I'm moving my project to Kubernetes using Traefik for routing and MetalLB as my load balancer.
I've deployed several apps and I'd like to make use of official Kubernetes-Dashboard. So I deployed the Kubernetes-Dashboard using recommended config and created IngressRoute:
# dashboard.yaml
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
entryPoints:
- websecure
routes:
- match: Host(`k8s.example.com`, `www.k8s.example.com`)
kind: Rule
middlewares:
# - name: https-redirectscheme
# - name: nginx-basic-auth
services:
- kind: Service
name: kubernetes-dashboard
# namespace: kubernetes-dashboard
port: 443
tls:
secretName: k8s.example.com-tls
It shows up in the Traefik Dashboard, but when I try to access k8s.example.com I get Internal Server Error.
Thank you
I had the same problem - which is why I ended on this question. When I find out how to use the IngressRoute I'll update this answer.
This answer describes how to use NodePort instead.
kubectl patch svc kubernetes-dashboard -p '{"spec": {"type": "NodePort"}}'
# Confirm
kubectl get svc -n kubernetes-dashboard kubernetes-dashboard -o yaml
# patch the dashboard
tee ~/nodeport_dashboard_patch.yaml<<EOF
spec:
ports:
- nodePort: 32000
port: 443
protocol: TCP
targetPort: 8443
EOF
kubectl patch svc kubernetes-dashboard --patch "$(cat ~/nodeport_dashboard_patch.yaml)"
Now the dashboard can be reached on the external IP Traefik gave you - in collaboration with MetalLB - with port :32000.
If you have a website routed to your cluster, you can use:
https://yourwebsite.com:32000
As described in the link you shared, fetch the token by using:
export SA_NAME= # admin user from the ServiceAccount
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep ${SA_NAME} | awk '{print $1}')
(I could change this answer for a complete script to do this; If you'd like)