Question 97993 in Nginx Question posted in
The official documentation can be found here.

IngressRoute for Kubernetes-Dashboard using Traefik – Nginx

I’m moving my project to Kubernetes using Traefik for routing and MetalLB as my load balancer.

I’ve deployed several apps and I’d like to make use of official Kubernetes-Dashboard. So I deployed the Kubernetes-Dashboard using recommended config and created IngressRoute:

# dashboard.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`k8s.example.com`, `www.k8s.example.com`)
      kind: Rule
      middlewares:
        # - name: https-redirectscheme
        # - name: nginx-basic-auth
      services:
        - kind: Service
          name: kubernetes-dashboard
          # namespace: kubernetes-dashboard
          port: 443
  tls:
    secretName: k8s.example.com-tls

It shows up in the Traefik Dashboard, but when I try to access k8s.example.com I get Internal Server Error.

Thank you

Tags:

2

Answers


  1. 0

    I had the same problem – which is why I ended on this question. When I find out how to use the IngressRoute I’ll update this answer.

    This answer describes how to use NodePort instead.

    kubectl patch svc kubernetes-dashboard -p '{"spec": {"type": "NodePort"}}'
# Confirm
kubectl get svc -n kubernetes-dashboard kubernetes-dashboard -o yaml

# patch the dashboard
tee ~/nodeport_dashboard_patch.yaml<<EOF
spec:
  ports:
  - nodePort: 32000
    port: 443
    protocol: TCP
    targetPort: 8443
EOF

kubectl patch svc kubernetes-dashboard --patch "$(cat ~/nodeport_dashboard_patch.yaml)"

    Now the dashboard can be reached on the external IP Traefik gave you – in collaboration with MetalLB – with port :32000.
    If you have a website routed to your cluster, you can use:

    https://yourwebsite.com:32000

    As described in the link you shared, fetch the token by using:

    export SA_NAME= # admin user from the ServiceAccount
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${SA_NAME} | awk '{print $1}')

    (I could change this answer for a complete script to do this; If you’d like)

    Login or Signup to reply.
  2. 0

    Found the answer here: https://stackoverflow.com/a/69999245/3883694

    You can disable SSL certificate verification.

    https://doc.traefik.io/traefik/routing/overview/#transport-configuration

    ---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  name: traefik-dashboard-transport
  namespace: traefik
spec:
  serverName: traefik-dashboard
  insecureSkipVerify: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: dashboard
spec:
  entryPoints:
    - web
  routes:
    - match: (PathPrefix(`/dashboard`) || Host(`traefik.example.com`))
      kind: Rule
      services:
      - name: api@internal
        kind: TraefikService
      serversTransport: traefik-dashboard-transport
    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search