TLS issues routing to kubernetes-dashboard

Traefik Traefik v2 (latest)
1

Hi,

I'm trying to expose an ingress port to the kubernetes dashboard running in https via Traefik, but not having much luck. I'm using k3s.

Using cert-manager I've obtained certificates for the dashboard domain and reflected these into the kubernetes-dashboard namespace. I have then configured kubernetes-dashboard to use these following this guide: dashboard/installation.md at master · kubernetes/dashboard · GitHub

Then I defined an ingress route for the dashboard:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: kubernetes-dashboard
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: "traefik"
    traefik.ingress.kubernetes.io/service.serversscheme: https
spec:
  rules:
    - host: k8s.domain.co.uk
      http:  
        paths:
          - path: /
            pathType: Exact
            backend:
              service:
                name: kubernetes-dashboard
                port:
                  number: 443
  tls:
    - secretName: kubernetes-dashboard-certs
      hosts:
        - k8s.domain.co.uk

This matches, but I get a 500 internal server error navigating to it, with the kubernetes dashboard logs saying

2023/03/05 14:09:22 http: TLS handshake error from 10.42.0.8:58448: remote error: tls: bad certificate

There isn't anything in the traefik logs but it seems these might be restricted to errors only and I'm not sure how to change that, some debug logging would be useful. Edit: I have since managed to get debug logs and can see level=debug msg="'500 Internal Server Error' caused by: x509: cannot validate certificate for 10.42.0.3 because it doesn't contain any IP SANs"

From googling around it does appear to be an issue with the fact that the dashboard is using a https backend. However having read Forwarding to https backend fails · Issue #7462 · traefik/traefik · GitHub I think Traefik should be able to recognize the backend is https and not to attempt to connect over http, by the port number being 443 and also the annotation. I also found this traefik - SSL issue while reaching kubernetes dashboard - DevOps Stack Exchange but not sure it applies as I am not using the self-signed certs of the dashboard. Nevertheless I did try making an IngressRoute and ServiceTransport, but having deleted the ingress above any applying these I just get a 404.

Any help would be greatly appreciated!