What Am I doing wrong setting up MicroK8S

microk8s

#1

Dear,

I try to spin up a MicroK8S on my remote VPS server from Hetzner.

The dashboard is not available and I do not know why?
I did run microk8s.kubectl get all --all-namespaces
That returned

NAMESPACE     NAME                           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)             AGE
default       service/kubernetes             ClusterIP   10.152.183.1     <none>        443/TCP             7m45s
kube-system   service/heapster               ClusterIP   10.152.183.165   <none>        80/TCP              7m38s
kube-system   service/kube-dns               ClusterIP   10.152.183.10    <none>        53/UDP,53/TCP       7m44s
kube-system   service/kubernetes-dashboard   ClusterIP   10.152.183.238   <none>        443/TCP             7m38s
kube-system   service/monitoring-grafana     ClusterIP   10.152.183.105   <none>        80/TCP              7m38s
kube-system   service/monitoring-influxdb    ClusterIP   10.152.183.141   <none>        8083/TCP,8086/TCP   7m38s

But visiting http://10.152.183.238:443/ or https://SERVER_IP/ or any possible web combination will not give me the Dashboard. What am I doing wrong and how can I setup this up secure? It seems a great tool but can’t find a good help doc for running this on a Remote server.

I can access Grafana that is publicly available and would love it secure via
SERVER_IP:8080/api/v1/namespaces/kube-system/services/monitoring-grafana/proxy

Thanks in advance


#2

Hi @xJoeyv,

To get to the dashboard you should follow the instructions at Web UI (Dashboard) - Kubernetes . In short you microk8s.kubectl proxy and then the dashboard should be at http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ .

MicroK8s was designed as a local tool to aid development, it is not production grade and you should not deploy it in an hostile environment. My suggestion is to close all incoming connections but ssh and access MicroK8s after you log in to the VM.

There is work ready to make MicroK8s more secure. You can deploy a version of MicroK8s with the security patches with sudo snap install microk8s --classic --channel=1.13/edge/security-testing. You can also see the security fixes in https://github.com/ubuntu/microk8s/pull/88 . We would appreciate if you provided any feedback at the PR. These fixes are affecting the backwards compatibility of MicroK8s thus we intend to release them with the upcoming v1.14 Kubernetes.

Thank you.