Expose EKS kubernetes dashboard via domain

by

Summary

To expose the EKS Kubernetes dashboard via a domain, you need to configure Route 53 and create an ingress resource. This will allow you to access the dashboard using a subdomain, such as http://kubernetes.mydomain.net, without the need for the kubectl proxy command.

Root Cause

The root cause of the issue is that the Kubernetes dashboard is only accessible through the kubectl proxy command, which is not a scalable or secure solution for production environments. The main causes are:

  • Lack of ingress configuration
  • No Route 53 setup for the subdomain
  • Insufficient security group rules

Why This Happens in Real Systems

This happens in real systems because:

  • Kubernetes clusters are often deployed in private subnets for security reasons
  • Ingress controllers are not properly configured to route traffic to the dashboard
  • DNS records are not updated to point to the ingress controller

Real-World Impact

The real-world impact of this issue is:

  • Limited accessibility to the Kubernetes dashboard
  • Increased security risk due to the use of kubectl proxy
  • Difficulty in monitoring and managing the cluster

Example or Code (if necessary and relevant)

# Create an ingress resource
kubectl apply -f ingress.yaml

# Update Route 53 records
aws route53 change-resource-record-sets --hosted-zone-id Z1234567890 --change-batch '{
  "Changes": [
    {
      "Action": "UPSERT",
      "ResourceRecordSet": {
        "Name": "kubernetes.mydomain.net",
        "Type": "A",
        "AliasTarget": {
          "DNSName": "ingress-controller-elb.amazonaws.com",
          "HostedZoneId": "Z1234567890",
          "EvaluateTargetHealth": false
        }
      }
    }
  ]
}'

How Senior Engineers Fix It

Senior engineers fix this issue by:

  • Creating an ingress resource to route traffic to the dashboard
  • Configuring Route 53 to point to the ingress controller
  • Updating security group rules to allow incoming traffic
  • Using SSL/TLS certificates to secure the connection

Why Juniors Miss It

Juniors may miss this issue because:

  • Lack of experience with Kubernetes and ingress controllers
  • Insufficient knowledge of Route 53 and DNS records
  • Overlooking security group rules and SSL/TLS certificates