i will leave it here: Kubernetes Dashboard - Deploy and Visualize your Kubernetes Cluster (kerno.io)

4

Hi Anze,

I’m also running same issue.
Tried to follow implementation mentioned in Kubernetes Dashboard - Deploy and Visualize your Kubernetes Cluster (kerno.io) but noticing below error:

400 The plain HTTP request was sent to HTTPS port

400 Bad Request

The plain HTTP request was sent to HTTPS port

I think its because of the 8443 target port, tried changing the target port and port number but noticing connection refused error.

Can you please explain how you got it working?

5

I think you are trying to access via http instead of https. Try to access dashboard via https://<your_IP>:NodePort. NodePort of your kongproxy service.

1 Like
6

Thank you @Anze_Dovzan_Perovic .
using https resolved my issue

1 Like
7

Is there a way to accomplish this without using the service as NodePort? I’d to manage the UI setting a route for using an Ingress controller.

8

I was able to make work routing using Ingress + https, but my browser didn’t accepted the certificate and the UI it’s complaining about parsing something:

image
image2726×1440 148 KB

My current config:

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-cilium
  namespace: kubernetes-dashboard
spec:
  ingressClassName: cilium
  rules:
    - host: mykubernetes.com
      http:
        paths:
          - backend:
              service:
                name: kubernetes-dashboard-web
                port:
                  number: 9000
            path: /
            pathType: Prefix
  tls:
    - hosts:
        - mykubernetes.com
      secretName: my-kubernetes-dashboard

apiVersion: v1
kind: Service
metadata:
  annotations:
    meta.helm.sh/release-name: kubernetes-dashboard
    meta.helm.sh/release-namespace: kubernetes-dashboard
  creationTimestamp: "2024-07-15T22:43:02Z"
  labels:
    app.kubernetes.io/component: web
    app.kubernetes.io/instance: kubernetes-dashboard
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard-web
    app.kubernetes.io/part-of: kubernetes-dashboard
    app.kubernetes.io/version: 1.4.0
    helm.sh/chart: kubernetes-dashboard-7.5.0
  name: kubernetes-dashboard-web
  namespace: kubernetes-dashboard
  resourceVersion: "3477884"
  uid: 59f12f86-6d5e-4efb-9b86-74e0b247e6af
spec:
  clusterIP: 10.43.44.242
  clusterIPs:
  - 10.43.44.242
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: web
    port: 9000
    protocol: TCP
    targetPort: 9000
  selector:
    app.kubernetes.io/instance: kubernetes-dashboard
    app.kubernetes.io/name: kubernetes-dashboard-web
    app.kubernetes.io/part-of: kubernetes-dashboard
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: "2024-07-15T22:59:24Z"
  generateName: kubernetes-dashboard-web-74bff94c6f-
  labels:
    app.kubernetes.io/component: web
    app.kubernetes.io/instance: kubernetes-dashboard
    app.kubernetes.io/managed-by: Helm
    app.kubernetes.io/name: kubernetes-dashboard-web
    app.kubernetes.io/part-of: kubernetes-dashboard
    app.kubernetes.io/version: 1.4.0
    helm.sh/chart: kubernetes-dashboard-7.5.0
    pod-template-hash: 74bff94c6f
  name: kubernetes-dashboard-web-74bff94c6f-frfll
  namespace: kubernetes-dashboard
  ownerReferences:
  - apiVersion: apps/v1
    blockOwnerDeletion: true
    controller: true
    kind: ReplicaSet
    name: kubernetes-dashboard-web-74bff94c6f
    uid: 253ebf15-4f42-4484-b645-87b9d4f1bb11
  resourceVersion: "3487917"
  uid: 03fd0d4e-85fb-443d-906f-5cb209c876f2
spec:
  automountServiceAccountToken: true
  containers:
  - args:
    - --namespace=kubernetes-dashboard
    - --settings-config-map-name=kubernetes-dashboard-web-settings
    - --insecure-port=9000
    env:
    - name: GOMAXPROCS
      valueFrom:
        resourceFieldRef:
          divisor: "0"
          resource: limits.cpu
    - name: GOMEMLIMIT
      valueFrom:
        resourceFieldRef:
          divisor: "0"
          resource: limits.memory
    image: docker.io/kubernetesui/dashboard-web:1.4.0
    imagePullPolicy: IfNotPresent
    name: kubernetes-dashboard-web
    ports:
    - containerPort: 9000
      name: web
      protocol: TCP
    resources:
      limits:
        cpu: 250m
        memory: 400Mi
      requests:
        cpu: 100m
        memory: 200Mi
    securityContext:
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL
      readOnlyRootFilesystem: true
      runAsGroup: 2001
      runAsUser: 1001
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /tmp
      name: tmp-volume
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: kube-api-access-zjxbn
      readOnly: true
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: raspberrypi4-4
  preemptionPolicy: PreemptLowerPriority
  priority: 0
  restartPolicy: Always
  schedulerName: default-scheduler
  securityContext:
    runAsNonRoot: true
    seccompProfile:
      type: RuntimeDefault
  serviceAccount: kubernetes-dashboard-web
  serviceAccountName: kubernetes-dashboard-web
  terminationGracePeriodSeconds: 30
  tolerations:
  - effect: NoExecute
    key: node.kubernetes.io/not-ready
    operator: Exists
    tolerationSeconds: 300
  - effect: NoExecute
    key: node.kubernetes.io/unreachable
    operator: Exists
    tolerationSeconds: 300
  volumes:
  - emptyDir: {}
    name: tmp-volume
  - name: kube-api-access-zjxbn
    projected:
      defaultMode: 420
      sources:
      - serviceAccountToken:
          expirationSeconds: 3607
          path: token
      - configMap:
          items:
          - key: ca.crt
            path: ca.crt
          name: kube-root-ca.crt
      - downwardAPI:
          items:
          - fieldRef:
              apiVersion: v1
              fieldPath: metadata.namespace
            path: namespace
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2024-07-15T22:59:26Z"
    status: "True"
    type: PodReadyToStartContainers
  - lastProbeTime: null
    lastTransitionTime: "2024-07-15T22:59:24Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2024-07-15T22:59:26Z"
    status: "True"
    type: Ready
  - lastProbeTime: null
    lastTransitionTime: "2024-07-15T22:59:26Z"
    status: "True"
    type: ContainersReady
  - lastProbeTime: null
    lastTransitionTime: "2024-07-15T22:59:24Z"
    status: "True"
    type: PodScheduled
  containerStatuses:
  - containerID: containerd://99ba51f6a589ef4d39baf744ab82c500855c62e76f37e87fbc316e0bf6bbe5df
    image: docker.io/kubernetesui/dashboard-web:1.4.0
    imageID: docker.io/kubernetesui/dashboard-web@sha256:4445b31a2c25c875e2df8ca103a8e3f3275778d10065c7c011f6ca42cd4bec5f
    lastState: {}
    name: kubernetes-dashboard-web
    ready: true
    restartCount: 0
    started: true
    state:
      running:
        startedAt: "2024-07-15T22:59:26Z"
  hostIP: 192.168.0.105
  hostIPs:
  - ip: 192.168.0.105
  phase: Running
  podIP: 10.42.1.6
  podIPs:
  - ip: 10.42.1.6
  qosClass: Burstable
  startTime: "2024-07-15T22:59:24Z"
9

Hello. You have to change backend service in your ingress to: kubernetes-dashboard-kong-proxy instead of web one.

image
image1606×387 15 KB
10

Hi - That did not work.

11

Is there a way to disable this login screen?

12

Hi @Tadeu_Bernacchi, starting from version 7.0.0, it’s not possible to disable the login screen. I found this issue on their GitHub Issue#8497, which might be helpful for you.