Skip to content

Kubernetes Dashboard Ingress Configuration

When configuring the Kubernetes Dashboard for external access via Ingress, specific considerations regarding [[SSL]] handling and port exposure are required.

Access Configuration

The Dashboard can be accessed via HTTPS using the cluster's IP address and a designated NodePort.^[400-devops__06-Kubernetes__k8s-learning__linux__03-dashboard__README.md]

https://[Cluster_IP]:[nodeport]

For example, the provided configuration uses port 31260:^[400-devops__06-Kubernetes__k8s-learning__linux__03-dashboard__README.md]

https://hdss7-11.host.com:31260

Ingress and SSL Limitations

Direct exposure of the Dashboard through an Ingress Controller presents challenges, primarily due to the necessity of handling [[SSL]]/TLS certificates properly.^[400-devops__06-Kubernetes__k8s-learning__linux__03-dashboard__README.md] The source material indicates that Ingress usage may result in a failure if SSL is not explicitly managed.^[400-devops__06-Kubernetes__k8s-learning__linux__03-dashboard__README.md]

An alternative access point listed via Ingress (on port 30041) suggests the configuration was intended to route through a proxy, though the specific Ingress resource definition is not detailed in the provided logs.^[400-devops__06-Kubernetes__k8s-learning__linux__03-dashboard__README.md]

Authentication

To log in to the Dashboard, an authentication token is required. This involves creating a ServiceAccount and binding it to a ClusterRole.^[400-devops__06-Kubernetes__k8s-learning__linux__03-dashboard__README.md]

  1. Create Admin User: Apply the RBAC configuration. 

    [kubectl](<./kubectl.md>) apply -f 02-dashboard-account.yaml
    Output: serviceaccount/admin-user created^[400-devops__06-Kubernetes__k8s-learning__linux__03-dashboard__README.md]

  2. Retrieve Token: Extract the Bearer token from the created secret. shell [kubectl](<./kubectl.md>) -n kubernetes-dashboard get secret $([kubectl](<./kubectl.md>) -n kubernetes-dashboard get sa/admin-user -o jsonpath="{.secrets[0].name}") -o go-template="{{.data.token | base64decode}}"^[400-devops__06-Kubernetes__k8s-learning__linux__03-dashboard__README.md]

Sources

  • 400-devops__06-Kubernetes__k8s-learning__linux__03-dashboard__README.md