Hey guys,
I am having a slight issue with my dashboard displaying a 404 but not for the metrics.I feel like I have played around with it a bit and can confirm the following:
- It is hitting the middlewares as it does the http->https redirect and also basicAuth
- The metrics endpoint works but the dashboard endpoint fails?
- The redirect is happening to /dashboard/ works and but still returns a 404
config.toml
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.http.redirections]
[entryPoints.http.http.redirections.entryPoint]
to = "https"
scheme = "https"
[entryPoints.https]
address = ":443"
[serverTransport]
insecureSkipVerify = true
[api]
[accessLog]
[[tls.certificates]]
certFile = "/certificates/tls.cert"
keyFile = "/certificates/tls.key"
[metrics]
[metrics.prometheus]
buckets = [0.1,0.3,1.2,5.0]
[providers]
[providers.kubernetesIngress]
[providers.kubernetescrd]
service.tf:
resource "kubernetes_service" "dashboard" {
metadata {
name = "traefik-dashboard"
namespace = local.traefik_namespace
}
spec {
port {
name = "dashboard"
protocol = "TCP"
port = 8080
}
selector = {
k8s-app = kubernetes_deployment.traefik_ingress_controller.metadata[0].labels.k8s-app
}
}
}
controller.tf
resource "kubernetes_deployment" "traefik_ingress_controller" {
lifecycle {
ignore_changes = [metadata[0].annotations]
}
metadata {
name = "traefik-ingress-controller"
namespace = local.traefik_namespace
labels = {
k8s-app = local.traefik-app
}
}
spec {
replicas = 1
selector {
match_labels = {
k8s-app = local.traefik-app
name = local.traefik-app
}
}
template {
metadata {
labels = {
k8s-app = local.traefik-app
name = local.traefik-app
}
}
spec {
volume {
name = "config"
config_map {
name = kubernetes_config_map.traefik_config.metadata[0].name
}
}
volume {
name = "certificates"
secret {
secret_name = kubernetes_secret.management_certs.metadata[0].name
}
}
container {
name = local.traefik-app
image = "traefik:v2.2"
args = [
"--configFile=/config/traefik.toml",
"--providers.kubernetesIngress",
"--providers.kubernetescrd"
]
port {
name = "http"
host_port = 80
container_port = 80
}
port {
name = "https"
host_port = 443
container_port = 443
}
volume_mount {
name = "config"
mount_path = "/config"
read_only = true
}
volume_mount {
name = "certificates"
mount_path = "/certificates"
read_only = true
}
security_context {
capabilities {
drop = ["ALL"]
add = ["NET_BIND_SERVICE"]
}
}
image_pull_policy = "Always"
}
termination_grace_period_seconds = 60
service_account_name = local.kubernetes_service_account_name
automount_service_account_token = true
host_network = true
}
}
strategy {
type = "RollingUpdate"
rolling_update {
max_surge = 1
}
}
}
}
Ingress:
resource "kubernetes_ingress" "traefik_web_ui" {
metadata {
name = "traefik-web-ui"
namespace = local.traefik_namespace
annotations = {
"kubernetes.io/ingress.class" = "traefik"
"traefik.ingress.kubernetes.io/router.middlewares" = "management-mgmt-auth@kubernetescrd"
"traefik.ingress.kubernetes.io/router.tls" = true
}
}
spec {
rule {
host = "${var.traefik_mgmt_name}.${var.traefik_mgmt_domain}"
http {
path {
backend {
service_name = kubernetes_service.dashboard.metadata[0].name
}
}
}
}
rule {
host = var.traefik_mgmt_name
http {
path {
backend {
service_name = kubernetes_service.dashboard.metadata[0].name
}
}
}
}
tls {
secret_name = "ssl-certs"
}
}
}
Any ideas on why this would be occuring? It seems like my defaults are enabled so there shouldn't be a reason it doesn't hit the dashboard endpoint.
Main change that was made was enabled the http redirect using the built in service.
Thanks in advance, appreciate the work your doing.