kubectl proxy unauthorized when accessing from another machine - proxy

I have Kubernetes running on a VM on my dev box. I want to view the Kubernetes dashboard from the VM host. When I run the following command:
kubectl proxy --address 0.0.0.0 --accept-hosts ^/.*
When I try to access the dashboard I get an unauthorized error.
What am I missing?

The --accept-hosts access control is for checking of the hostname, so it won't start with a / (slash). You need to do:
kubectl proxy --address 0.0.0.0 --accept-hosts '.*'
(Make sure you shell escape the .* as it may match files in the current directory!)
More information at: https://kubernetes.io/docs/user-guide/kubectl/kubectl_proxy/

In case someone stumbles upon this question and wants to restrict the access to the Host of the Guest VM.
I'm using VirtualBox, and I was able to allow access only from the Host machine by using localhost and using SSH tunnel to the Guest VM
In Guest VM
$ kubectl proxy --address='0.0.0.0' --port=8002 --accept-hosts='localhost'
In Host machine I've added a hostname reference to static IP of the master plane kubemaster
$ echo "192.168.224.23 kubemaster" >> /etc/hosts
$ ssh -N -L 8001:localhost:8002 kube#kubemaster
In Host, open your browser and navigate tohttp://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/namespace?namespace=default

Related

Microk8s Access nginx pod to other Host Machines

I am using MIcrok8s 1.26v using Hyperv over windows 10. I am unable to access nginx pod to other host machines. I have exposed nginx using this cmd “microk8s kubectl expose deployment nginx-webserver --type=“NodePort” --port 80”. Its exposed to the clusterIP which i am able to access. What should i do to make the pod access to other host machines on the same network.
Microk8s version: 1.26v
windows version: 10 Pro
Hypervisor: HyperV
Using Multipass
I tried to access the pod with vm IP address. But was not able to access to other host machine.
Also not accessible to the host ip address where vm is deployed.
I got the solution after lots of research.
Step1: Because the IP address keeps on changing I have take this step.
To make microk8s work on DNS instead of IP Address
Edit the config file after login into microk8s-vm shell using multipass shell micrk8s-vm in cmd. Login to root user.
sudo su
vi /var/snap/microk8s/current/certs/csr.conf.template
add line >>>>>> under alt.names>>>>DNS.6 = microk8s-vm.mshome.net
exit the vim editor
Update the .kube/config and Microk8s/config . Replace the IP Address with the given dns name(eg: microk8s-vm.mshome.net)
Microk8s stop
Restart the Host machine.
Step 2: Because Microk8s port forwarding fails i have to opt for windows port forwarding.
Configure Windows port forwarding :https://woshub.com/port-forwarding-in-windows/
Now i am able to access the nginx web server on other windows machine.

How can I access port 8001 with a proxy server even when it's not open?

So I did the following:
minikube dashboard
kubectl proxy
And it says Starting to serve on 127.0.0.1:8001, however this port is not open on my VM (not included in my firewall rules)
then how am I able to access it via ssh tunneling?
Basically I did this:
ssh -L 12345:localhost:8001 myLogin#myRemoteServer
And then accessed it as:
http://localhost:12345/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/#/pod?namespace=default
I find this helpful kubectl proxy --address='0.0.0.0' --disable-filter=true

From a container running on Docker for Windows, how can I access a port on the host?

I'm running a CentOS-based container on Docker for Windows and trying to connect to an http service running on port 8545 of my host environment.
I've tried this, attempting a variety of suspected host names and IP addresses:
curl http://localhost:8545
But the error message I get is "curl: (7) Failed connect to localhost:8545; Connection refused"
How should I figure out what IP Address to use? Is there anything I need to configure as far as allowing the port number to be accessed from inside the container?
Localhost is not working yet I think with Docker for Windows.
There is few things you can try. First you can add EXPOSE 'portnumber' in the dockerfile so the container will listen on this port. You can also use docker run with -p 8545:8545, it will map the port of the container and the host.
To get the Ip address of the container you can use:
docker inspect -f "{{ .NetworkSettings.Networks.nat.IPAddress }}" containername
You can access the host using its ip but localhost/127.0.0.1 won't work (they will resolve to the Linux VM that is part of docker for windows). If you use the default network settings, your host should be reachable on 10.0.75.1 from your container

Docker Toolbox - Localhost not working

So I'm using Docker Toolbox because I don't have Hyper-V on my machine since it's not Windows 10 pro. Everything seems to work fine, but when I try to go on my browser 0.0.0.0:80 it always returns me: This site can’t be reached
But when I run the command: docker container ps I get the following: 0.0.0.0:80->80/tcp meaning that this address should work. I searched across stackoverflow and github issues. Now I'm stuck.
Am I missing something?
Thanks,
Mark
EDIT:
Using docker-machine ip default returns me 192.168.99.100. I run that on port 80. I still get the same result except that the address becomes the container id: https://fd677edg12
I run that command on cmd to find my ipv4: cmd /k ipconfig /all. Put the result with the port and it returns the same thing: https://fd677edg12
Docker Toolbox doesn't get as many conveniences as Docker for Windows, but you're correct in using it since you're on Home edition.
In Toolbox, nothing will be localhost, and will be 192.168.99.100 by default, since it's running a Linux VM in VirtualBox.
So if you run docker run -p 80:80 nginx
(notice I had to publish a port for 192.168.99.100 to listen on that port)
Then going to http://192.168.99.100 should work.
I initially had a few issues with accessing my Applications at localhost:8080 while using DockerToolBox and OracleVM VirtualBox.
In VirtualBox:
Click the appropriate machine (probably the one labeled "default")
Settings
Network > Adapter 1 > Advanced > Port Forwarding
Click "+" to add a new Rule
Set Host Port 8080 & Guest Port 8080; be sure to leave Host IP and Guest IP empty
Run the command:
docker run -p 8080:8080 ${image_id}
I was following docker for windows tutorial in https://docs.docker.com/docker-for-windows/#set-up-tab-completion-in-powershell and got stuck in step #6 when test nginx in the web browser. Seems I faced a similar problem since I also use Windows Home and don't have Hyper-V. My workaround is quite simple:
check your docker IP default
$ docker-machine ip default
192.168.99.100
Go to Oracle Virtual Machine to set for port forwarding. Make sure the network setting is NAT, and add port forwarding.
Host IP: 127.0.0.1, Guest IP: 192.168.99.100, port all set to 80
like this
Try again to your browser and run http://localhost or http://127.0.0.1 (can add the port 80 also). It should run.
The thing is that the nginx IP is meant to be accessible within the docker Virtual Machine, so that we need that port forwading setting in order to access it directly in the host machine's browser
You can use localhost instead of '192.168.99.100' by following the instructions:
Step #01:
docker-machine ip default
You will see the default IP
Step #02:
docker-machine stop default
Step #03:
Open VirtualBox Manager (from the start programs in windows search for VirtualBox Manager)
Select your Docker Machine VirtualBox image (e.g.: default)
Open Settings -> Network -> Advanced -> Port Forwarding
Add your app name, the desired host port and your guest port
i.e, app name : nginx, host: 127.0.0.1, host port: 80, guest port: 80
Step #04:
Now you’re ready to start your Docker Machine by executing the following:
docker-machine start default
Then just start your Docker container and you will be able to access it via localhost.
Have a look here for details.
To map the ports expected to localhost instead of hitting the docker-machine IP directly, you can use the VirtualBox CLI.
If the docker-machine VM (here called default) is running, add and delete rules like this:
> VBoxManage.exe controlvm "default" natpf1 "nginx,tcp,,8888,,8888"
> VBoxManage.exe controlvm "default" natpf1 delete nginx
If the VM is not running, or you want to stop before altering it:
> docker-machine stop
> VBoxManage.exe modifyvm "default" --natpf1 "nginx,tcp,,8888,,8888"
> VBoxManage.exe modifyvm "default" --natpf1 delete "nginx"
> docker-machine start
Where the format of the port forwarding rule is [<name>],tcp|udp,[<hostip>],<hostport>,[<guestip>], <guestport>.
Note that in VirtualBox, you want to map to the host port of Docker map, not the internal container port. You're mapping host -> VM, then Docker maps VM -> container.
See the VirtualBox docs.
This is another easy way to avoid typing the ip 192.168.99.100.
Go to C:\Windows\System32\drivers\etc\hosts and add at the end of the file:
192.168.99.100 docker.awesome or any name of your liking.
Save the file (You need to have admin rights so make sure you right click on the file and run as administrator to be able to save it when you edit it).
Go to your chosen domain name, docker.awesome:8080 in this case and there you have it.
After lot of trials, I was able to get this bulletin board.
The docker run command I used - docker run -p 4680:8080 --name bb bulletinboard:1.0
Here, 4680 is localhost port number.
8080 is container port number, the port at which the container will be listening. This port number is mentioned in the EXPOSE command in the Dockerfile.
Then, go to web-browser and type 192.168.99.100:4680
Here, 192.168.99.100 is the docker machine IP address (use command -> docker-machine ip)
After this, your browser page should open to -
Hope this helps you all!!

Docker container - how to configure so it gets a viable IP address when running in vagrant?

Docker (www.docker.io) looks terrific. However, after installing VirtualBox, Vagrant
... and finally Docker on a Mac, I'm finding it's not possible to access the service running in the Docker container from another computer (or from a terminal session on the Mac). The service I'm trying to access is Redis.
The problem appears to be that there's no route to the IP address assigned to the Docker container. In this case the container's IP is 172.16.42.2 while the Mac's IP is 196.168.0.3.
A couple notes:
It IS possible to access it - but only from within the VirtualBox session. This can be done using redis-cli -h 172.16.42.2 -p 6379.
I have added "config.vm.network :bridged" to the VagrantFile in an attempt to get the, but that didn't solve the problem.
The VM generated by vagrant is indeed isolated, in order to access it from your host, you can allocate a private network to it.
Instead of doing config.vm.network :bridged, try config.vm.network :private_network, ip: "192.168.50.4", It should do the trick
However, this will only allow you to access the VM itself, not the containers.
In order to do so, when running the container, you can add the -p option
ex: docker run -d -p 8989 base nc -lkp 8989
This will run a netcat listening on 8989 within a container and expose the port publicly. As it is also run with -d, the container will be in detached mode and the only output will be the container's ID
In order to expose the port, Docker do a simple NAT. In order to know the real port, you can
do docker port <ID of the container> 8989
Netcat will be available from the mac at 192.168.50.4:<result>
I just wrote a tutorial of how to use a host-only network and TCP routing to make this pretty easy. This way you don't have to map every specific port.
http://ispyker.blogspot.com/2014/04/accessing-docker-container-private.html
Important points ...
1) Add host-only network to Virtual Box
2) Tell the boot2docker VM to have an adapter on the host-only network
3) Add an IP for the new boot2docker VM host-only networking adapter
4) Route all Mac OS X traffic for the docker container subnet to that boot2docker VM host-only networking IP
Actual steps are on the blog with output so you can compare to what you see as you follow them.
I have installed tomcat from my Dockerfile and forwarded that to 6060 using vagrant`s port forwarding. These are the steps worked for me:
vagrant provision
vagrant up
vagrant ssh
box_name$ docker run -i -t -p 8080:8080 bsb_tomcat6 /bin/bash
Able to see tomcat up & running on localhost:6060, as I have done port forwarding to 6060 in my Vagrantfile
you also can define PRIVATE_NETWORK and FORWARD_DOCKER_PORTS environment variables to access your services that are running in docker containers:
$ vagrant halt
$ export PRIVATE_NETWORK=192.168.50.4
$ export FORWARD_DOCKER_PORTS=1
$ vagrant up
In my case i can access postgres from Mac using
$ telnet 192.168.50.4 49154
to find out actual application port you can use
$ sudo docker port 1854499c6547 5432
0.0.0.0:49154

Resources