skip to Main Content

I’m moving my project to Kubernetes using Traefik for routing and MetalLB as my load balancer.

I’ve deployed several apps and I’d like to make use of official Kubernetes-Dashboard. So I deployed the Kubernetes-Dashboard using recommended config and created IngressRoute:

# dashboard.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`k8s.example.com`, `www.k8s.example.com`)
      kind: Rule
      middlewares:
        # - name: https-redirectscheme
        # - name: nginx-basic-auth
      services:
        - kind: Service
          name: kubernetes-dashboard
          # namespace: kubernetes-dashboard
          port: 443
  tls:
    secretName: k8s.example.com-tls

It shows up in the Traefik Dashboard, but when I try to access k8s.example.com I get Internal Server Error.

Thank you

2

Answers


  1. I had the same problem – which is why I ended on this question. When I find out how to use the IngressRoute I’ll update this answer.

    This answer describes how to use NodePort instead.

    kubectl patch svc kubernetes-dashboard -p '{"spec": {"type": "NodePort"}}'
    # Confirm
    kubectl get svc -n kubernetes-dashboard kubernetes-dashboard -o yaml
    
    # patch the dashboard
    tee ~/nodeport_dashboard_patch.yaml<<EOF
    spec:
      ports:
      - nodePort: 32000
        port: 443
        protocol: TCP
        targetPort: 8443
    EOF
    
    kubectl patch svc kubernetes-dashboard --patch "$(cat ~/nodeport_dashboard_patch.yaml)"
    

    Now the dashboard can be reached on the external IP Traefik gave you – in collaboration with MetalLB – with port :32000.
    If you have a website routed to your cluster, you can use:

    https://yourwebsite.com:32000
    

    As described in the link you shared, fetch the token by using:

    export SA_NAME= # admin user from the ServiceAccount
    kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${SA_NAME} | awk '{print $1}')
    

    (I could change this answer for a complete script to do this; If you’d like)

    Login or Signup to reply.
  2. Found the answer here: https://stackoverflow.com/a/69999245/3883694

    You can disable SSL certificate verification.

    https://doc.traefik.io/traefik/routing/overview/#transport-configuration

    ---
    apiVersion: traefik.containo.us/v1alpha1
    kind: ServersTransport
    metadata:
      name: traefik-dashboard-transport
      namespace: traefik
    spec:
      serverName: traefik-dashboard
      insecureSkipVerify: true
    ---
    apiVersion: traefik.containo.us/v1alpha1
    kind: IngressRoute
    metadata:
      name: dashboard
    spec:
      entryPoints:
        - web
      routes:
        - match: (PathPrefix(`/dashboard`) || Host(`traefik.example.com`))
          kind: Rule
          services:
          - name: api@internal
            kind: TraefikService
          serversTransport: traefik-dashboard-transport
    
    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search