AWS ALB -> Traefik -> 404 on everything

Hi there !

I'm trying to use traefik 2.2.8 running on aws EKS with an ALB + route53.

Traefik's k8s service is of type NodePort.

I manage to reach traefik with the route53 DNS, I can see all my queries reaching Traefik but it always ends up with a 404. The target group's healthcheck is ok (on "traefik" port 9000 /ping).

If I set the traefik service to LoadBalancer (so a classic LB is deployed), the exact same configuration works and I can reach my other services.
I also tried with NLB: it works.

But I need an ALB.

Traefik is deployed with the Containous official Helm Chart (v9.x and traefik 2.2.8) on a 1.16 EKS cluster.

Here is the IngressRoute I use :

kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
  name: argocd-ingress
  namespace: argocd
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`my.own.dns`)
      services:
        - name: argocd-server
          port: 80

The only logs I have in traefik :

2020-09-09T17:19:10.652342113Z 10.93.47.159 - - [09/Sep/2020:17:19:10 +0000] "GET / HTTP/1.1" - - "-" "-" 3172 "-" "-" 0ms

Setting the log level to debug shows that Traefik get the correct configuration :

"Configuration received from provider kubernetescrd: {\"http\":{\"routers\":{\"argocd-argocd-server-ingress-af85b1ac71984a7dfa33\":{\"entryPoints\":[\"websecure\"],\"service\":\"argocd-argocd-server-ingress-af85b1ac71984a7dfa33\",\"rule\":\"Host(my.own.dns)\"}}}}

What am I missing to make Traefik works with an ALB ?

1 Like

404 coming from traefik means that there was no router that matched your request. If the 404 is coming from the application though, you need to troubleshoot the application.

Well, actually, the ingressroutes where setup almost correctly.

Thanks to this thread https://community.containo.us/t/404-help-please/4121/3 , I figured out that an empty "tls" block was missing, the ssl termination is the ALB.

So adding tls: {} did the trick, hower it was not required with a Classic LB or NLB (but I guess it should have been present.

kind: IngressRoute
apiVersion: traefik.containo.us/v1alpha1
metadata:
  name: argocd-ingress
  namespace: argocd
spec:
  entryPoints:
    - websecure
  routes:
    - kind: Rule
      match: Host(`my.own.dns`)
      services:
        - name: argocd-server
          port: 80
  tls: {}
2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.