Can you ingressroute to Kubernetes-Dashboard with Auth Middleware?

jamesarbrown · March 6, 2022, 2:04pm

I have working traefik in front of Kuberntes-Dashboard, but when i add an Auth middleware K-dash reports "Logged In with Auth header" and in main window a 401.

Much more going on behind the scenes than my knowledge of authentication can deal with.

Lots of googling and not a lot found

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: k8s-dashboard-ingress
  namespace: kube-system
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(\`k8s.xyz.org\`) # Hostname to match
      kind: Rule
      services: 
        - name: traefik-kubernetes-dashboard
          port: 8443
          scheme: https
          passHostHeader: false
      middlewares:
        - name: auth
          namespace: kube-system
  tls:
    secretName: cert

jakubhajek · March 7, 2022, 5:41pm

hello @jamesarbrown

The response code 401 means that the request has not been authenticated. Would you please double-check that the Basic Auth middleware is correctly configured?

In one of my workshops I explained how to use the middleware:

Hope that helps.

Thank you,

Chakki1301 · September 21, 2022, 9:51pm

Did you sort this out ? Could you help me here please ?
https://k8-dashboard.xxxx.com
I'm getting "Internal Server Error"

This is what I've:

kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
  name: k8-dashboard
  namespace: kubernetes-dashboard
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`k8-dashboard.xxxxx.com`)
    kind: Rule
    services:
    - name: kubernetes-dashboard
      port: 443
    middlewares:
    #- name: linkerd-dashboard-auth
    #  namespace: kubernetes-dashboard
    - name: https-redirect
      namespace: kubernetes-dashboard
  tls:
    secretName: k8-dashboard-cert # same content as in traefik-cert
    domains:
      - main: k8-dashboard.xxxx.com

and

kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
  name: k8-dashboard-redirect
  namespace: kubernetes-dashboard
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`k8-dashboard.xxxx.com`)
    kind: Rule
    services:
    - name: kubernetes-dashboard
      port: 443
    middlewares:
    - name: https-redirect
      namespace: kubernetes-dashboard

NAME                                             READY   STATUS    RESTARTS   AGE
pod/dashboard-metrics-scraper-7c857855d9-vlf7z   1/1     Running   0          73m
pod/kubernetes-dashboard-6b79449649-k9vbr        1/1     Running   0          73m

NAME                                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
service/dashboard-metrics-scraper   ClusterIP   172.20.112.212   <none>        8000/TCP   73m
service/kubernetes-dashboard        ClusterIP   172.20.215.202   <none>        443/TCP    73m

NAME                                        READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/dashboard-metrics-scraper   1/1     1            1           73m
deployment.apps/kubernetes-dashboard        1/1     1            1           73m

NAME                                                   DESIRED   CURRENT   READY   AGE
replicaset.apps/dashboard-metrics-scraper-7c857855d9   1         1         1       73m
replicaset.apps/kubernetes-dashboard-6b79449649        1         1         1       73m

zim · December 23, 2022, 10:30pm

Hello @Chakki1301,

I have exactly the same issue, did you find a solution ?

Thank you in advance,

Chakki1301 · December 27, 2022, 7:33pm

No, just had to expose it using ngnix or webserver in the localhost or else monitoring tools like Datadog had all the details. Kubecost had a high level info as well.