404 on Dashboard but endpoints work

Hey guys,

I am having a slight issue with my dashboard displaying a 404 but not for the metrics.I feel like I have played around with it a bit and can confirm the following:

  • It is hitting the middlewares as it does the http->https redirect and also basicAuth
  • The metrics endpoint works but the dashboard endpoint fails?
  • The redirect is happening to /dashboard/ works and but still returns a 404

config.toml


[entryPoints]
  [entryPoints.http]
    address = ":80"
    [entryPoints.http.http.redirections]
      [entryPoints.http.http.redirections.entryPoint]
        to = "https"
        scheme = "https"
  
  [entryPoints.https]
    address = ":443"
    
[serverTransport]
  insecureSkipVerify = true

[api]

[accessLog]

[[tls.certificates]]
  certFile = "/certificates/tls.cert"
  keyFile = "/certificates/tls.key"

[metrics]
  [metrics.prometheus]
    buckets = [0.1,0.3,1.2,5.0]

[providers]
  [providers.kubernetesIngress]
  [providers.kubernetescrd]

service.tf:

resource "kubernetes_service" "dashboard" {
  metadata {
    name      = "traefik-dashboard"
    namespace = local.traefik_namespace
  }

  spec {
    port {
      name     = "dashboard"
      protocol = "TCP"
      port     = 8080
    }

    selector = {
      k8s-app = kubernetes_deployment.traefik_ingress_controller.metadata[0].labels.k8s-app
    }
  }
}

controller.tf

resource "kubernetes_deployment" "traefik_ingress_controller" {
  lifecycle {
    ignore_changes = [metadata[0].annotations]
  }
  metadata {
    name      = "traefik-ingress-controller"
    namespace = local.traefik_namespace

    labels = {
      k8s-app = local.traefik-app
    }
  }

  spec {
    replicas = 1
    selector {
      match_labels = {
        k8s-app = local.traefik-app
        name    = local.traefik-app
      }
    }
    template {
      metadata {
        labels = {
          k8s-app = local.traefik-app
          name    = local.traefik-app
        }
      }

      spec {
        volume {
          name = "config"
          config_map {
            name = kubernetes_config_map.traefik_config.metadata[0].name
          }
        }

        volume {
          name = "certificates"
          secret {
            secret_name = kubernetes_secret.management_certs.metadata[0].name
          }
        }

        container {
          name  = local.traefik-app
          image = "traefik:v2.2"
          args = [
            "--configFile=/config/traefik.toml",
            "--providers.kubernetesIngress",
            "--providers.kubernetescrd"
          ]

          port {
            name           = "http"
            host_port      = 80
            container_port = 80
          }

          port {
            name           = "https"
            host_port      = 443
            container_port = 443
          }

          volume_mount {
            name       = "config"
            mount_path = "/config"
            read_only  = true
          }

          volume_mount {
            name       = "certificates"
            mount_path = "/certificates"
            read_only  = true
          }

          security_context {
            capabilities {
              drop = ["ALL"]
              add  = ["NET_BIND_SERVICE"]
            }
          }

          image_pull_policy = "Always"
        }

        termination_grace_period_seconds = 60
        service_account_name             = local.kubernetes_service_account_name
        automount_service_account_token  = true
        host_network                     = true
      }
    }

    strategy {
      type = "RollingUpdate"
      rolling_update {
        max_surge = 1
      }
    }
  }
}

Ingress:

resource "kubernetes_ingress" "traefik_web_ui" {
  metadata {
    name      = "traefik-web-ui"
    namespace = local.traefik_namespace

    annotations = {
      "kubernetes.io/ingress.class"                      = "traefik"
      "traefik.ingress.kubernetes.io/router.middlewares" = "management-mgmt-auth@kubernetescrd"
      "traefik.ingress.kubernetes.io/router.tls"         = true
    }
  }


  spec {
    rule {
      host = "${var.traefik_mgmt_name}.${var.traefik_mgmt_domain}"

      http {
        path {
          backend {
            service_name = kubernetes_service.dashboard.metadata[0].name
          }
        }
      }
    }

    rule {
      host = var.traefik_mgmt_name

      http {
        path {
          backend {
            service_name = kubernetes_service.dashboard.metadata[0].name
          }
        }
      }
    }

    tls {
      secret_name = "ssl-certs"
    }
  }
}

Any ideas on why this would be occuring? It seems like my defaults are enabled so there shouldn't be a reason it doesn't hit the dashboard endpoint.

Main change that was made was enabled the http redirect using the built in service.

Thanks in advance, appreciate the work your doing.