2

Trying to make kubernetes-dashboard accessible from the outside world on an AWS EKS cluster using and alb ingress.

Everything looks fine and deployed.

I can access the running dashboard using kubectl proxy but not via the custom domain k8s-dashboard.uat.custom-domain.com configured on the ingress.

DNS records look OK, I am using external-dns to automatically insert A records for the ingress host. Nslookup works therefore.

I get a http 400 on the browser after passing through the cognito IAM check fronting the ingress.

HOME % kubectl describe service/kubernetes-dashboard -n kube-system
Name:                     kubernetes-dashboard
Namespace:                kube-system
Labels:                   app.kubernetes.io/component=kubernetes-dashboard
                          app.kubernetes.io/instance=kube-system
                          app.kubernetes.io/managed-by=Helm
                          app.kubernetes.io/name=kubernetes-dashboard
                          app.kubernetes.io/version=2.5.1
                          helm.sh/chart=kubernetes-dashboard-5.4.1
                          kubernetes.io/cluster-service=true
Annotations:              meta.helm.sh/release-name: kube-system
                          meta.helm.sh/release-namespace: kube-system
Selector:                 app.kubernetes.io/component=kubernetes-dashboard,app.kubernetes.io/instance=kube-system,app.kubernetes.io/name=kubernetes-dashboard
Type:                     NodePort
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       999.999.999.999
IPs:                      999.999.999.999
Port:                     https  443/TCP
TargetPort:               https/TCP
NodePort:                 https  30838/TCP
Endpoints:                888.888.888.888:8443
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

HOME % kubectl describe ingress k8s-dashboard-ingress -n kube-system                   
Name:             k8s-dashboard-ingress
Labels:           app.kubernetes.io/managed-by=Helm
Namespace:        kube-system
Address:          k8s-kubesyst-k8sdashb-<code>-<code>.<region-code>.elb.amazonaws.com
Ingress Class:    alb
Default backend:  <default>
Rules:
  Host                                   Path  Backends
  ----                                   ----  --------
  k8s-dashboard.uat.custom-domain.com  
                                         /   kubernetes-dashboard:443 (888.888.888.888:8443)
Annotations:                             alb.ingress.kubernetes.io/auth-idp-cognito:
                                           {"userPoolARN":"arn:aws:cognito-idp:<region-code>:<account_id>:userpool/<region-code>_<code>","userPoolClientID":"<code>","...
                                         alb.ingress.kubernetes.io/auth-scope: phone email openid
                                         alb.ingress.kubernetes.io/auth-type: cognito
                                         alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:<region-code>:<account_id>:certificate/<uuid>
                                         alb.ingress.kubernetes.io/healthcheck-path: /api/health
                                         alb.ingress.kubernetes.io/listen-ports: [{"HTTP":80},{"HTTPS":443}]
                                         alb.ingress.kubernetes.io/scheme: internet-facing
                                         alb.ingress.kubernetes.io/ssl-redirect: 443
                                         alb.ingress.kubernetes.io/target-type: ip
                                         meta.helm.sh/release-name: kube-system
                                         meta.helm.sh/release-namespace: kube-system
Events:                                  <none>

What could I be doing wrong?

arinray
  • 178
  • 1
  • 12

0 Answers0