I spent far too long chasing this issue and finally figured out how to get my kubeflow dashboard exposed, in my case from our domain:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: kubeflow-dashboard-ingress
labels:
app: istio-ingressgateway
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
# this is microk8s specific, likely nginx in other situations?
ingressClassName: public
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: istio-ingressgateway-workload
port:
number: 80
Then I pointed dex and oidc at it:
juju config dex-auth public-url=http://example.com
juju config oidc-gatekeeper public-url=http://example.com
Seems like the istio-ingressgateway-workload is required as the backend service as hinted at over here: Accessing the Kubeflow dashboard from other devices locally - getting started - Charmhub
I’m still getting my head around how this works, so am excited when it does.