I am using OCI cloud and OKE kubernetes cluster. I have deployed kubernetes dashboard and want it to expose using public IP via ingress layer. I have Nginx ingress configured already with oracle cloud load balancer for other application and is working fine.
Now, when I edit the dashboard's service and change it to "NodePort" and configure the load balancer using node port and by importing the ssl certificate, it's working fine.
But, when I import self signed certificate in both LoadBalancer and ingress, it's not working. I am getting 502 error as below.
Below is my ingress yaml file. I have imported the certificate as secret in k8s cluster already.
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: dashboard-ingress annotations: kubernetes.io/ingress.class: "nginx" spec: tls:
- secretName: test-tls rules:
- host:
http:
paths:
- pathType: Prefix path: /#/ backend: service: name: kubernetes-dashboard port: number: 443
I think the request is not reaching to service also. Am I missing something here? If anyone has any idea, Please help.
CodePudding user response:
Ingress is actually acts as a reverse proxy. It gets traffic from the load balancer and forwards it to the service you directed to.
If the target service is listening under tls your ingress needs to trust the certificate the dashboard presents.
You have two ways to do it.
- Configure the dashboard to use a public certificate from ca. You can follow the instructions here.
- Cause the ingress deployment to trust the self-signed certificate of the dashboard. For do that you first need to created a self-signed certificate because the dashboard generates new certificate every time it starts. Once you create the self-signed cert, add it to kubernetes as a secret and configure the dashboard to use it. Then you need to inject it to your ingress too so it will be trusted. You do it by mounting the tls cert as a secret volume in your ingress container (inside the pod definition)
volumeMounts:
- mountPath: /etc/ssl/certs/dashboard-tls.pem
name: dashboard-tls
subPath: tls.crt
readOnly: true
volumes:
- name: dashboard-tls
secret:
secretName: kubernetes-dashboard-self-signed-tls
CodePudding user response:
A 502 Bad Gateway error is a 5xx server error that indicates a server received an invalid response from a proxy or gateway server. In Kubernetes, this can happen when a client attempts to access an application deployed within a pod, but one of the servers responsible for relaying the request—the Ingress, the Service, or the pod itself—is not available or not properly configured.
To debug a 502 bad gateway error in kubernetes refer to this link.
To access kubernetes dashboard via Cloud Nginx Ingress refer this stackpost1 and stackpost2.