I'm moving my project to Kube.netes using Traefik for routing and MetalLB as my load balancer.
I've deployed several apps and I'd like to make use of official Kube.netes-Dashboard . So I deployed the Kube.netes-Dashboard using recommended config and created IngressRoute:
# dashboard.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
entryPoints:
- websecure
routes:
- match: Host(`k8s.example.com`, `www.k8s.example.com`)
kind: Rule
middlewares:
# - name: https-redirectscheme
# - name: nginx-basic-auth
services:
- kind: Service
name: kubernetes-dashboard
# namespace: kubernetes-dashboard
port: 443
tls:
secretName: k8s.example.com-tls
It shows up in the Traefik Dashboard, but when I try to access k8s.example.com I get Internal Server Error
.
Thank you
I had the same problem - which is why I ended on this question. When I find out how to use the IngressRoute
I'll update this answer.
This answer describes how to use NodePort
instead.
kubectl patch svc kubernetes-dashboard -p '{"spec": {"type": "NodePort"}}'
# Confirm
kubectl get svc -n kubernetes-dashboard kubernetes-dashboard -o yaml
# patch the dashboard
tee ~/nodeport_dashboard_patch.yaml<<EOF
spec:
ports:
- nodePort: 32000
port: 443
protocol: TCP
targetPort: 8443
EOF
kubectl patch svc kubernetes-dashboard --patch "$(cat ~/nodeport_dashboard_patch.yaml)"
Now the dashboard can be reached on the external IP Traefik gave you - in collaboration with MetalLB - with port:32000.
If you have a website routed to your cluster, you can use:
https://yourwebsite.com:32000
As described in the link you shared, fetch the token by using:
export SA_NAME= # admin user from the ServiceAccount
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${SA_NAME} | awk '{print $1}')
(I could change this answer for a complete script to do this; If you'd like)
Found the answer here: https://stackoverflow.com/a/69999245/3883694
You can disable SSL certificate verification.
https://doc.traefik.io/traefik/routing/overview/#transport-configuration
---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
name: traefik-dashboard-transport
namespace: traefik
spec:
serverName: traefik-dashboard
insecureSkipVerify: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: dashboard
spec:
entryPoints:
- web
routes:
- match: (PathPrefix(`/dashboard`) || Host(`traefik.example.com`))
kind: Rule
services:
- name: api@internal
kind: TraefikService
serversTransport: traefik-dashboard-transport
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.