I am currently trying to deploy the following Ingress:
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: foo namespace: bar annotations: kubernetes.io/ingress.class: "traefik" traefik.ingress.kubernetes.io/router.middlewares: bar-foo-middleware@kubernetescrd cert-manager.io/cluster-issuer: production-cert-issuer spec: rules: - host: logs.example.org http: paths: - backend: service: name: log-svc port: number: 6666 path: "/" pathType: Prefix tls: - hosts: - logs.example.org secretName: foo-cert
The middleware reads:
apiVersion: traefik.containo.us/v1alpha1 kind: Middleware metadata: name: foo-middleware namespace: bar spec: basicAuth: secret: htpasswd
And that, for the most part, works. Basic Auth? Works like a charm. ACME? No.
challenge component complains of the following issue:
Status: Presented: true Processing: true Reason: Waiting for http-01 challenge propagation: wrong status code '401', expected '200' State: pending Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Started 19s cert-manager Challenge scheduled for processing Normal Presented 18s cert-manager Presented challenge using http-01 challenge mechanism
Naturally, it works when I remove the basic authentication middleware, but wasn't Træfik supposed to exempt the
.well-known endpoint from the middleware? I know that's the case with Træfik's internal certificate management system. But what about Cert-Manager?
Any help with this would be appreciated! Thanks! (: