Reputation: 301
Kubernetes dashboard through Ingress
I have Kubernetes Cluster with Ingress/Traefik controller
Also, I installed the dashboard using the standard config from here: https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml
I'm trying to access the Dashboard through Ingress, but I get 404 error
404 page not found
My ingress.yml file looks like this
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: "traefik"
name: app-ingress-system
namespace: kube-system
spec:
tls:
- hosts:
- dashboard.domain.com
secretName: kubernetes-dashboard-certs
rules:
- host: dashboard.domain.com
http:
paths:
- path: /
backend:
serviceName: kubernetes-dashboard
servicePort: 443
I've tried different - path: (like /dashboard, /proxy) same result
Upvotes: 10
Views: 16377
Answers (4)
Reputation: 164
For dashboard 7.5.0
Traefik
For traefik v3.1.1 and dashboard 7.5.0, using this yaml, it's safer with websecure.
---
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
name: dashboard-transport
namespace: kubernetes-dashboard
spec:
serverName: kubernetes-dashboard-kong-proxy
insecureSkipVerify: true
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: dashboard
namespace: default
spec:
entryPoints:
- websecure
routes:
- match: Host(`cluster1.example.com`)
kind: Rule
services:
- name: kubernetes-dashboard-kong-proxy
port: 443
scheme: https
serversTransport: dashboard-transport
namespace: kubernetes-dashboard
tls:
secretName: cluster1.example.com
domains:
- main: cluster1.example.com
sans:
- traefik1.example.com
Nginx
dashboard 7.5.0
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard
namespace: kubernetes-dashboard
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
cert-manager.io/cluster-issuer: example-com-letsencrypt-http01
spec:
ingressClassName: nginx
tls:
- hosts:
- cluster1.example.com
secretName: cluster1.example.com
rules:
- host: cluster1.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard-kong-proxy
port:
number: 443
Upvotes: 1
Reputation: 71
you can access the kubernetes dashboard without disabling ssl verification for the entire traefik server, by creating custom server transport for the ingressroute
---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: kubernetes-dashboard-transport
namespace: kubernetes-dashboard
spec:
serverName: kubernetes-dashboard
insecureSkipVerify: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kubernetes-dashboard-ingress
namespace: kubernetes-dashboard
spec:
entryPoints: # [1]
- websecure
routes: # [2]
- kind: Rule
match: Host(`k3sdashboard.example.xyz`) # [3]
priority: 10 # [4]
services: # [8]
- kind: Service
name: kubernetes-dashboard
namespace: kubernetes-dashboard
port: 443 # [9]
serversTransport: kubernetes-dashboard-transport
tls: # [11]
certResolver: dns-cloudflare
Upvotes: 3
Reputation: 776
This code works on microk8s. In some systems must change service kubernetes-dasboard type to NodePort
kubectl -n kube-system edit svc kubernetes-dashboard
Create a tls secret for yourdomain.com must be in the same namespace where is kubernates-dashboard, must have the crt and key files.
kubectl -n kube-system create secret tls yourdomain.com-tls --key="yourdomain.com.key" --cert="yourdomain.com.crt"
Use this code for create the ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-dashboard
namespace: kube-system
annotations:
kubernetes.io/ingress.class: public
#this redirect to https if try to enter over http
nginx.ingress.kubernetes.io/ssl-redirect: "true"
#this is required, because dashboard only run over HTTPS
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
#this requiered if want to protect site
#nginx.ingress.kubernetes.io/whitelist-source-range: <here your public ip>,<here server ip if want access from server>
spec:
tls:
- hosts:
- dashboard.yourdomain.com
secretName: yourdomain.com-tls
rules:
- host: dashboard.yourdomain.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 8443
Upvotes: -1
Reputation: 11942
This occurs because kubernetes-dashboard-certs doesnot have the file tls.crt and tls.key which are expected by traefik. You should get this in the traefik logs.
Next problems will be between traefik certificates and dashboard certificates. I still not understand how to fix properly this and configure traefik with the option :
ssl.insecureSkipVerify: "true"
The last one I had, is that http endpoint doesnot accept login, then finally I declare the ingress that redirect http to https like this :
kubectl apply -f - << EOF
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/ssl-redirect: "true"
spec:
rules:
- host: dashboard.domain.com
http:
paths:
- path: /
backend:
serviceName: kubernetes-dashboard
servicePort: 443
EOF
Upvotes: 4
Related Questions
- Accessing Kubernetes API via Kubernetes Dashboard Host
- Kubernetes Dashboard - Exposing with Ingress-Nginx
- Setup kuberenetes dashboard
- Kubernetes Dashboard: Display Ingress URLs
- Accessing Kubernetes Dashboard
- kubernetes remote access dashboard
- Kubernetes Dashboard accessing outside the cluster
- Kubernetes dashboard
- Expose kubernetes dashboard
- Kubernetes UI dashboard