Getting kubernetes-dashboard-certs using cert-manager and reflector #7571
Replies: 1 comment
-
| I've solved this particular issue by removing the existing kubernetes-dashboard-certs secret from the recommended yaml file, and specifying ReadOnly in the mount options for the secret within the deployment. However, I'm now having another issue where trying to navigate to the dashboard via the ingress I have set up is causing an internal server error, with the message 
 I tried changing the issuer on the certificate to use the production letsencrypt, but no luck. Here are the relevant sections of the yaml I'm using to apply the dashboard: # --- snip ---
       containers:
        - name: kubernetes-dashboard
          image: kubernetesui/dashboard:v2.7.0
          imagePullPolicy: Always
          ports:
            - containerPort: 8443
              protocol: TCP
          args:
            - --namespace=kubernetes-dashboard
            - --tls-cert-file=/tls.crt
            - --tls-key-file=/tls.key
          volumeMounts:
            - name: kubernetes-dashboard-certs
              mountPath: /certs
              readOnly: true
              # Create on-disk volume to store exec logs
            - mountPath: /tmp
              name: tmp-volume
# --- snip ---
      volumes:
        - name: kubernetes-dashboard-certs
          secret:
            secretName: kubernetes-dashboard-certs
        - name: tmp-volume
          emptyDir: {}and here is my ingress.yaml: apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: dashboard-ingress
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/ingress.class: "traefik"
spec:
  rules:
    - host: k8s.mydomain.com
      http:
        paths:
          - path: /
            pathType: Exact
            backend:
              service:
                name: kubernetes-dashboard
                port:
                  number: 443
  tls:
    - secretName: kubernetes-dashboard-certs
      hosts:
        - k8s.mydomain.com | 
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I'm trying to set up access to the dashboard via ingress. I'm following this guide to make the dashboard use my own certificates. I want to use a certificate from Let's Encrypt, so I created the following certificate.yaml:
This creates a secret called kubernetes-dashboard-certs as the guide describes, and I'm using Reflector to sync it to the kubernetes-dashboard namespace, as my
letsencrypt-stagingissuer is in the default namespace, so I assumed I couldn't create the certificate outside of the default namespace.This successfully gets a certificate and copies it to the kubernetes-dashboard namespace. However, when I try to apply the dashboard yaml I get the following error:
The Secret "kubernetes-dashboard-certs" is invalid: type: Invalid value: "Opaque": field is immutableThe secret created by cert-manager has the type set to
type: kubernetes.io/tls, but it does have the tls.crt and tls.key properties in data.Is there something I'm missing here or is it not possible to do it this way? Will I have to copy the secret data manually each time the certificate is renewed?
Beta Was this translation helpful? Give feedback.
All reactions