dashboard: dashboard not working with https

Hi I upgraded the dashboard from 1.7 using the recommended steps and for some reason https is not working.

I created a secret with our certificates (issued from godaddy). when i try https://api.example.com/ui im getting this:

Error: 'malformed HTTP response "\x15\x03\x01\x00\x02\x02"'
Trying to reach: 'http://100.96.0.9:8443/'

here is the startup logs from the dashboard container:

2017/09/25 11:13:41 Starting overwatch
2017/09/25 11:13:41 Using in-cluster config to connect to apiserver
2017/09/25 11:13:41 Using service account token for csrf signing
2017/09/25 11:13:41 No request provided. Skipping authorization
2017/09/25 11:13:41 Successful initial request to the apiserver, version: v1.7.0
2017/09/25 11:13:41 New synchronizer has been registered: kubernetes-dashboard-key-holder-kube-system. Starting
2017/09/25 11:13:41 Starting secret synchronizer for kubernetes-dashboard-key-holder in namespace kube-system
2017/09/25 11:13:41 Initializing secret synchronizer synchronously using secret kubernetes-dashboard-key-holder from namespace kube-system
2017/09/25 11:13:41 Initializing JWE encryption key from synchronized object
2017/09/25 11:13:41 Creating in-cluster Heapster client
2017/09/25 11:13:41 Trying to update secret with same object. Skipping
2017/09/25 11:13:41 Serving securely on HTTPS port: 8443
2017/09/25 11:13:41 Successful request to heapster
2017/09/25 11:13:49 Getting application global configuration
2017/09/25 11:13:49 Application configuration {"serverTime":1506338029475}

Dashboard version: 1.7
Kubernetes version: 1.7

About this issue

  • Original URL
  • State: closed
  • Created 7 years ago
  • Reactions: 4
  • Comments: 31 (11 by maintainers)

Most upvoted comments

https://github.com/kubernetes/dashboard/wiki/Accessing-dashboard

+80
floreks on Sep 25, 2017

To make a long story short - BEFORE authentication, the /ui redirect will not work. Go here instead and it will ask you to authenticate: http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login

It should redirect here after login: http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Thanks to @rama-arun for the link.

+19
nelson-cf on Dec 20, 2017

I can connect via https://<master-ip>:<apiserver-port>/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ but browser still warns about unsecure connection image

+8
dorsegal on Sep 25, 2017

Do not use /ui redirect as it has not been updated yet. Our main README and Acessing Dashboard guide on wiki pages have correct link to Dashboard. Read them please.

+4
floreks on Oct 17, 2017
  • Make sure kubernetes is running with minikube or Docker for Windows/Mac, etc.
  • Check kubectl version
  • Download a dashboard file: curl -O https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
  • Load kubectl apply -f kubernetes-dashboard.yaml
  • Run dashboard kubectl proxy
  • Go to the login page and select Token option:
  • (Link1) http://127.0.0.1:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/#!/login
  • Generate token with kubectl: kubectl -n kube-system get secret
  • Look for something like this:
deployment-controller-token-fwwd4     kubernetes.io/service-account-token   3  9d

Source: (Link3) https://stackoverflow.com/questions/46664104/how-to-sign-in-kubernetes-dashboard

+2
jturi on Feb 13, 2020

I’ve done that already. Please check my last post(#issuecomment-337165510).

Sorry, the only difference between #issuecomment-337165510 is this test based on https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml and #issuecomment-337165510 based on https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/alternative/kubernetes-dashboard.yaml . In post #issuecomment-337165510 , /ui can be accessed but accessing resources is forbidden.

  1. Remove old resources(kubectl delete -f kubernetes-dashboard.yaml) and make sure old dashboard pod has already been destroyed(kubectl -n kube-system get pods won’t show it already);
  2. Create everything as kubernetes-dashboard.yaml(kubectl apply -f kubernetes-dashboard.yaml);
  3. Make sure dashboard pod has already been created and started(kubernetes-dashboard-79d9896c7b-bfrwr 1/1 Running 0 7s)
  4. Start my proxy sudo kubectl --kubeconfig $HOME/.kube/config proxy --port 80
  5. Open my browser and point it to http://127.0.0.1/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/, shows Error: 'net/http: TLS handshake timeout' Trying to reach: 'https://10.244.0.11:8443/'
  6. Try to access /ui and the location was redirected to http://127.0.0.1/api/v1/namespaces/kube-system/services/kubernetes-dashboard/proxy/ and told me Error: 'malformed HTTP response "\x15\x03\x01\x00\x02\x02"' Trying to reach: 'http://10.244.0.10:8443/'

My last post is trying to resolve the problem of forbidden access of resources, in which you told me there are no flags of --tls-cert-file and --tls-key-file provided. However, I thought copying apiserver.{crt,key} as dashboard.{crt,key} and creating kubernetes-dashboard-certs manully would solve this problem, but it is not. Isn’t it what you are mean? And what should be the right solution for supply these flags?

BTW, kubernetes-dashboard.yaml is freshly downloaded from https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml supplied in README.md

+2
cloorc on Oct 17, 2017

@floreks @cheld Ok, thanks a lot! However, it tolds me handshake timeout. Actually I’m reusing /etc/kubernetes/pki/front-proxy-client.crt and /etc/kubernetes/pki/front-proxy-client.key as its certs according to https://github.com/kubernetes/dashboard/wiki/Installation#recommended-setup .

My steps are(I just want to reuse these keys instead of generating new keys manually):

cp /etc/kubernetes/pki/front-proxy-client.crt $HOME/certs/dashboard.crt
cp /etc/kubernetes/pki/front-proxy-client.key $HOME/certs/dashboard.key
kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/certs -n kube-system
kubectl apply -f https://github.com/kubernetes/dashboard/wiki/Installation#recommended-setup
kubectl --kubeconfig $HOME/.kube/config proxy --port 80

When I trying to access http://127.0.0.1/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/, it tells me like this:

Error: 'net/http: TLS handshake timeout'
Trying to reach: 'https://10.244.0.6:8443/'

I guess it’s a problem about certificate, I’ve no idea what’s wrong with it. Could you guys please give me some suggestion? Thanks a head!

+1
cloorc on Oct 17, 2017
Read more comments on GitHub
← dashboard: Dashboard not working after re-deployment in GCE
dashboard: dashboard pod cannot run on kubeadm →