Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Question] Traefik + Kubernetes + Let's Encrypt (ssl not used) #881

Closed
dweidenfeld opened this issue Nov 22, 2016 · 2 comments
Closed

[Question] Traefik + Kubernetes + Let's Encrypt (ssl not used) #881

dweidenfeld opened this issue Nov 22, 2016 · 2 comments
Labels
area/acme area/provider/k8s/ingress status/5-frozen-due-to-age

Comments

@dweidenfeld
Copy link

dweidenfeld commented Nov 22, 2016
edited
Loading

Hi there,

I hope this is my last question for today, but I am not getting further....

traefik.toml

[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
      entryPoint = "https"

  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]


[acme]
  email = "[email protected]"
  storageFile = "/config/acme.json"
  onDemand = true
  entryPoint = "https"

[[acme.domains]]
  main = "mydomain.de"
[[acme.domains]]
  main = "services.mydomain.de"

If I start my traefik ui ingress it is always routed to the default backend.

❯ kc -n kube-system describe ing
Name:                   traefik-web-ui
Namespace:              kube-system
Address:
Default backend:        default-http-backend:80 (<none>)
Rules:
  Host                  Path    Backends
  ----                  ----    --------
  services.mydomain.de
                        /       traefik-web-ui:http (5.189.168.81:8000)
Annotations:
No events.

So if I want to access https://services.mydomain.de or http://services.mydomain.de I am getting the 404 error page from the default-http-backend (I think).

ui.yaml

---
apiVersion: v1
kind: Service
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  selector:
    k8s-app: traefik-ingress-lb
  ports:
  - name: http
    port: 80
    targetPort: 8000
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: traefik-web-ui
  namespace: kube-system
spec:
  rules:
  - host: services.mydomain.de
    http:
      paths:
      - path: /
        backend:
          serviceName: traefik-web-ui
          servicePort: http

traefik.yaml

apiVersion: v1
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s-app: traefik-ingress-lb
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      terminationGracePeriodSeconds: 60
      hostNetwork: true
      volumes:
      - name: config
        hostPath:
          path: "/etc/traefik"
      containers:
      - image: traefik:v1.0.2
        name: traefik-ingress-lb
        resources:
          limits:
            cpu: 200m
            memory: 30Mi
          requests:
            cpu: 100m
            memory: 20Mi
        ports:
        - name: http
          containerPort: 80
          hostPort: 80
        - name: https
          containerPort: 443
          hostPort: 443
        - name: admin
          containerPort: 8000
        volumeMounts:
        - mountPath: "/config"
          name: config
        args:
        - --configfile=/config/traefik.toml
        - --web
        - --web.address=:8000
        - --kubernetes

All certificates are generated correctly, and https and http is accessible, but only with the 404 page.

Thank you 😄
@krancour
Copy link
Contributor

@dweidenfeld you could use the stable/traefik Helm chart to take most of the pain out of this. It just works. :)

@dweidenfeld
Copy link
Author

Thank you, I think I got it working...
I was just missing the [kubernetes] and defaultEntryPoints... here the full example

defaultEntryPoints = ["http", "https"]
[entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
      entryPoint = "https"

  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]

[kubernetes]
[acme]
  email = "[email protected]"
  storageFile = "/config/acme.json"
  onDemand = true
  entryPoint = "https"

[[acme.domains]]
  main = "mydomain.de"
[[acme.domains]]
  main = "services.mydomain.de"

@traefik traefik locked and limited conversation to collaborators Sep 1, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
area/acme area/provider/k8s/ingress status/5-frozen-due-to-age
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@dweidenfeld @krancour @ldez @traefiker