With MicroK8s it’s easy to enable the Kubernetes Dashboard by running
microk8s enable dashboard
If you’re running MicroK8s on a local PC or VM, you can access the dashboard with kube-proxy as described in the docs, but if you want to expose it properly then the best way to do this is with an Ingress resource.
Firstly, make sure you’ve got the Ingress addon enabled in your MicroK8s.
microk8s enable ingress
The simplest case is to set up a plain HTTP Ingress on port 80 which presents the Dashboard. However this is not recommended as it is insecure.
--- apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" name: dashboard namespace: kube-system spec: rules: - host: <your-external-address> http: paths: - backend: serviceName: kubernetes-dashboard servicePort: 443 path: /
For proper security we should serve the Dashboard via HTTPS on port 443. However there are some prerequisites:
- You need to set up Cert Manager
- You need to set up Let’s Encrypt as an Issuer so you can provision TLS certificates (included below)
- You need to use a fully-qualified domain name that matches the common name of your certificate, and it must be in DNS
--- apiVersion: cert-manager.io/v1alpha2 kind: Issuer metadata: name: letsencrypt-prod spec: acme: # The ACME server URL server: https://acme-v02.api.letsencrypt.org/directory # Email address used for ACME registration email: email@example.com # Name of a secret used to store the ACME account private key privateKeySecretRef: name: letsencrypt-prod # Enable the HTTP-01 challenge provider solvers: - http01: ingress: class: nginx --- apiVersion: extensions/v1beta1 kind: Ingress metadata: annotations: cert-manager.io/issuer: letsencrypt-prod kubernetes.io/ingress.class: nginx nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" name: dashboard namespace: kube-system spec: rules: - host: dashboard.example.com http: paths: - backend: serviceName: kubernetes-dashboard servicePort: 443 path: / tls: - hosts: - dashboard.example.com secretName: dashboard-ingress-cert
After applying this manifest, wait for the certificate to be ready:
$ kubectl get certs -n kube-system NAME READY SECRET AGE dashboard-ingress-cert True dashboard-ingress-cert 169m
2 thoughts on “Exposing the Kubernetes Dashboard with an Ingress”
In 1.20, you will need to change