ingress configuration for dashboard

Question

I did nginx ingress controller tutorial from github and exposed kubernetes dashboard

kubernetes-dashboard   NodePort    10.233.53.77            4         


        

Answer 1

To keep this ticket updated (if user uses nginx ingress) in order to reach the Kubernetes Dashboard you need to apply the following annotations:

annotations:
  kubernetes.io/ingress.class: "nginx"
  nginx.ingress.kubernetes.io/ssl-passthrough: "true"
  nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"

Do not use secure-backends on later versions than image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1. It is replaced by backend-protocol.

If the user is using ingress in non https port e.g. 80 can be done as documented here TLS termination (nging ingress documentation).

Sample of complete code with subdomain:

apiVersion: networking.k8s.io/v1
      kind: Ingress
      metadata:
        name: kubernetes-dashboard-ingress
        namespace: kubernetes-dashboard
        annotations:
          kubernetes.io/ingress.class: "nginx"
          nginx.ingress.kubernetes.io/ssl-passthrough: "true"
          nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
      spec:
        tls:
        - hosts:
            - "dashboard.my.example.com"
          secretName: kubernetes-dashboard-secret
        rules:
        - host: "dashboard.my.example.com"
          http:
            paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: kubernetes-dashboard
                  port:
                    number: 443

Hope this help other beginners like me not to spend so much time to figure out how to do it. Also the user should take in consideration the external load balancer configuration towards the ingress controller. Remember to set it up as SSL Pass-Through for the port that you will be forwarding.

Update: In case the user wants to use another ingress provider e.g. Kubernetes Ingress Controller Documentation/HAProxy Kubernetes Ingress/Controller 1.4

Sample of code with annotations:

apiVersion: networking.k8s.io/v1
      kind: Ingress
      metadata:
        name: kubernetes-dashboard-ingress
        namespace: kubernetes-dashboard
        annotations:
          haproxy.org/server-ssl: "true"
      spec:
        tls:
        - hosts:
            - "dashboard.my.example.com"
          secretName: kubernetes-dashboard-secret
        rules:
          - host: "dashboard.my.example.com"
            http:
              paths:
              - path: /
                pathType: Prefix
                backend:
                  service:
                    name: kubernetes-dashboard
                    port:
                      number: 443

The user should not forget that the secrets are unique per namespace.