Deploying kube-ingress-dash with Helm
The recommended way to deploy kube-ingress-dash to Kubernetes is using the official Helm chart. This guide provides practical deployment scenarios, configuration examples, and troubleshooting tips to help you get started quickly.
Prerequisites
- Helm 3.0+ installed
- Kubernetes cluster with kubectl configured
- Appropriate RBAC permissions to create ClusterRole and ClusterRoleBinding
Quick Start
Install kube-ingress-dash with default settings:
helm install kube-ingress-dash \
oci://ghcr.io/wasilak/kube-ingress-dash-chart \
--version 0.3.1
OCI Registry
The chart is published to GitHub Container Registry (GHCR) as an OCI artifact. This is the modern Helm 3 approach and doesn't require adding a traditional Helm repository.
Deployment Scenarios
Scenario 1: Development/Testing Environment
For quick testing in a development cluster with minimal resources:
# dev-values.yaml
replicaCount: 1
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 256Mi
# Use port-forward for access
service:
type: ClusterIP
port: 3000
Deploy:
helm install kube-ingress-dash \
oci://ghcr.io/wasilak/kube-ingress-dash-chart \
--version 0.3.1 \
--namespace kube-ingress-dash \
--create-namespace \
--values dev-values.yaml
Scenario 2: Production Environment with Ingress
For production deployment with external access via ingress controller:
# prod-values.yaml
replicaCount: 2
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
# Enable autoscaling for production workloads
autoscaling:
enabled: true
minReplicas: 2
maxReplicas: 5
targetCPUUtilizationPercentage: 80
# Configure ingress for external access
ingress:
enabled: true
className: nginx
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
nginx.ingress.kubernetes.io/ssl-redirect: "true"
hosts:
- host: ingress-dash.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: ingress-dash-tls
hosts:
- ingress-dash.example.com
# Add pod annotations for monitoring
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "3000"
prometheus.io/path: "/api/health"
Deploy:
helm install kube-ingress-dash \
oci://ghcr.io/wasilak/kube-ingress-dash-chart \
--version 0.3.1 \
--namespace kube-ingress-dash \
--create-namespace \
--values prod-values.yaml
Scenario 3: Multi-Cluster Monitoring
For monitoring ingresses across multiple clusters with custom image:
# multi-cluster-values.yaml
# Use a custom image with additional monitoring tools
image:
repository: ghcr.io/wasilak/kube-ingress-dash
tag: "0.3.1"
pullPolicy: IfNotPresent
replicaCount: 1
# Configure environment variables
env:
- name: LOG_LEVEL
value: "info"
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
# Use LoadBalancer for direct access
service:
type: LoadBalancer
port: 3000
# Configure node affinity for dedicated monitoring nodes
affinity:
- nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
preference:
matchExpressions:
- key: node-role.kubernetes.io/monitoring
operator: In
values:
- "true"
Deploy:
helm install kube-ingress-dash \
oci://ghcr.io/wasilak/kube-ingress-dash-chart \
--version 0.3.1 \
--namespace monitoring \
--create-namespace \
--values multi-cluster-values.yaml
Common Configuration Examples
Custom Image Configuration
Use a specific image version or private registry:
image:
repository: your-registry.example.com/kube-ingress-dash
tag: "v1.2.3"
pullPolicy: Always
imagePullSecrets:
- name: registry-credentials
Resource Limits and Requests
Set appropriate resource limits based on your cluster size:
# For small clusters (< 50 ingresses)
resources:
requests:
cpu: 50m
memory: 64Mi
limits:
cpu: 200m
memory: 256Mi
# For medium clusters (50-200 ingresses)
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 500m
memory: 512Mi
# For large clusters (> 200 ingresses)
resources:
requests:
cpu: 200m
memory: 256Mi
limits:
cpu: 1000m
memory: 1Gi
Ingress Configuration Examples
NGINX Ingress Controller
ingress:
enabled: true
className: nginx
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/ssl-redirect: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
hosts:
- host: ingress-dash.example.com
paths:
- path: /
pathType: Prefix
tls:
- secretName: ingress-dash-tls
hosts:
- ingress-dash.example.com
Traefik Ingress Controller
ingress:
enabled: true
className: traefik
annotations:
traefik.ingress.kubernetes.io/router.entrypoints: websecure
traefik.ingress.kubernetes.io/router.tls: "true"
hosts:
- host: ingress-dash.example.com
paths:
- path: /
pathType: Prefix
AWS ALB Ingress Controller
ingress:
enabled: true
className: alb
annotations:
alb.ingress.kubernetes.io/scheme: internet-facing
alb.ingress.kubernetes.io/target-type: ip
alb.ingress.kubernetes.io/listen-ports: '[{"HTTPS":443}]'
alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:region:account:certificate/xxx
hosts:
- host: ingress-dash.example.com
paths:
- path: /
pathType: Prefix
High Availability Configuration
Enable autoscaling and configure pod disruption budgets:
replicaCount: 3
autoscaling:
enabled: true
minReplicas: 3
maxReplicas: 10
targetCPUUtilizationPercentage: 70
targetMemoryUtilizationPercentage: 80
# Configure rolling update strategy
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
# Add pod anti-affinity for better distribution
affinity:
- podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- kube-ingress-dash
topologyKey: kubernetes.io/hostname
Security Hardening
Configure security contexts and RBAC:
# Run as non-root user
podSecurityContext:
runAsNonRoot: true
runAsUser: 1000
fsGroup: 1000
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop:
- ALL
# Customize RBAC
rbac:
create: true
enabled: true
clusterRoleName: "kube-ingress-dash-viewer"
clusterRoleBinding: true
Installation Options
Install to Specific Namespace
helm install kube-ingress-dash \
oci://ghcr.io/wasilak/kube-ingress-dash-chart \
--version 0.3.1 \
--namespace kube-ingress-dash \
--create-namespace
Install with Custom Values
Create a values.yaml file with your customizations and install:
helm install kube-ingress-dash \
oci://ghcr.io/wasilak/kube-ingress-dash-chart \
--version 0.3.1 \
--values values.yaml
Install with Inline Values
For quick testing, you can set values directly:
helm install kube-ingress-dash \
oci://ghcr.io/wasilak/kube-ingress-dash-chart \
--version 0.3.1 \
--set replicaCount=2 \
--set resources.requests.cpu=100m \
--set resources.requests.memory=128Mi
Configuration Reference
For a complete list of all available configuration options and their default values, see the auto-generated Chart README.
The chart provides extensive configuration options including:
- Image Configuration: Repository, tag, pull policy, and secrets
- Deployment Settings: Replica count, update strategy, and pod annotations
- Service Configuration: Type, ports, and annotations
- Ingress Settings: Hosts, paths, TLS, and annotations
- RBAC Configuration: ClusterRole, ClusterRoleBinding, and ServiceAccount
- Resource Management: CPU/memory requests and limits
- Autoscaling: HPA configuration with CPU/memory targets
- Health Checks: Liveness and readiness probe settings
- Security: Pod security contexts and container security contexts
- Scheduling: Node selectors, tolerations, and affinity rules
Key Configuration Options
| Parameter | Description | Default |
|---|---|---|
image.repository | Container image repository | ghcr.io/wasilak/kube-ingress-dash |
image.tag | Container image tag | Chart appVersion |
replicaCount | Number of replicas | 1 |
service.type | Kubernetes service type | ClusterIP |
service.port | Service port | 3000 |
ingress.enabled | Enable ingress | false |
rbac.create | Create RBAC resources | true |
rbac.clusterRoleBinding | Create ClusterRoleBinding | true |
resources | CPU/Memory resource requests/limits | {} |
autoscaling.enabled | Enable horizontal pod autoscaling | false |
Upgrading
Upgrade to a new version:
helm upgrade kube-ingress-dash \
oci://ghcr.io/wasilak/kube-ingress-dash-chart \
--version 0.3.1 \
--values values.yaml
Check the upgrade status:
helm status kube-ingress-dash
helm history kube-ingress-dash
Uninstalling
Remove the deployment:
helm uninstall kube-ingress-dash
warning
This will remove all resources created by the chart, including the ClusterRole and ClusterRoleBinding.
Accessing the Dashboard
After installation, follow the instructions in the Helm output to access the dashboard.
Port Forward (Default)
If using the default ClusterIP service:
kubectl port-forward svc/kube-ingress-dash 8080:3000
Then open http://localhost:8080 in your browser.
Ingress
If you enabled ingress, access the dashboard at your configured hostname (e.g., https://ingress-dash.example.com).
LoadBalancer
If you set service.type: LoadBalancer:
kubectl get svc kube-ingress-dash
Access the dashboard at the external IP shown.
Troubleshooting
Common Issues and Solutions
Issue: Pod Not Starting
Symptoms:
- Pod stuck in
PendingorCrashLoopBackOffstate - Error messages in pod events
Solutions:
- Check pod status and events:
kubectl get pods -l app.kubernetes.io/name=kube-ingress-dash
kubectl describe pod <pod-name>
- Check resource availability:
kubectl describe nodes
- Verify resource limits aren't too restrictive:
resources:
requests:
cpu: 50m # Lower if nodes are resource-constrained
memory: 64Mi
- Check image pull issues:
kubectl get events --sort-by='.lastTimestamp'
If image pull fails, verify imagePullSecrets are configured correctly.
Issue: RBAC Permission Errors
Symptoms:
- Dashboard shows "Forbidden" or "Unauthorized" errors
- Logs show 403 errors when accessing Kubernetes API
Solutions:
- Verify RBAC resources exist:
kubectl get clusterrole kube-ingress-dash-viewer
kubectl get clusterrolebinding kube-ingress-dash-rolebinding
kubectl get serviceaccount kube-ingress-dash-viewer -n <namespace>
- Check ClusterRole permissions:
kubectl describe clusterrole kube-ingress-dash-viewer
- Ensure the ServiceAccount is bound correctly:
kubectl describe clusterrolebinding kube-ingress-dash-rolebinding
- If using custom RBAC, ensure these permissions are granted:
rules:
- apiGroups: ["networking.k8s.io"]
resources: ["ingresses"]
verbs: ["get", "list", "watch"]
- apiGroups: [""]
resources: ["namespaces"]
verbs: ["get", "list"]
See RBAC Setup for detailed configuration.
Issue: Cannot Access Dashboard
Symptoms:
- Cannot reach dashboard URL
- Connection timeout or refused
Solutions:
- Verify service is running:
kubectl get svc kube-ingress-dash
- Check pod logs for errors:
kubectl logs -l app.kubernetes.io/name=kube-ingress-dash
- For ClusterIP service, use port-forward:
kubectl port-forward svc/kube-ingress-dash 8080:3000
- For Ingress, verify ingress resource:
kubectl get ingress kube-ingress-dash
kubectl describe ingress kube-ingress-dash
- Check ingress controller logs:
# For NGINX
kubectl logs -n ingress-nginx -l app.kubernetes.io/name=ingress-nginx
# For Traefik
kubectl logs -n traefik -l app.kubernetes.io/name=traefik
Issue: High Memory Usage
Symptoms:
- Pod being OOMKilled
- High memory consumption in metrics
Solutions:
- Increase memory limits:
resources:
limits:
memory: 512Mi # Increase based on cluster size
- Check for memory leaks in logs:
kubectl logs -l app.kubernetes.io/name=kube-ingress-dash --tail=100
- Monitor memory usage:
kubectl top pod -l app.kubernetes.io/name=kube-ingress-dash
Issue: Ingress Not Working
Symptoms:
- Ingress resource created but not accessible
- 404 or 502 errors
Solutions:
- Verify ingress controller is installed:
kubectl get pods -n ingress-nginx # or your ingress controller namespace
- Check ingress resource status:
kubectl describe ingress kube-ingress-dash
- Verify ingress class matches your controller:
ingress:
className: nginx # Must match your ingress controller
- Check DNS resolution:
nslookup ingress-dash.example.com
- Verify TLS certificate (if using HTTPS):
kubectl get certificate -n <namespace>
kubectl describe certificate ingress-dash-tls
Issue: Helm Install/Upgrade Fails
Symptoms:
- Helm command returns error
- Release in failed state
Solutions:
- Check Helm release status:
helm list -n <namespace>
helm status kube-ingress-dash -n <namespace>
- View detailed error:
helm get manifest kube-ingress-dash -n <namespace>
- Rollback to previous version:
helm rollback kube-ingress-dash -n <namespace>
- Uninstall and reinstall if necessary:
helm uninstall kube-ingress-dash -n <namespace>
helm install kube-ingress-dash \
oci://ghcr.io/wasilak/kube-ingress-dash-chart \
--version 0.3.1 \
--namespace <namespace> \
--values values.yaml
Debugging Commands
Useful commands for troubleshooting:
# Check pod status
kubectl get pods -l app.kubernetes.io/name=kube-ingress-dash
# View pod logs
kubectl logs -l app.kubernetes.io/name=kube-ingress-dash
# Follow logs in real-time
kubectl logs -l app.kubernetes.io/name=kube-ingress-dash -f
# Get pod events
kubectl get events --field-selector involvedObject.name=<pod-name>
# Verify RBAC
kubectl get clusterrole kube-ingress-dash-viewer
kubectl get clusterrolebinding kube-ingress-dash-rolebinding
# Check service endpoints
kubectl get endpoints kube-ingress-dash
# Test connectivity from within cluster
kubectl run -it --rm debug --image=curlimages/curl --restart=Never -- \
curl http://kube-ingress-dash.default.svc.cluster.local:3000/api/health
# Check resource usage
kubectl top pod -l app.kubernetes.io/name=kube-ingress-dash
Getting Help
If you encounter issues not covered here:
- Check the GitHub Issues
- Review the Chart README for all configuration options
- See RBAC Setup for permission-related issues
- Check Error Handling documentation
Related Documentation
- Chart README - Complete auto-generated values reference
- RBAC Setup - Detailed RBAC configuration
- Docker Deployment - Alternative deployment method
- From Source - Development deployment
- Error Handling - Understanding error messages