kubernetes-dashboard is the first app that I install on a Kubernetes cluster and use on my clusters all the time.
On a cluster with Istio Service Mesh, we can expose services using Istio Ingress Gateway.
Using the following Gateway and VirtualService definitions you can expose your dashboard on Istio Ingress Gateway.
---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
name: dashboard-gateway
namespace: kubernetes-dashboard
spec:
selector:
istio: ingressgateway # use istio default ingress gateway
servers:
- port:
number: 443
name: https
protocol: HTTPS
tls:
mode: PASSTHROUGH
hosts:
- dashboard.example.com
---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
hosts:
- dashboard.example.com
gateways:
- dashboard-gateway
http:
tls:
- match:
- port: 443
sniHosts:
- dashboard.example.com
route:
- destination:
host: kubernetes-dashboard.kubernetes-dashboard.svc.cluster.local
port:
number: 443
This definitions will expose your dashboard from the Istio ingress host and port using the dashboard.example.com DNS. You can use Istio documentation for determining IP and port for the ingress gateway.
I found a similar article about exposing dashboard using Istio ingress that works to some point but it required editing kubernetes-dashboard and making it insecure to access and use.
This basic method doesn’t require any modification on the kubernetes-dashboard installation, since it uses TLS passthrough. However, because of the TLS passthrough certificate errors are seen on browsers.
Test Link to heading
Test the ingress with the following curl command.
curl -k -v --resolve "dashboard.example.com:$SECURE_INGRESS_PORT:$INGRESS_HOST" "https://dashboard.example.com:$SECURE_INGRESS_PORT"