This article tells you how to access the Kubernetes Dashboard on top of an Oracle Cloud Infrastructure OKE Cluster Instance from a browser – without locally installing kubectl. This trick uses OCI Cloud Shell to run kubectl to proxy to the dashboard application running inside the K8S Cluster and it uses ngrok to create a public channel to the proxy in Cloud Shell. Visualized like this:
OK, this looks complex. However, it is not so bad. Let’s peel some layers off:
- the OKE Kubernetes Cluster was created using the Quick Start Wizard and the Dashboard was deployed when the cluster was created. (it could also easily have been deployed later on)
- in OCI Cloud Shell, I generated a kube config file
- that allows me to run kubectl against the Kubernetes Cluster
- and to run kubectl proxy that makes a http proxy server available in the Cloud Shell VM that channels requests at port 8001 through to the Dashboard application
- also in Cloud Shell – a second terminal window in a second OCI Console window – I have installed ngrok
- next, I run the ngrok client – to forward requests to local port 8001 – where kubectl proxy is listening
- Ngrok creates a public endpoint on its cloud
- My local browser can access that public ngrok endpoint; requests are forwarded to the ngrok client on Cloud Shell, then to kubectl proxy on Cloud Shell and finally to the dashboard application running inside the Kubernetes Cluster.
Let’s now go over the steps one by one.
I will not discuss the provisioning of an OKE Cluster Instance – that is covered in several other places, for example in the OCI Documentation.
After the cluster has been created, a kubeconfig file is generated – as documented in the OCI Console for the OKE Cluster:
Subsequently, the cluster is prepared for Dashboard access, as described also in the OCI Console (and in the documentation):
When these steps are followed in Cloud Shell, you will:
- create a local kubeconfig
- create a service account with access to the kube-system namespace
- generate a token for this service account – and hold on to that token because we need it to paste into the Dashboard later on
Next, run kubectl proxy – using the following command:
kubectl proxy --accept-hosts='^*$'
This will cause kubectl to run an http proxy in Cloud Shell where it will handle requests at port 8001 and send them to the Kubernetes Cluster to be handled by the Dashboard application.
Prepare ngrok in a second Cloud Shell
Start a second browser window and open OCI Console. Then open Cloud Shell in this window. Download ngrok (go to https://dashboard.ngrok.com/get-started and find the download URL for the Linux edition. Use wget to download the ZIP file, like this:
Extract nrgok from downloaded archive:
Then run ngrok
./ngrok http 8001
This registers the nrgok client with the ngrok cloud; a public URL is assigned to the client. This public endpoint is shown in the commandline output. Any request sent to this public URL is passed through to the ngrok client that sends it to the local port 8001 – where we will have the kubectl proxy running.
Access Kubernetes Dashboard in a browser
Access the Kubernetes Dashboard from any browser running on any system at:
Paste the token that was generated a few steps back:
and press Sign In. The dashboard will open now – served by the ngrok cloud <= ngrok client <= kubectl proxy <= K8S Dashboard Application
I can now work with the Kubernetes Dashboard on my local laptop against the cloud based OKE Cluster without locally installing anything at all (besides the browser).
ngrok – home page: https://ngrok.com/
Article on getting started with ngrok: https://technology.amis.nl/2016/12/07/publicly-exposing-a-local-service-to-nearby-and-far-away-consumer-on-the-internet-using-ngrok/
OCI Documentation on provisioning of an OKE Cluster Instance – Documentation.
OCI Documentation on starting the Kubernetes Dashboard: https://docs.cloud.oracle.com/en-us/iaas/Content/ContEng/Tasks/contengstartingk8sdashboard.htm
Kubernetes Documentation on running an http proxy with kubectl https://kubernetes.io/docs/tasks/access-kubernetes-api/http-proxy-access-api/