Exposing Kubernetes Dashboard via Ingress

#1

I am currently trying to expose the kubernetes dashboard via an internal ingress. I have this working for other services which do not utilize TLS themselves, but am unable to get this to work for the dashboard which has its own self signed cert. Below is what I have configured.

# Kubernetes Dashboard
---
apiVersion: authentication.istio.io/v1alpha1
kind: Policy
metadata:
  name: kubernetes-dashboard-disable-mtls
  namespace: kube-system
spec:
  targets:
  - name: kubernetes-dashboard
    ports:
    - number: 443

---
apiVersion: networking.istio.io/v1alpha3
kind: DestinationRule
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  host: kubernetes-dashboard.kube-system.svc.cluster.local
  trafficPolicy:
    tls:
      mode: DISABLE

---
apiVersion: networking.istio.io/v1alpha3
kind: Gateway
metadata:
  annotations:
    kubernetes.io/ingress.class: internal
  name: kubernetes-dashboard-gateway
  namespace: kube-system
spec:
  selector:
    istio: ilbgateway
  servers:
  - hosts:
    - kube-dashboard.domain
    port:
      name: https-kube-dashboard
      number: 443
      protocol: HTTPS
    tls:
      mode: PASSTHROUGH

---
apiVersion: networking.istio.io/v1alpha3
kind: VirtualService
metadata:
  name: kubernetes-dashboard
  namespace: kube-system
spec:
  gateways:
  - kubernetes-dashboard-gateway
  hosts:
  - kube-dashboard.domain
  http:
  - route:
    - destination:
        host: kubernetes-dashboard.kube-system.svc.cluster.local
        port:
          number: 443

Is there something about the destination rule I have misconfigured? Also please note I do have mtls enabled and required in the cluster.

Thanks

0 Likes