404 Help, please

codeman9 · January 27, 2020, 6:33pm

I'm having trouble understanding why I'm getting 404 to my backend helloworld server with the following configuration:

apiVersion: v1
kind: Service
metadata:
  name: traefik
  namespace: $TRAEFIK_NAMESPACE
spec:
  externalTrafficPolicy: Local
  ports:
  - name: https
    port: 8443
    protocol: TCP
    targetPort: 8443
    nodePort: 32766
  selector:
    app: traefik
  type: NodePort

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: traefik
  name: traefik-ingress-controller
  namespace: $TRAEFIK_NAMESPACE
spec:
  replicas: 6
  selector:
    matchLabels:
      app: traefik
      name: traefik-ingress-controller
  template:
    metadata:
      labels:
        app: traefik
        name: traefik-ingress-controller
    spec:
      containers:
      - args:
        - --entrypoints.https=true
        - --entrypoints.https.address=:8443
        - --log=true
        - --log.level=error
        - --providers.kubernetescrd=true
        - --providers.kubernetescrd.ingressclass=shared-ingress
        image: traefik:v2.1.2
        imagePullPolicy: IfNotPresent
        name: traefik
        ports:
        - containerPort: 8443
          name: https
          protocol: TCP
      serviceAccount: traefik-ingress-controller
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
  strategy:
    rollingUpdate:
      maxUnavailable: 1
    type: RollingUpdate
---

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: helloworld-ingressroute
  namespace: hello
  annotations:
    kubernetes.io/ingress.class: shared-ingress
spec:
  entryPoints:
  - https
  routes:
  - match: Host(`helloworld.mydomain.com`)
    kind: Rule
    services:
    - name: helloworld
      port: 8081

What I want is traefik to use TLS on the front (self-signed cert is ok for now) and use non-TLS to the back. The helloworld service works as it is supposed to. What am I missing?

codeman9 · January 27, 2020, 10:00pm

Some more information:

I added a plaintext entrypoint on port 8000 and I can hit my service just fine. Should I be able to have an HTTPS (TLS) entrypoint that routes to a non-HTTPS (non-TLS) backend?

codeman9 · January 27, 2020, 10:11pm

For those that come across this, I believe I have figured it out. The key was this: https://docs.traefik.io/v2.1/routing/routers/#tls where it mentions that: "When a TLS section is specified, it instructs Traefik that the current router is dedicated to HTTPS requests only (and that the router should ignore HTTP (non TLS) requests). Traefik will terminate the SSL connections (meaning that it will send decrypted data to the services)." In the kubernetes-crd realm, this means adding an empty "tls" block to the ingressroute like so:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: helloworld-ingressroute
  namespace: hello
  annotations:
    kubernetes.io/ingress.class: shared-ingress
spec:
  tls: {}
  entryPoints:
  - https
  routes:
  - match: Host(`helloworld.mydomain.com`)
    kind: Rule
    services:
    - name: helloworld
      port: 8081

gorjdesign · October 25, 2020, 6:02pm

Thank you codeman9.
I had a similar problem and tls: {} solves it.
I think this topic deserves more attention .

system · October 28, 2020, 6:02pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Kubernetes CRD route trouble Traefik v2 kubernetes-crd	6	6137	July 10, 2020
Traefik 404 for every services - kubernetes ingress Traefik v1 kubernetes-ingress	3	10282	May 27, 2021
404 on some ingress route Traefik v2 kubernetes-crd , kubernetes-ingress	1	2248	September 16, 2021
Redirecting to https gives 404 error when using middlewares Traefik v2 kubernetes-crd , middleware	0	432	October 13, 2020
HTTP entrypoint 404s with 2.2.0-rc2 Traefik v2 kubernetes-crd , kubernetes-ingress	19	3298	March 27, 2020

404 Help, please

Related topics