Home » Devops » How To Setup K8S Dashboard and Nginx Ingress Controller For EKS Cluster with free ssl certificate.

How To Setup K8S Dashboard and Nginx Ingress Controller For EKS Cluster with free ssl certificate.

Kubernetes Ingress exposes HTTP and HTTPS routes from outside the cluster to Services within the k8s cluster. Traffic routing is controlled by rules defined on the ingress resource.

In this article, I’m going to explain how to deploy nginx ingress and k8s dashboard with free ssl certificate.

PREREQUISITES:

  • A Kubernetes cluster.
  • You should also have a configured copy of kubectl.

STEP 1: Install Helm

curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash

STEP 2: RBAC config for Tiller service account
cat << EOF > ~/rbac-tiller-config.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: tiller
  namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: tiller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
  - kind: ServiceAccoun
    name: tiller
    namespace: kube-system
EOF
kubectl apply -f rbac-tiller-config.yaml

STEP 3: Once we have Helm ready, you can initialize the local CLI and also install Tiller into your Kubernetes cluster in one step:

helm init --service-account tiller
STEP 4: Now we are ready to setup Nginx controller for K8S dashboard, this will create an internal ELB in AWS.
helm install --name nginx-ingress stable/nginx-ingress --set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-internal"=0.0.0.0/0

STEP 5: Create a Route53 record set to access load balancer with an FQDN.

EG: *.k8s.imsudo.com -> internal.elb

STEP 6: Generate SSL certificates for the domain, in this example, we are using https://sslforfree.com/ to generate the certificates for *.k8s.imsudo.com

STEP 7: Setup the TXT records in Route53 which was generated by http://sslforfree.com, after that download the certificate files from  https://sslforfree.com/

STEP 8: Combine CA Bundle and Certificate text in one file which you get it from http://sslforfree.com and run this following commands.

 

certificate | base64 > certificate.crt
sed -i 's/\n//g'certificate.crt
keys | base64 > keys
sed -i 's/\n//g'keys

 

cat << EOF > ~/secrets.yaml
apiVersion: v1
kind: Secret
metadata:
name: dasbhoard_secrets
namespace: default
type: kubernetes.io/tls
data:
tls.crt:  <keep the base64 encoded certificate which we got from previous commands>
tls.key:  <keep the base64 encoded keys which we got from previous commands>
EOF

 

kubectl apply -f ~/secrets.yaml

 

STEP 9: Use the following command to install K8S dashboard pods, service and deployment.

 

helm install stable/kubernetes-dashboard --name dashboard --set rbac.clusterAdminRole=true

 

cat << EOF > ~/k8s-dashboard-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: kubernetes-dashboard-ingress
namespace: default
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "true"
#   kubernetes.io/tls-acme: 'true'
nginx.ingress.kubernetes.io/secure-backends: "true"
spec:
rules:
- host: dashboard.imsudo.com
http:
paths:
- path: /
backend:
serviceName: dashboard-kubernetes-dashboard
servicePort: 443
tls:
- hosts:
- "dashboard.imsudo.com"
secretName: dasbhoard_secrets
EOF

 

kubectl apply -f ~/k8s-dashboard-ingress.yaml

STEP 10: To get the K8S token to log in to the dashboard

kubectl get secrets --all-namespaces

Find the secrets related to the dashboard service account and describe it, there you will find admin token for the dashboard login.

kubectl describe secret dasbhoard_secrets
By following the above steps you will be able to setup K8S dashboard and Nginx Ingress controller. If you find any difficulties please feel free to ask questions in the comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*

en_USEnglish
en_USEnglish