Yes, I think so too. And any ideas about my second question? :-)
> And in another hand, I can access the dashboard through apiserver > (http://<apiserver > IP>:<api server > port>/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard/), > can anyone let me know how it works? Actually I found in the host on which > apiserver is running, I can not access the dashboard via its service's > cluster IP since I do not have kube-proxy running on that host, so I am > curious why I can access dashboard through api server. > Thanks, Qian Zhang On Wed, Jun 1, 2016 at 10:49 AM, 'Ian Lewis' via Containers at Google < [email protected]> wrote: > I believe it's handled like any other service so, yes, by kube-proxy or > iptables. > > On Wed, Jun 1, 2016 at 11:44 AM Qian Zhang <[email protected]> wrote: > >> Thanks Ian! >> >> I think the 'kubernetes' service you are talking about is the following >> one, right? >> $ kubectl describe svc kubernetes >> Name: kubernetes >> Namespace: default >> Labels: component=apiserver >> provider=kubernetes >> Selector: <none> >> Type: ClusterIP >> IP: 10.0.0.1 >> Port: https 443/TCP >> Endpoints: 192.168.122.190:6443 >> Session Affinity: ClientIP >> No events. >> >> So dashboard access apiserver via this service's ClusterIP and port ( >> 10.0.0.1:443), right? But how can 10.0.0.1:443 is reachable from >> dashboard? Is it handled by kube-proxy in the node on which the dashboard >> is running? >> >> >> >> Thanks, >> Qian Zhang >> >> On Wed, Jun 1, 2016 at 10:06 AM, 'Ian Lewis' via Containers at Google < >> [email protected]> wrote: >> >>> The dashboard uses the 'kubernetes' service that is available inside the >>> cluster to access the API. The default service account >>> <http://kubernetes.io/docs/user-guide/service-accounts/> for pods >>> mounts tokens to each container at /var/run/secrets/ >>> kubernetes.io/serviceaccount/ that allow the container to authenticate >>> with the API. >>> >>> Hope that helps. >>> >>> On Wed, Jun 1, 2016 at 10:39 AM Qian Zhang <[email protected]> wrote: >>> >>>> Hi, >>>> >>>> I have deployed Kubernetes dashboard in my Kubernetes cluster with the >>>> following two yaml files: >>>> >>>> https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dashboard/dashboard-controller.yaml >>>> >>>> https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dashboard/dashboard-service.yaml >>>> >>>> The dashboard works well. I am just curious how the dashboard can know >>>> where the apiserver is? I think the dashboard need to access apiserver to >>>> query info and create objects, but in dashboard-controller.yaml, it seems >>>> there is no any info about the IP/port of apiserver, so how can dashboard >>>> connect to the apiserver? >>>> >>>> And in another hand, I can access the dashboard through apiserver >>>> (http://<apiserver IP>:<api server >>>> port>/api/v1/proxy/namespaces/kube-system/services/kubernetes-dashboard/), >>>> can anyone let me know how it works? Actually I found in the host on which >>>> apiserver is running, I can not access the dashboard via its service's >>>> cluster IP since I do not have kube-proxy running on that host, so I am >>>> curious why I can access dashboard through api server. >>>> >>>> >>>> Thanks, >>>> Qian >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Containers at Google" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to [email protected]. >>>> To post to this group, send email to [email protected] >>>> . >>>> Visit this group at https://groups.google.com/group/google-containers. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> -- >>> You received this message because you are subscribed to a topic in the >>> Google Groups "Containers at Google" group. >>> To unsubscribe from this topic, visit >>> https://groups.google.com/d/topic/google-containers/SXonajpZ0QA/unsubscribe >>> . >>> To unsubscribe from this group and all its topics, send an email to >>> [email protected]. >>> >> >>> To post to this group, send email to [email protected]. >>> Visit this group at https://groups.google.com/group/google-containers. >>> For more options, visit https://groups.google.com/d/optout. >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "Containers at Google" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To post to this group, send email to [email protected]. >> Visit this group at https://groups.google.com/group/google-containers. >> For more options, visit https://groups.google.com/d/optout. >> > -- > You received this message because you are subscribed to a topic in the > Google Groups "Containers at Google" group. > To unsubscribe from this topic, visit > https://groups.google.com/d/topic/google-containers/SXonajpZ0QA/unsubscribe > . > To unsubscribe from this group and all its topics, send an email to > [email protected]. > To post to this group, send email to [email protected]. > Visit this group at https://groups.google.com/group/google-containers. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Containers at Google" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/google-containers. For more options, visit https://groups.google.com/d/optout.
