ingress configuration for dashboard
I did nginx ingress controller tutorial from github and exposed kubernetes dashboard
kubernetes-dashboard NodePort 10.233.53.77 4
-
Just for code reference. There are 2 gtochas. Setting the proper annotations since the dashboard talks https and using the correct namepace for the ingress. tls config is optional.
--- apiVersion: extensions/v1beta1 kind: Ingress metadata: name: dashboard-google namespace: kube-system annotations: nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/ssl-passthrough: "true" spec: tls: - hosts: - kube.mydomain.com secretName: tls-secret rules: - host: kube.mydomain.com http: paths: - path: / backend: serviceName: kubernetes-dashboard servicePort: 443讨论(0) -
You could also use the helm charts available here
https://github.com/helm/charts/tree/master/stable/kubernetes-dashboard
Then setup your
values.yamlfile in order to overrideingressparts like enable it, and adding hosts are available.讨论(0) -
As you pointed out, looks like nginx is proxying your https request to
ipWhichEndsWith.249:8443, which is an HTTPS endpoint, usinghttpas protocol.You should add the following annotation to your PodSpec:
LATEST
This annotation was added to replace the deprecated annotation since 0.18.0
#2871 Add support for AJP protocol
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
DEPRECATED
This annotation was deprecated in 0.18.0 and removed after the release of 0.20.0
#3203 Remove annotations grpc-backend and secure-backend already deprecated
nginx.ingress.kubernetes.io/secure-backends: "true"
This should make nginx forward your request to the pods with https.
Source: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/nginx-configuration/annotations.md#backend-protocol
Docs: https://kubernetes.github.io/ingress-nginx/user-guide/nginx-configuration/annotations/#backend-protocol
讨论(0) -
To keep this ticket updated (if user uses nginx ingress) in order to reach the Kubernetes Dashboard you need to apply the following annotations:
annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"Do not use
secure-backendson later versions thanimage: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1. It is replaced bybackend-protocol.If the user is using ingress in non https port e.g. 80 can be done as documented here TLS termination (nging ingress documentation).
Sample of complete code with subdomain:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: kubernetes-dashboard-ingress namespace: kubernetes-dashboard annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" spec: tls: - hosts: - "dashboard.my.example.com" secretName: kubernetes-dashboard-secret rules: - host: "dashboard.my.example.com" http: paths: - path: / pathType: Prefix backend: service: name: kubernetes-dashboard port: number: 443Hope this help other beginners like me not to spend so much time to figure out how to do it. Also the user should take in consideration the external load balancer configuration towards the ingress controller. Remember to set it up as
SSL Pass-Throughfor the port that you will be forwarding.Update: In case the user wants to use another ingress provider e.g. Kubernetes Ingress Controller Documentation/HAProxy Kubernetes Ingress/Controller 1.4
Sample of code with annotations:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: kubernetes-dashboard-ingress namespace: kubernetes-dashboard annotations: haproxy.org/server-ssl: "true" spec: tls: - hosts: - "dashboard.my.example.com" secretName: kubernetes-dashboard-secret rules: - host: "dashboard.my.example.com" http: paths: - path: / pathType: Prefix backend: service: name: kubernetes-dashboard port: number: 443The user should not forget that the secrets are unique per namespace.
讨论(0)
加载中...
- 热议问题