Following is an alternative workaround to access Dashboard externally.
1. kubernetes-dashboard is a service file which provides dash-board functionality, to edit this we need to edit dashboard service and change service “type” from ClusterIP to NodePort:
[root@kubeXXXX]# kubectl -n kube-system edit service kubernetes-dashboard
# Please edit the object below. Lines beginning with a '#' will be ignored,
# and an empty file will abort the edit. If an error occurs while saving this file will be
# reopened with the relevant failures.
#
apiVersion: v1
kind: Service
metadata:
creationTimestamp: 2018-05-08T15:03:48Z
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kube-system
resourceVersion: "1855185"
selfLink: /api/v1/namespaces/kube-system/services/kubernetes-dashboard
uid: 02c97f8b-52d1-11e8-a941-080027efcddc
spec:
clusterIP: 10.107.194.2xx
externalTrafficPolicy: Cluster
ports:
- nodePort: 32414
port: 443
protocol: TCP
targetPort: 8443
selector:
k8s-app: kubernetes-dashboard
sessionAffinity: None
type: NodePort ### clusterIP to NodePort
status:
loadBalancer: {} 2. Following command will give us mapped port to dash-board service
# kubectl -n kube-system get services NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 [none] 53/UDP,53/TCP 20d kubernetes-dashboard NodePort 10.107.194.201 [none] 443:32414/TCP 20d
# lsof -i tcp:32414 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME kube-prox 3440 root 7u IPv6 32584 0t0 TCP *:32414 (LISTEN)
3. Execute following command to obtain token.
# kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token: eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VjcmV0Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlci10b2tlbi1wY21oNCIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJuYW1lc3BhY2UtY29udHJvbGxlciIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50LnVpZCI6ImY1YmEyNDQ3LTUyZDAtMTFlOC1hOTQxLTA4MDAyN2VmY2RkYyIsInN1YiI6InN5c3RlbTpzZXJ2aWNlYWNjb3VudDprdWJlLXN5c3RlbTpuYW1lc3BhY2UtY29udHJvbGxlciJ9.Jvd6HJVBN9UEK8gzojed8TATpj6JycahZJ-qS5a66so3MEj_MIB3Vpy-MAPQErAL_DnSdvMVZA4gw5XSwK0ufYatA3lVP9sxUmc-eI1zd-HYF9UbvhtXaLuY-Wqx8kQ3_lKkqattFocQd8WswQY6SmrMthV5b8Xu3tNV3bpCaqZNhw6X8_-Yxh4Q4ATBoT0cXrO_WAYxFwd4_ilII_UPXYjs2ZSK7G2g0QJPtLyEKOXMtC7ZuAETc5MKdX_m4nC7CLSR-j5-7aG0gyd_vzwYiyewnLC4T-Byw9fVO8cpE0nswSxyGVX_QR9kIVHRT7QdLOkJEBARFpTyUczX9oETPw
4. Access dashborad using https://[master_node_ip]:[port] and provide token to sign-in.