Dashboard: Traefik Error

Created on 12 Dec 2017 · 2Comments · Source: kubernetes/dashboard

Environment

Dashboard version:v1.8.0
Kubernetes version:v1.8.4
Operating system: CentOS
Node.js version:
Go version:

Steps to reproduce

When I Use Traefik to expose dashborad recevied tls error

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout ~/ssl/dashboard/tls.key -out  ~/ssl/dashboard/tls.crt -subj "/CN=dashboard/O=dashboard"
kubectl create secret generic kubernetes-dashboard-certs --from-file=$HOME/ssl/dashboard -n kube-system
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

dashboard-ingress.yaml

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: dashboard-ingress
  namespace: kube-system
  annotations:
    kubernetes.io/ingress.class: traefik
spec:
  tls:
  - secretName: kubernetes-dashboard-certs
  rules:
  - host: dashboard.k8s
    http:
      paths:
      - backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

When I Use kubectl proxy,It's everything fine

Observed result

curl -v -sSL --insecure https://127.0.0.1:30443/ -H Host:dashboard.k8s

2017/12/12 09:49:06 http: TLS handshake error from 10.233.75.7:40606: remote error: tls: bad certificate

Source

ZQiannnn

Most helpful comment

I spent few hours for this issue to figure out! Finally I solved by using -insecure- http on backend connection from Traefik to Kubernetes Dashboard container (https is still being used for frontend). Here is my service and ingress configuration for someone who has such problem:

---
kind: Service
apiVersion: v1
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
spec:
  selector:
    k8s-app: kubernetes-dashboard
  ports:
  - name: http
    port: 80
    targetPort: 9090

---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/frontend-entry-points: https # this is optional you can comment out
    traefik.ingress.kubernetes.io/auth-type: "basic" # this is optional you can comment out
    traefik.ingress.kubernetes.io/auth-secret: "kubernetes-dashboard-auth" # this is optional you can comment out
# if you want to enable insecure login and also have basic auth you may want to uncomment this
#    traefik.ingress.kubernetes.io/auth-remove-header: "true"

ahalimkara on 29 Sep 2018

🎉5

All 2 comments

This is some configuration issue. My knowledge about ingress resources is quite basic. You might want to ask how to configure certs and ingress on k8s core repo or on kubernetes slack. I don't think this is directly related to Dashboard.

floreks on 12 Dec 2017

---
kind: Service
apiVersion: v1
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
spec:
  selector:
    k8s-app: kubernetes-dashboard
  ports:
  - name: http
    port: 80
    targetPort: 9090

---
kind: Ingress
apiVersion: extensions/v1beta1
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
  labels:
    k8s-app: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/frontend-entry-points: https # this is optional you can comment out
    traefik.ingress.kubernetes.io/auth-type: "basic" # this is optional you can comment out
    traefik.ingress.kubernetes.io/auth-secret: "kubernetes-dashboard-auth" # this is optional you can comment out
# if you want to enable insecure login and also have basic auth you may want to uncomment this
#    traefik.ingress.kubernetes.io/auth-remove-header: "true"

ahalimkara on 29 Sep 2018

🎉5

Was this page helpful?

0 / 5 - 0 ratings