By running the following command, you should get the addresses of the control plane and services with label kubernetes.io/cluster-service=true
| Code Block |
|---|
| language | bash |
|---|
| title | cluster-info |
|---|
|
$ kubectl cluster-info
Kubernetes control plane is running at https://<master_IP>:8383
kubernetes-dashboard is running at https://<master_IP>:8383/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'. |
If, trying to reach the link related to the kubernetes-dashboard, you get the following output
| Code Block |
|---|
|
{
"kind": "Status",
"apiVersion": "v1",
"metadata": {
},
"status": "Failure",
"message": "services \"https:kubernetes-dashboard:\" is forbidden: User \"system:anonymous\" cannot get resource \"services/proxy\" in API group \"\" in the namespace \"kube-system\"",
"reason": "Forbidden",
"details": {
"name": "https:kubernetes-dashboard:",
"kind": "services"
},
"code": 403
} |
You will need to create a clusterrole to grant permission to kubernetes-dashboard and bind it to system:anonymous user as followed. To apply these changes, save it into a yaml file and run kubectl apply command.
| Code Block |
|---|
|
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: kubernetes-dashboard-anonymous
rules:
- apiGroups: [""]
resources: ["services/proxy"]
resourceNames: ["https:kubernetes-dashboard:"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
- nonResourceURLs: ["/ui", "/ui/*", "/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/*"]
verbs: ["get", "list", "watch", "create", "update", "patch", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubernetes-dashboard-anonymous
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubernetes-dashboard-anonymous
subjects:
- kind: User
name: system:anonymous |