AWS ALB -> Traefik -> 404 on everything

jphgt · September 9, 2020, 5:36pm

Hi there !

I'm trying to use traefik 2.2.8 running on aws EKS with an ALB + route53.

Traefik's k8s service is of type NodePort.

I manage to reach traefik with the route53 DNS, I can see all my queries reaching Traefik but it always ends up with a 404. The target group's healthcheck is ok (on "traefik" port 9000 /ping).

If I set the traefik service to LoadBalancer (so a classic LB is deployed), the exact same configuration works and I can reach my other services.
I also tried with NLB: it works.

But I need an ALB.

Traefik is deployed with the Containous official Helm Chart (v9.x and traefik 2.2.8) on a 1.16 EKS cluster.

Here is the IngressRoute I use :

kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
  name: argocd-ingress
  namespace: argocd
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`my.own.dns`)
      services:
        - name: argocd-server
          port: 80

The only logs I have in traefik :

2020-09-09T17:19:10.652342113Z 10.93.47.159 - - [09/Sep/2020:17:19:10 +0000] "GET / HTTP/1.1" - - "-" "-" 3172 "-" "-" 0ms

Setting the log level to debug shows that Traefik get the correct configuration :

"Configuration received from provider kubernetescrd: {\"http\":{\"routers\":{\"argocd-argocd-server-ingress-af85b1ac71984a7dfa33\":{\"entryPoints\":[\"websecure\"],\"service\":\"argocd-argocd-server-ingress-af85b1ac71984a7dfa33\",\"rule\":\"Host(my.own.dns)\"}}}}

What am I missing to make Traefik works with an ALB ?

zespri · September 9, 2020, 9:30pm

404 coming from traefik means that there was no router that matched your request. If the 404 is coming from the application though, you need to troubleshoot the application.

jphgt · September 10, 2020, 4:40pm

Well, actually, the ingressroutes where setup almost correctly.

Thanks to this thread https://community.containo.us/t/404-help-please/4121/3 , I figured out that an empty "tls" block was missing, the ssl termination is the ALB.

So adding tls: {} did the trick, hower it was not required with a Classic LB or NLB (but I guess it should have been present.

kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
  name: argocd-ingress
  namespace: argocd
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`my.own.dns`)
      services:
        - name: argocd-server
          port: 80
  tls: {}

system · September 13, 2020, 4:40pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
AWS ALB with Traefik on Kubernetes - 404 error getting to app swagger page Traefik v2 docker , kubernetes-crd , kubernetes-ingress , ping	0	2096	June 11, 2021
404 with traefik ingress controller using NodePort service type Traefik v2 kubernetes-ingress	2	1131	February 12, 2023
404 on IngressRoute in kubernetes with AWS ELB Traefik v2 kubernetes-crd	0	614	June 2, 2021
404 on some ingress route Traefik v2 kubernetes-crd , kubernetes-ingress	1	2142	September 16, 2021
Traefik v3 returns 404 for all services Traefik v3 (latest) kubernetes-crd , kubernetes-ingress	2	227	July 24, 2024

AWS ALB -> Traefik -> 404 on everything

Related Topics