stackoom
  简体   繁体   中英

IngressRoute for Kubernetes-Dashboard using Traefik

 原文  2022-03-07 10:20:29       kubernetes/ traefik-ingress/ kubernetes-dashboard

Question

I'm moving my project to Kube.netes using Traefik for routing and MetalLB as my load balancer.

I've deployed several apps and I'd like to make use of official Kube.netes-Dashboard . So I deployed the Kube.netes-Dashboard using recommended config and created IngressRoute:

# dashboard.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`k8s.example.com`, `www.k8s.example.com`)
      kind: Rule
      middlewares:
        # - name: https-redirectscheme
        # - name: nginx-basic-auth
      services:
        - kind: Service
          name: kubernetes-dashboard
          # namespace: kubernetes-dashboard
          port: 443
  tls:
    secretName: k8s.example.com-tls

It shows up in the Traefik Dashboard, but when I try to access k8s.example.com I get Internal Server Error .

Thank you

2 answers

solution1
 0 ACCPTED  2022-06-05 07:30:35

I had the same problem - which is why I ended on this question. When I find out how to use the IngressRoute I'll update this answer.

This answer describes how to use NodePort instead.

kubectl patch svc kubernetes-dashboard -p '{"spec": {"type": "NodePort"}}'
# Confirm
kubectl get svc -n kubernetes-dashboard kubernetes-dashboard -o yaml

# patch the dashboard
tee ~/nodeport_dashboard_patch.yaml<<EOF
spec:
  ports:
  - nodePort: 32000
    port: 443
    protocol: TCP
    targetPort: 8443
EOF

kubectl patch svc kubernetes-dashboard --patch "$(cat ~/nodeport_dashboard_patch.yaml)"

Now the dashboard can be reached on the external IP Traefik gave you - in collaboration with MetalLB - with port:32000.
If you have a website routed to your cluster, you can use:

https://yourwebsite.com:32000

As described in the link you shared, fetch the token by using:

export SA_NAME= # admin user from the ServiceAccount
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${SA_NAME} | awk '{print $1}')

(I could change this answer for a complete script to do this; If you'd like)

solution2
 0  2023-01-04 21:27:57

Found the answer here: https://stackoverflow.com/a/69999245/3883694

You can disable SSL certificate verification.

https://doc.traefik.io/traefik/routing/overview/#transport-configuration 

---
apiVersion: traefik.containo.us/v1alpha1
kind: ServersTransport
metadata:
  name: traefik-dashboard-transport
  namespace: traefik
spec:
  serverName: traefik-dashboard
  insecureSkipVerify: true
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: dashboard
spec:
  entryPoints:
    - web
  routes:
    - match: (PathPrefix(`/dashboard`) || Host(`traefik.example.com`))
      kind: Rule
      services:
      - name: api@internal
        kind: TraefikService
      serversTransport: traefik-dashboard-transport

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question kubernetes-dashboard - authentication CrashLoopBackOff on kubernetes-dashboard Kubernetes with Kubeadm on Centos 7 and kubernetes-dashboard Unable to Access Traefik Dashboard or K8s Services on DigitalOcean K8s using Traefik's IngressRoute CRD Kubernetes-dashboard pod is crashing again and again Kubernetes-dashboard empty : every resources are forbidden Installing kubernetes-dashboard with helm fails How to update kubernetes-dashboard with kubespray How to get the endpoint for kubernetes-dashboard message: "services "kubernetes-dashboard" not found",
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM