Question 97293 in Nginx Question posted in
The official documentation can be found here.

How to access kubernetes dashboard via cloud Nginx ingress

I am using OCI cloud and OKE kubernetes cluster. I have deployed kubernetes dashboard and want it to expose using public IP via ingress layer.
I have Nginx ingress configured already with oracle cloud load balancer for other application and is working fine.

Now, when I edit the dashboard’s service and change it to "NodePort" and configure the load balancer using node port and by importing the ssl certificate, it’s working fine.

But, when I import self signed certificate in both LoadBalancer and ingress, it’s not working. I am getting 502 error as below.

enter image description here

Below is my ingress yaml file. I have imported the certificate as secret in k8s cluster already.

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-ingress
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  tls:
  - secretName: test-tls
  rules:
   - host:
     http:
      paths:
      - pathType: Prefix
        path: /#/
        backend:
          service:
            name: kubernetes-dashboard
            port:
              number: 443

I think the request is not reaching to service also. Am I missing something here? If anyone has any idea, Please help.

Tags:

2

Answers


  1. 0

    Ingress is actually acts as a reverse proxy. It gets traffic from the load balancer and forwards it to the service you directed to.
    If the target service is listening under tls your ingress needs to trust the certificate the dashboard presents.

    You have two ways to do it.

    1. Configure the dashboard to use a public certificate from ca. You can follow the instructions here.
    2. Cause the ingress deployment to trust the self-signed certificate of the dashboard. For do that you first need to created a self-signed certificate because the dashboard generates new certificate every time it starts. Once you create the self-signed cert, add it to kubernetes as a secret and configure the dashboard to use it.
      Then you need to inject it to your ingress too so it will be trusted.
      You do it by mounting the tls cert as a secret volume in your ingress container (inside the pod definition)
             volumeMounts:
            - mountPath: /etc/ssl/certs/dashboard-tls.pem
              name: dashboard-tls
              subPath: tls.crt
              readOnly: true
      volumes:
        - name: dashboard-tls
          secret:
            secretName: kubernetes-dashboard-self-signed-tls
    Login or Signup to reply.
  2. 0

    A 502 Bad Gateway error is a 5xx server error that indicates a server received an invalid response from a proxy or gateway server. In Kubernetes, this can happen when a client attempts to access an application deployed within a pod, but one of the servers responsible for relaying the request—the Ingress, the Service, or the pod itself—is not available or not properly configured.

    To debug a 502 bad gateway error in kubernetes refer to this link.

    To access kubernetes dashboard via Cloud Nginx Ingress refer this stackpost1 and stackpost2.

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search