we have an IngressRouteTCP configuration for accessing kubernetes-dashboard setup as
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: k8s-dashboard
namespace: k8s-dashboard
spec:
entryPoints:
- websecure
routes:
- match: HostSNI(`{{ .Values.ingressRouteHost }}`)
middlewares:
- name: k8s-dashboard-auth
namespace: k8s-dashboard
services:
- name: k8s-dashboard-kubernetes-dashboard
namespace: k8s-dashboard
port: 443
tls:
passthrough: true
the middleware referenced in the 
above configuration looks like so:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: k8s-dashboard-auth
namespace: k8s-dashboard
spec:
basicAuth:
secret: k8s-dashboard-auth-secret
my end goal is to add basic auth for the k8s dashboard here.
on deploying this ingressroutetcp configuration and the related middleware config and then trying to access the dashboard, i am met with this:
18:25 $ curl https://$ingressRouteHosts
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
traefik logs indicate this:
time="2021-12-06T12:46:04Z" level=debug msg="Creating TCP server 0 at 10.2.15.39:8443" serviceName=k8s-dashboard-k8s-dashboard-c3b4020e49bbfbbbff05 serverName=0 entryPointName=websecure routerName=k8s-dashboard-k8s-dashboard-c3b4020e49bbfbbbff05@kubernetescrd
time="2021-12-06T12:46:04Z" level=error msg="middleware \"k8s-dashboard-k8s-dashboard-auth@kubernetescrd\" does not exist" entryPointName=websecure routerName=k8s-dashboard-k8s-dashboard-c3b4020e49bbfbbbff05@kubernetescrd
time="2021-12-06T12:46:26Z" level=debug msg="Serving default certificate for request: \"$ingressRouteHost""
time="2021-12-06T12:46:26Z" level=debug msg="http: TLS handshake error from 10.2.1.1:63341: remote error: tls: bad certificate"
time="2021-12-06T12:46:30Z" level=debug msg="Serving default certificate for request: \"$ingressRouteHost\""
time="2021-12-06T12:48:55Z" level=debug msg="Skipping Kubernetes event kind *v1alpha1.IngressRouteTCP" providerName=kubernetescrd
time="2021-12-06T12:55:08Z" level=debug msg="Skipping Kubernetes event kind *v1alpha1.IngressRouteTCP" providerName=kubernetescrd
time="2021-12-06T12:57:06Z" level=debug msg="http: TLS handshake error from 10.2.1.1:57043: tls: client offered only unsupported versions: []"
time="2021-12-06T12:57:06Z" level=debug msg="Serving default certificate for request: \"\""
time="2021-12-06T12:58:26Z" level=debug msg="http: TLS handshake error from 10.2.1.1:54817: tls: client used the legacy version field to negotiate TLS 1.3"
time="2021-12-06T12:58:49Z" level=debug msg="Serving default certificate for request: \"\""
time="2021-12-06T13:04:07Z" level=debug msg="Serving default certificate for request: \"\""
time="2021-12-06T13:04:07Z" level=debug msg="http: TLS handshake error from xx.yy.zz.aa:bbbb tls: no cipher suite supported by both client and server"
time="2021-12-06T13:04:18Z" level=debug msg="Serving default certificate for request: \"\""
time="2021-12-06T13:05:49Z" level=debug msg="Serving default certificate for request: \"$ingressRouteHost\""
time="2021-12-06T13:05:49Z" level=debug msg="http: TLS handshake error from 10.2.1.1:57900: local error: tls: bad record MAC"
the version of traefik that i am using is traefik:2.5.4
expectation:
- executing a
curlrequest against $ingressRouteHost should result in a 401 (indicating that the web page is behind basic auth)
what is happening:
- i am getting http 404:
$ curl -k https://$ingressRouteHost
404 page not found
how is this being deployed:
- via helm