ingress configuration for dashboard

2019-03-21 12:02发布

站内问答 / Kubernetes
1931 3 6

I did nginx ingress controller tutorial from github and exposed kubernetes dashboard

kubernetes-dashboard   NodePort    10.233.53.77    <none>        443:31925/TCP   20d

created ingress 

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    ingress.kubernetes.io/ssl-passthrough: "true"
    nginx.org/ssl-backends: "kubernetes-dashboard"
    kubernetes.io/ingress.allow-http: "false"
  name: dashboard-ingress
  namespace: kube-system
spec:
  tls:
  - hosts:
    - serverdnsname
    secretName: kubernetes-dashboard-certs
  rules:
  - host: serverdnsname
    http:
      paths:
      - path: /dashboard
        backend:
          serviceName: kubernetes-dashboard
          servicePort: 443

ingress-nginx   ingress-nginx          NodePort    10.233.21.200   <none>        80:30827/TCP,443:32536/TCP   5h

https://serverdnsname:32536/dashboard but dashboard throws error 

2018/01/18 14:42:51 http: TLS handshake error from ipWhichEndsWith.77:52686: tls: first record does not look like a TLS handshake

and ingress controller logs

2018/01/18 14:42:51 [error] 864#864: *37 upstream sent no valid HTTP/1.0 header while reading response header from upstream, client: 10.233.82.1, server: serverdnsname, request: "GET /dashboard HTTP/2.0", upstream: "http://ipWhichEndsWith.249:8443/dashboard", host: "serverdnsname:32536"
10.233.82.1 - [10.233.82.1] - - [18/Jan/2018:14:42:51 +0000] "GET /dashboard HTTP/2.0" 009 7 "-" "Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36 OPR/49.0.2725.64" 25 0.001 [kube-system-kubernetes-dashboard-443] ipWhichEndsWith.249:8443 7 0.001 200

On my mind it is related with nginx redirection to upstream: "http://ipWhichEndsWith.249:8443/dashboard" . tried to update controller image version to 0.9.0-beta.19 - didnt help

Thank you for any help.

3条回答
Lonely孤独者°
2楼-- · 2019-03-21 12:50

Just for code reference. There are 2 gtochas. Setting the proper annotations since the dashboard talks https and using the correct namepace for the ingress. tls config is optional.

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: dashboard-google
  namespace: kube-system
  annotations:
    nginx.ingress.kubernetes.io/secure-backends: "true"
    nginx.ingress.kubernetes.io/ssl-passthrough: "true"
spec:
  tls:
    - hosts:
      - kube.mydomain.com
      secretName: tls-secret
  rules:
    - host: kube.mydomain.com
      http:
        paths:
        - path: /
          backend:
            serviceName: kubernetes-dashboard
            servicePort: 443
查看更多
0人赞 添加讨论(0) 举报
做个烂人
3楼-- · 2019-03-21 12:58

As you pointed out, looks like nginx is proxying your https request to ipWhichEndsWith.249:8443, which is an HTTPS endpoint, using http as protocol.

You should add the following annotation to your PodSpec:

nginx.ingress.kubernetes.io/secure-backends: "true"

This should make nginx forward your request to the pods with https.

Source: https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/annotations.md#secure-backends

查看更多
0人赞 添加讨论(0) 举报
做个烂人
4楼-- · 2019-03-21 13:03

You could also use the helm charts available here

https://github.com/helm/charts/tree/master/stable/kubernetes-dashboard

Then setup your values.yaml file in order to override ingress parts like enable it, and adding hosts are available.

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(6)