I have microk8s v1.22.2 running on Ubuntu 20.04.3 LTS.
Output from /etc/hosts
:
127.0.0.1 localhost
127.0.1.1 main
Excerpt from microk8s status
:
addons:
enabled:
dashboard # The Kubernetes dashboard
ha-cluster # Configure high availability on the current node
ingress # Ingress controller for external access
metrics-server # K8s Metrics Server for API access to service metrics
I checked for the running dashboard (kubectl get all --all-namespaces
):
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/calico-node-2jltr 1/1 Running 0 23m
kube-system pod/calico-kube-controllers-f744bf684-d77hv 1/1 Running 0 23m
kube-system pod/metrics-server-85df567dd8-jd6gj 1/1 Running 0 22m
kube-system pod/kubernetes-dashboard-59699458b-pb5jb 1/1 Running 0 21m
kube-system pod/dashboard-metrics-scraper-58d4977855-94nsp 1/1 Running 0 21m
ingress pod/nginx-ingress-microk8s-controller-qf5pm 1/1 Running 0 21m
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 10.152.183.1 <none> 443/TCP 23m
kube-system service/metrics-server ClusterIP 10.152.183.81 <none> 443/TCP 22m
kube-system service/kubernetes-dashboard ClusterIP 10.152.183.103 <none> 443/TCP 22m
kube-system service/dashboard-metrics-scraper ClusterIP 10.152.183.197 <none> 8000/TCP 22m
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
kube-system daemonset.apps/calico-node 1 1 1 1 1 kubernetes.io/os=linux 23m
ingress daemonset.apps/nginx-ingress-microk8s-controller 1 1 1 1 1 <none> 22m
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system deployment.apps/calico-kube-controllers 1/1 1 1 23m
kube-system deployment.apps/metrics-server 1/1 1 1 22m
kube-system deployment.apps/kubernetes-dashboard 1/1 1 1 22m
kube-system deployment.apps/dashboard-metrics-scraper 1/1 1 1 22m
NAMESPACE NAME DESIRED CURRENT READY AGE
kube-system replicaset.apps/calico-kube-controllers-69d7f794d9 0 0 0 23m
kube-system replicaset.apps/calico-kube-controllers-f744bf684 1 1 1 23m
kube-system replicaset.apps/metrics-server-85df567dd8 1 1 1 22m
kube-system replicaset.apps/kubernetes-dashboard-59699458b 1 1 1 21m
kube-system replicaset.apps/dashboard-metrics-scraper-58d4977855 1 1 1 21m
I want to expose the microk8s dashboard within my local network to access it through http://main/dashboard/
To do so, I did the following nano ingress.yaml
:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
annotations:
kubernetes.io/ingress.class: public
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
name: dashboard
namespace: kube-system
spec:
rules:
- host: main
http:
paths:
- backend:
serviceName: kubernetes-dashboard
servicePort: 443
path: /
Enabling the ingress-config through kubectl apply -f ingress.yaml
gave the following error:
error: unable to recognize "ingress.yaml": no matches for kind "Ingress" in version "extensions/v1beta1"
Help would be much appreciated, thanks!
Update: @harsh-manvar pointed out a mismatch in the config version. I have rewritten ingress.yaml to a very stripped down version:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: dashboard
namespace: kube-system
spec:
rules:
- http:
paths:
- path: /dashboard
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 443
Applying this works. Also, the ingress rule gets created.
NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE
kube-system dashboard public * 127.0.0.1 80 11m
However, when I access the dashboard through http://<ip-of-kubernetes-master>/dashboard
, I get a 400
error.
Log from the ingress controller:
192.168.0.123 - - [10/Oct/2021:21:38:47 +0000] "GET /dashboard HTTP/1.1" 400 54 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/94.0.4606.71 Safari/537.36" 466 0.002 [kube-system-kubernetes-dashboard-443] [] 10.1.76.3:8443 48 0.000 400 ca0946230759edfbaaf9d94f3d5c959a
Does the dashboard also need to be exposed using the microk8s proxy
? I thought the ingress controller would take care of this, or did I misunderstand this?
To fix the error error: unable to recognize "ingress.yaml": no matches for kind "Ingress" in version "extensions/v1beta1
you need to set apiVersion
to the networking.k8s.io/v1
. From the Kubernetes v1.16 article about deprecated APIs:
- NetworkPolicy in the extensions/v1beta1 API version is no longer served - Migrate to use the networking.k8s.io/v1 API version, available since v1.8. Existing persisted data can be retrieved/updated via the new version.
Now moving to the second issue. You need to add a few annotations and make few changes in your Ingress definition to make dashboard properly exposed on the microk8s cluster:
nginx.ingress.kubernetes.io/rewrite-target: /$2
annotationnginx.ingress.kubernetes.io/configuration-snippet: | rewrite ^(/dashboard)$ $1/ redirect;
annotationpath: /dashboard
to path: /dashboard(/|$)(.*)
We need them to properly forward the request to the backend pods - good explanation in this article:
Note: The "nginx.ingress.kubernetes.io/rewrite-target" annotation rewrites the URL before forwarding the request to the backend pods. In /dashboard(/|$)(.*) for path, (.*) stores the dynamic URL that's generated while accessing the Kubernetes Dashboard. The "nginx.ingress.kubernetes.io/rewrite-target" annotation replaces the captured data in the URL before forwarding the request to the kubernetes-dashboard service. The "nginx.ingress.kubernetes.io/configuration-snippet" annotation rewrites the URL to add a trailing slash ("/") only if ALB-URL/dashboard is accessed.
Also we need another two changes:
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
annotation to tell NGINX Ingress to communicate with Dashboard service using HTTPskubernetes.io/ingress.class: public
annotation to use NGINX Ingress created by microk8s ingress
pluginAfter implementing everything above, the final YAML file looks like this:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /$2
nginx.ingress.kubernetes.io/configuration-snippet: |
rewrite ^(/dashboard)$ $1/ redirect;
nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
kubernetes.io/ingress.class: public
name: dashboard
namespace: kube-system
spec:
rules:
- http:
paths:
- path: /dashboard(/|$)(.*)
pathType: Prefix
backend:
service:
name: kubernetes-dashboard
port:
number: 443
It should work fine. No need to run microk8s proxy
command.