Asking for help? Comment out what you need so we can get more information to help you!
Cluster information:
Kubernetes version: v1.26.4+k3s1
Cloud being used: bare-metal
Installation method: standard k3s installation
Host OS: Debian Bullseye
CNI and version: don’t know how to find out
CRI and version: don’t know how to find out
I’m trying to get Kubernetes Dashboard v6.0.8 running behind a Cloudflare Tunnel (fka Argo Tunnel). Installation of Kubernetes Dashboard is done from the official Helm chart.
$ helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard --version 6.0.8
The problem I’m facing is that the Service that I’m addressing in my Cloudflare Ingress config uses HTTPS - instead of HTTP like all other ingresses I have so far, which work like a charm. AFAIK Cloudflare itself takes care of TLS/SSL when using the Tunnel feature, so I do not need the service to use HTTPS.
Here’s a log excerpt:
2023/10/09 08:23:05 Starting overwatch
2023/10/09 08:23:05 Using namespace: kubernetes-dashboard
2023/10/09 08:23:05 Using in-cluster config to connect to apiserver
2023/10/09 08:23:05 Using secret token for csrf signing
2023/10/09 08:23:05 Initializing csrf token from kubernetes-dashboard-csrf secret
2023/10/09 08:23:05 Empty token. Generating and storing in a secret kubernetes-dashboard-csrf
2023/10/09 08:23:05 Successful initial request to the apiserver, version: v1.26.4+k3s1
2023/10/09 08:23:05 Generating JWE encryption key
2023/10/09 08:23:05 New synchronizer has been registered: kubernetes-dashboard-key-holder-kubernetes-dashboard. Starting
2023/10/09 08:23:05 Starting secret synchronizer for kubernetes-dashboard-key-holder in namespace kubernetes-dashboard
2023/10/09 08:23:07 Initializing JWE encryption key from synchronized object
2023/10/09 08:23:07 no metrics provider selected, will not check metrics.
2023/10/09 08:23:07 Auto-generating certificates
2023/10/09 08:23:07 Successfully created certificates
2023/10/09 08:23:07 Serving securely on HTTPS port: 8443
2023/10/09 08:23:07 http: TLS handshake error from 10.42.0.63:42462: remote error: tls: bad certificate
2023/10/09 08:23:07 http: TLS handshake error from 10.42.0.63:42458: remote error: tls: bad certificate
2023/10/09 08:23:07 http: TLS handshake error from 10.42.0.63:42466: remote error: tls: bad certificate
2023/10/09 08:23:07 http: TLS handshake error from 10.42.0.62:43510: remote error: tls: bad certificate
2023/10/09 08:23:07 http: TLS handshake error from 10.42.0.62:43512: remote error: tls: bad certificate
2023/10/09 08:23:07 http: TLS handshake error from 10.42.0.62:43520: remote error: tls: bad certificate
2023/10/09 08:23:07 http: TLS handshake error from 10.42.0.62:43526: remote error: tls: bad certificate
2023/10/09 08:23:07 http: TLS handshake error from 10.42.0.62:43530: remote error: tls: bad certificate
2023/10/09 08:23:07 http: TLS handshake error from 10.42.0.62:43528: remote error: tls: bad certificate
I have not figured out yet how to turn it into a HTTP service, or if that’s even the way to go.
Has anyone managed to get this running? How do I do that?
Thanks!
Update 1
I have already successfully tried to create a certificate using Let’s Encrypt (staging) and Cloudflare DNS01 solver for the domain through which I want to access the Dashboard. A secret is generated with two keys tls.key and tls.cert, the Certificate is Ready. I do not know however how to integrate that with the Service. Or if that’s even going to work at all. It was basically a shot in the dark.