I am currently trying to expose the kubernetes dashboard via an internal ingress. I have this working for other services which do not utilize TLS themselves, but am unable to get this to work for the dashboard which has its own self signed cert. Below is what I have configured.
# Kubernetes Dashboard --- apiVersion: authentication.istio.io/v1alpha1 kind: Policy metadata: name: kubernetes-dashboard-disable-mtls namespace: kube-system spec: targets: - name: kubernetes-dashboard ports: - number: 443 --- apiVersion: networking.istio.io/v1alpha3 kind: DestinationRule metadata: name: kubernetes-dashboard namespace: kube-system spec: host: kubernetes-dashboard.kube-system.svc.cluster.local trafficPolicy: tls: mode: DISABLE --- apiVersion: networking.istio.io/v1alpha3 kind: Gateway metadata: annotations: kubernetes.io/ingress.class: internal name: kubernetes-dashboard-gateway namespace: kube-system spec: selector: istio: ilbgateway servers: - hosts: - kube-dashboard.domain port: name: https-kube-dashboard number: 443 protocol: HTTPS tls: mode: PASSTHROUGH --- apiVersion: networking.istio.io/v1alpha3 kind: VirtualService metadata: name: kubernetes-dashboard namespace: kube-system spec: gateways: - kubernetes-dashboard-gateway hosts: - kube-dashboard.domain http: - route: - destination: host: kubernetes-dashboard.kube-system.svc.cluster.local port: number: 443
Is there something about the destination rule I have misconfigured? Also please note I do have mtls enabled and required in the cluster.