Hello!
I am currently trying to deploy the following Ingress:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: foo
namespace: bar
annotations:
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/router.middlewares: bar-foo-middleware@kubernetescrd
cert-manager.io/cluster-issuer: production-cert-issuer
spec:
rules:
- host: logs.example.org
http:
paths:
- backend:
service:
name: log-svc
port:
number: 6666
path: "/"
pathType: Prefix
tls:
- hosts:
- logs.example.org
secretName: foo-cert
The middleware reads:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: foo-middleware
namespace: bar
spec:
basicAuth:
secret: htpasswd
And that, for the most part, works. Basic Auth? Works like a charm. ACME? No.
The challenge component complains of the following issue:
Status:
Presented: true
Processing: true
Reason: Waiting for http-01 challenge propagation: wrong status code '401', expected '200'
State: pending
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Started 19s cert-manager Challenge scheduled for processing
Normal Presented 18s cert-manager Presented challenge using http-01 challenge mechanism
Naturally, it works when I remove the basic authentication middleware, but wasn't Træfik supposed to exempt the .well-known endpoint from the middleware? I know that's the case with Træfik's internal certificate management system. But what about Cert-Manager?
Any help with this would be appreciated! Thanks! (: