Access OCI OKE Kubernetes Dashboard locally through Cloud Shell Proxy and ngrok

0

This article tells you how to access the Kubernetes Dashboard on top of an Oracle Cloud Infrastructure OKE Cluster Instance from a browser – without locally installing kubectl. This trick uses OCI Cloud Shell to run kubectl to proxy to the dashboard application running inside the K8S Cluster and it uses ngrok to create a public channel to the proxy in Cloud Shell. Visualized like this:

image

 

OK, this looks complex. However, it is not so bad. Let’s peel some layers off:

  • the OKE Kubernetes Cluster was created using the Quick Start Wizard and the Dashboard was deployed when the cluster was created. (it could also easily have been deployed later on)
  • in OCI Cloud Shell, I generated a kube config file
    • that allows me to run kubectl against the Kubernetes Cluster
    • and to run kubectl proxy that makes a http proxy server available in the Cloud Shell VM that channels requests at port 8001 through to the Dashboard application
  • also in Cloud Shell – a second terminal window in a second OCI Console window – I have installed ngrok
    • next, I run the ngrok client – to forward requests to local port 8001 – where kubectl proxy is listening
  • Ngrok creates a public endpoint on its cloud
  • My local browser can access that public ngrok endpoint; requests are forwarded to the ngrok client on Cloud Shell, then to kubectl proxy on Cloud Shell and finally to the dashboard application running inside the Kubernetes Cluster.

Let’s now go over the steps one by one.

Prepare K8S

I will not discuss the provisioning of an OKE Cluster Instance – that is covered in several other places, for example in the OCI Documentation.

After the cluster has been created, a kubeconfig file is generated – as documented in the OCI Console for the OKE Cluster:

image

Subsequently, the cluster is prepared for Dashboard access, as described also in the OCI Console (and in the documentation):

SNAGHTML61fd24e

 

When these steps are followed in Cloud Shell, you will:

  • create a local kubeconfig
  • create a service account with access to the kube-system namespace
  • generate a token for this service account – and hold on to that token because we need it to paste into the Dashboard later on

Next, run kubectl proxy – using the following command:

kubectl proxy  --accept-hosts='^*$'

This will cause kubectl to run an http proxy in Cloud Shell where it will handle requests at port 8001 and send them to the Kubernetes Cluster to be handled by the Dashboard application.

 

Prepare ngrok in a second Cloud Shell

Start a second browser window and open OCI Console. Then open Cloud Shell in this window. Download ngrok (go to https://dashboard.ngrok.com/get-started and find the download URL for the Linux edition. Use wget to download the ZIP file, like this:

wget https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-amd64.zip

Extract nrgok from downloaded archive:

unzip ngrok-stable-linux-amd64.zip

Then run ngrok

./ngrok http 8001

This registers the nrgok client with the ngrok cloud; a public URL is assigned to the client. This public endpoint is shown in the commandline output. Any request sent to this public URL is passed through to the ngrok client that sends it to the local port 8001 – where we will have the kubectl proxy running.

image

Access Kubernetes Dashboard in a browser

Access the Kubernetes Dashboard from any browser running on any system at:

http://<assigned endpoint>.ngrok.io/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/

Paste the token that was generated a few steps back:

image

and press Sign In. The dashboard will open now – served by the ngrok cloud <= ngrok client <= kubectl proxy <= K8S Dashboard Application

image

I can now work with the Kubernetes Dashboard on my local laptop against the cloud based OKE Cluster without locally installing anything at all (besides the browser).

Resources

ngrok – home page: https://ngrok.com/ 

Article on getting started with ngrok: https://technology.amis.nl/2016/12/07/publicly-exposing-a-local-service-to-nearby-and-far-away-consumer-on-the-internet-using-ngrok/ 

OCI Documentation on provisioning of an OKE Cluster Instance – Documentation.

OCI Documentation on starting the Kubernetes Dashboard: https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengstartingk8sdashboard.htm 

Kubernetes Documentation on running an http proxy with kubectl https://kubernetes.io/docs/tasks/access-kubernetes-api/http-proxy-access-api/

About Author

Lucas Jellema, active in IT (and with Oracle) since 1994. Oracle ACE Director and Oracle Developer Champion. Solution architect and developer on diverse areas including SQL, JavaScript, Kubernetes & Docker, Machine Learning, Java, SOA and microservices, events in various shapes and forms and many other things. Author of the Oracle Press book Oracle SOA Suite 12c Handbook. Frequent presenter on user groups and community events and conferences such as JavaOne, Oracle Code, CodeOne, NLJUG JFall and Oracle OpenWorld.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.