search

rancher / rio

Application Deployment Engine for Kubernetes
https://rio.io
Apache License 2.0
2.27k stars 228 forks source link

Dashboard access via http #1055

Open gilsdav opened 4 years ago

gilsdav commented 4 years ago

Describe the bug

I installed RIO on local k3s cluster. The only option that is not compatible with local cluster is lets-encrypt so I don't have https.

Service deployment works fine with good on-rio.rio sub domain.

I can see here that we must have https to access to the dashboard. I have now an infinit Waiting for dashboard service to be ready

No AppEndpoints found in the dashboard service status. Only have (with this command: kubectl edit svc dashboard -n rio-system):

status:
  loadBalancer: {}

To Reproduce

  1. Install rio without Lets-encrypt (response number 3 on interactive LE email question)
  2. Run rio dashboard

Expected behavior

Get an http link of the dashboard if let-encrypt is disabled ("letsencrypt":{"enabled":false,"description":"Let's Encrypt"} in rio-config configMap).

Kubernetes version & type (GKE, on-prem): kubectl version

k3s on-prem

Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.8", GitCommit:"9f2892aab98fe339f3bd70e3c470144299398ace", GitTreeState:"clean", BuildDate:"2020-08-13T16:12:48Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"windows/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.6+k3s1", GitCommit:"6f56fa1d68a5a48b8b6fdefa8eb7ead2015a4b3a", GitTreeState:"clean", BuildDate:"2020-07-16T20:46:15Z", GoVersion:"go1.13.11", Compiler:"gc", Platform:"linux/amd64"}

Type: Rio version: rio info

Rio Version: v0.8.0-rc2 (04372696)
Rio CLI Version: v0.8.0-rc2 (04372696)
Cluster Domain: ******.on-rio.io
Cluster Domain IPs: ***.**.***.*
System Namespace: rio-system
Wildcard certificates: ******.on-rio.io(false)
StrongMonkey commented 4 years ago

@gilsdav CLI will always wait for dashboard to have https link, which means you have either enable lets encrypt or provide your own certs. Dashboard doesn't work at this time if accessed with http protocol. If you really want the http link, rio -s ps should give you the link.

gilsdav commented 4 years ago

@StrongMonkey Thank's for your answer. I didn't know the -s. I tried to access to the http dashboard but get a 503. Probably because the CLI never did all it's job (after it detect the https). I will try to add celf-sign certificate. Do you have an ressource/documentation to add it easily ?

StrongMonkey commented 4 years ago

Two places you can add

  1. using a publidomain https://github.com/rancher/rio/blob/v0.6.0/docs/publicdomain-external-services.md#publicdomain for dashboard service and certs
  2. https://github.com/rancher/rio/blob/master/docs/faq.md. Configure a custom domain and self sign wildcard certs for your custom domain.
gilsdav commented 4 years ago

Thanks I tried to add secretName: default-tls into the existing ClusterDomain (with rio rdns) after creating this secret. But nothing changed :/ Https seems not to be enabled. Wildcard certificates: ....on-rio.io(false)