I'm trying to expose an ingress port to the kubernetes dashboard running in https via Traefik, but not having much luck. I'm using k3s.
Using cert-manager I've obtained certificates for the dashboard domain and reflected these into the kubernetes-dashboard namespace. I have then configured kubernetes-dashboard to use these following this guide: dashboard/installation.md at master · kubernetes/dashboard · GitHub
Then I defined an ingress route for the dashboard:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: kubernetes-dashboard namespace: kubernetes-dashboard annotations: kubernetes.io/ingress.class: "traefik" traefik.ingress.kubernetes.io/service.serversscheme: https spec: rules: - host: k8s.domain.co.uk http: paths: - path: / pathType: Exact backend: service: name: kubernetes-dashboard port: number: 443 tls: - secretName: kubernetes-dashboard-certs hosts: - k8s.domain.co.uk
This matches, but I get a 500 internal server error navigating to it, with the kubernetes dashboard logs saying
2023/03/05 14:09:22 http: TLS handshake error from 10.42.0.8:58448: remote error: tls: bad certificate
There isn't anything in the traefik logs but it seems these might be restricted to errors only and I'm not sure how to change that, some debug logging would be useful. Edit: I have since managed to get debug logs and can see
level=debug msg="'500 Internal Server Error' caused by: x509: cannot validate certificate for 10.42.0.3 because it doesn't contain any IP SANs"
From googling around it does appear to be an issue with the fact that the dashboard is using a https backend. However having read Forwarding to https backend fails · Issue #7462 · traefik/traefik · GitHub I think Traefik should be able to recognize the backend is https and not to attempt to connect over http, by the port number being 443 and also the annotation. I also found this traefik - SSL issue while reaching kubernetes dashboard - DevOps Stack Exchange but not sure it applies as I am not using the self-signed certs of the dashboard. Nevertheless I did try making an IngressRoute and ServiceTransport, but having deleted the ingress above any applying these I just get a 404.
Any help would be greatly appreciated!