Install k3s with traefik

From Bitbull Wiki
Jump to navigation Jump to search

1 Kubernetes Dashboard on k3s with Traefik ingress controller

Kubernetes is a great Dashboard for Single Node K3S Setups. Personally, I tend to use custom tcp port for dashboard for security reaseon. But one time, I needed to wrap traffic into traefik which is default for k3s. Here are my notes.

1.1 Install Helm

curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | sh
helm completion bash > /etc/bash_completion.d/helm
grep KUBECONFIG $HOME/.bashrc || echo 'export KUBECONFIG=/etc/rancher/k3s/k3s.yaml' >> $HOME/.bashrc

1.2 Setup Dasboard Helm Repo

helm repo add kubernetes-dashboard https://kubernetes.github.io/dashboard/
helm upgrade --install kubernetes-dashboard kubernetes-dashboard/kubernetes-dashboard --create-namespace --namespace kubernetes-dashboard

1.3 Configure Ingress Object

kubectl config set-context --current --namespace kubernetes-dashboard

echo 'apiVersion: v1
kind: Service
metadata:
  name: kubernetes-dashboard-kong-proxy
  namespace: kubernetes-dashboard
spec:
  ports:
  - name: kong-proxy-tls
    port: 443
    targetPort: 8443
  selector:
    app.kubernetes.io/component: app
    app.kubernetes.io/instance: kubernetes-dashboard
    app.kubernetes.io/name: kong
  type: ClusterIP
---
apiVersion: traefik.io/v1alpha1
kind: ServersTransport
metadata:
  name: no-verify-tls
spec:
  insecureSkipVerify: true
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: kubernetes-dashboard-ingress
  namespace: kubernetes-dashboard
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`kubeadm.domain.tld`)
      kind: Rule
      services:
        - name: kubernetes-dashboard-kong-proxy
          port: 443
          serversTransport: no-verify-tls

' | kubectl apply -f -
    1. Create Admin User Authentication with Token
echo 'apiVersion: v1
kind: ServiceAccount
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: admin-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: admin-user
  namespace: kubernetes-dashboard
---
apiVersion: v1
kind: Secret
metadata:
  name: admin-user
  namespace: kubernetes-dashboard
  annotations:
    kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token
' | kubectl apply -f -

1.4 Fetch Token

kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d

1.5 Login

Retrieved from "http://www.bitbull.ch/wiki/index.php?title=Install_k3s_with_traefik&oldid=5896"