How to to configure Ingress when deploying on K3S with Traefik?

[djpirra]

What would you like to be added?

Add values.yaml instructions on how to configure ingress to be set on K3S when using default ingress Traefik.

Why is this needed?

Additional support for Traefik.

[gitisz]

I can't figure this out either. Documentation only supports kubectl proxy and all othe examples I find are out of date.

[l0ner]

I have managed to expose the dashboard through traefik ingress by ignoring the helm-generated ingress, and disabling kong proxy.

My helm values file

...
kong:
  enabled: false
...

Ingress:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: dashboard-http-redirect
  namespace: kube-dashboard
spec:
  redirectScheme:
    scheme: https
    permanent: true
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-http-redirect
  namespace: kube-dashboard
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web
    # MUST be <namespace>-<name>@kubernetescrd
    traefik.ingress.kubernetes.io/router.middlewares: kube-dashboard-dashboard-http-redirect@kubernetescrd
spec:
  rules:
  - host: dashboard-ingress.k3s.local
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: kubernetes-dashboard-web
            port:
              number: 8000
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-https
  namespace: kube-dashboard
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  rules:
    - host: dashboard-ingress.k3s.local
      http:
        paths:
          - path: /api/v1/login
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard-auth
                port:
                  number: 8000
          - path: /api/v1/csrftoken/login
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard-auth
                port:
                  number: 8000
          - path: /api/v1/me
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard-auth
                port:
                  number: 8000
          - path: /api
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard-api
                port:
                  number: 8000
          - path: /metrics
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard-api
                port:
                  number: 8000
          - path: /
            pathType: Prefix
            backend:
              service:
                name: kubernetes-dashboard-web
                port:
                  number: 8000

Please note that i generate three thing in the ingress.

1. Middleware that will redirect http to https
2. Ingress for the http
3. Actual ingress on https

The dashboard cannot be exposed on http. It will work on http, but you will not be able to login. See #9252 and #9448 (in particular #9448 (comment))

[gitisz]

l0ner this solution worked for me, many thanks! One small change, added the TLS secret from Let's Encrypt...

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-https
  namespace: kubernetes-dashboard
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  tls:
    - hosts:
        - ${kubernetes_dashboard_fqdn}
      secretName: kubernetes-dashboard-${kubernetes_dashboard_cloudflare_dns_secret_name_prefix}-${kubernetes_dashboard_issuer_environment}-tls
  rules:
    - host: ${kubernetes_dashboard_fqdn}
      http:
        paths:

https://github.com/gitisz/tofu-xen-k3s/blob/main/deployments/kubernetes-dashboard/k8s-dashboard-ingress.yaml#L41-L44