ingress configuration for dashboard
As you pointed out, looks like nginx is proxying your https request to ipWhichEndsWith.249:8443
, which is an HTTPS endpoint, using http
as protocol.
You should add the following annotation to your PodSpec:
LATEST
This annotation was added to replace the deprecated annotation since 0.18.0
#2871 Add support for AJP protocol
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
DEPRECATED
This annotation was deprecated in 0.18.0 and removed after the release of 0.20.0
#3203 Remove annotations grpc-backend and secure-backend already deprecated
nginx.ingress.kubernetes.io/secure-backends: "true"
This should make nginx forward your request to the pods with https.
Just for code reference. There are 2 gtochas. Setting the proper annotations since the dashboard talks https and using the correct namepace for the ingress. tls config is optional.
---apiVersion: extensions/v1beta1kind: Ingressmetadata: name: dashboard-google namespace: kube-system annotations: nginx.ingress.kubernetes.io/secure-backends: "true" nginx.ingress.kubernetes.io/ssl-passthrough: "true"spec: tls: - hosts: - kube.mydomain.com secretName: tls-secret rules: - host: kube.mydomain.com http: paths: - path: / backend: serviceName: kubernetes-dashboard servicePort: 443
To keep this ticket updated (if user uses nginx ingress) in order to reach the Kubernetes Dashboard you need to apply the following annotations:
annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
Do not use secure-backends
on later versions than image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.26.1
. It is replaced by backend-protocol
.
If the user is using ingress in non https port e.g. 80 can be done as documented here TLS termination (nging ingress documentation).
Sample of complete code with subdomain:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: kubernetes-dashboard-ingress namespace: kubernetes-dashboard annotations: kubernetes.io/ingress.class: "nginx" nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" spec: tls: - hosts: - "dashboard.my.example.com" secretName: kubernetes-dashboard-secret rules: - host: "dashboard.my.example.com" http: paths: - path: / pathType: Prefix backend: service: name: kubernetes-dashboard port: number: 443
Hope this help other beginners like me not to spend so much time to figure out how to do it. Also the user should take in consideration the external load balancer configuration towards the ingress controller. Remember to set it up as SSL Pass-Through
for the port that you will be forwarding.
Update: In case the user wants to use another ingress provider e.g. Kubernetes Ingress Controller Documentation/HAProxy Kubernetes Ingress/Controller 1.4
Sample of code with annotations:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: kubernetes-dashboard-ingress namespace: kubernetes-dashboard annotations: haproxy.org/server-ssl: "true" spec: tls: - hosts: - "dashboard.my.example.com" secretName: kubernetes-dashboard-secret rules: - host: "dashboard.my.example.com" http: paths: - path: / pathType: Prefix backend: service: name: kubernetes-dashboard port: number: 443
The user should not forget that the secrets are unique per namespace.