404 Help, please

I'm having trouble understanding why I'm getting 404 to my backend helloworld server with the following configuration:

apiVersion: v1
kind: Service
metadata:
  name: traefik
  namespace: $TRAEFIK_NAMESPACE
spec:
  externalTrafficPolicy: Local
  ports:
  - name: https
    port: 8443
    protocol: TCP
    targetPort: 8443
    nodePort: 32766
  selector:
    app: traefik
  type: NodePort
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: traefik
  name: traefik-ingress-controller
  namespace: $TRAEFIK_NAMESPACE
spec:
  replicas: 6
  selector:
    matchLabels:
      app: traefik
      name: traefik-ingress-controller
  template:
    metadata:
      labels:
        app: traefik
        name: traefik-ingress-controller
    spec:
      containers:
      - args:
        - --entrypoints.https=true
        - --entrypoints.https.address=:8443
        - --log=true
        - --log.level=error
        - --providers.kubernetescrd=true
        - --providers.kubernetescrd.ingressclass=shared-ingress
        image: traefik:v2.1.2
        imagePullPolicy: IfNotPresent
        name: traefik
        ports:
        - containerPort: 8443
          name: https
          protocol: TCP
      serviceAccount: traefik-ingress-controller
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
  strategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: helloworld-ingressroute
  namespace: hello
  annotations:
    kubernetes.io/ingress.class: shared-ingress
spec:
  entryPoints:
  - https
  routes:
  - match: Host(`helloworld.mydomain.com`)
    kind: Rule
    services:
    - name: helloworld
      port: 8081

What I want is traefik to use TLS on the front (self-signed cert is ok for now) and use non-TLS to the back. The helloworld service works as it is supposed to. What am I missing?

Some more information:

I added a plaintext entrypoint on port 8000 and I can hit my service just fine. Should I be able to have an HTTPS (TLS) entrypoint that routes to a non-HTTPS (non-TLS) backend?

For those that come across this, I believe I have figured it out. The key was this: https://docs.traefik.io/v2.1/routing/routers/#tls where it mentions that: "When a TLS section is specified, it instructs Traefik that the current router is dedicated to HTTPS requests only (and that the router should ignore HTTP (non TLS) requests). Traefik will terminate the SSL connections (meaning that it will send decrypted data to the services)." In the kubernetes-crd realm, this means adding an empty "tls" block to the ingressroute like so:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: helloworld-ingressroute
  namespace: hello
  annotations:
    kubernetes.io/ingress.class: shared-ingress
spec:
  tls: {}
  entryPoints:
  - https
  routes:
  - match: Host(`helloworld.mydomain.com`)
    kind: Rule
    services:
    - name: helloworld
      port: 8081
5 Likes

Thank you codeman9.
I had a similar problem and tls: {} solves it.
I think this topic deserves more attention .

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.