Hello,
I try to use Traefik 2.2 with CRD but i have an issue with generate http01 certificate. When describe challenges.acme.cert-manager.io
i am stuck in pending with reason Waiting for http-01 challenge propagation: wrong status code '504', expected '200'
.
When i port-forward the solver cm-acme-http-solver-xxx
i could access to the well-known but with the url i can't the server never respond.
The certificate :
apiVersion: cert-manager.io/v1alpha2
kind: Certificate
metadata:
name: traefik-cert
spec:
secretName: traefik-cert
issuerRef:
name: letsencrypt-staging
commonName: traefik.domain.com
dnsNames:
- traefik.domain.com
The ingress :
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-web-ui
spec:
entryPoints:
- websecure
routes:
- match: Host(`traefik.domain.com`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
middlewares:
- name: traefik-auth
namespace: traefik
tls:
secretName: traefik-cert
The issuer :
apiVersion: cert-manager.io/v1alpha2
kind: Issuer
metadata:
name: letsencrypt-staging
spec:
acme:
# The ACME server URL
server: https://acme-staging-v02.api.letsencrypt.org/directory
# Email address used for ACME registration
email: contact@domain.com
# Name of a secret used to store the ACME account private key
privateKeySecretRef:
name: letsencrypt-staging
# Enable HTTP01 validations
solvers:
- selector: {}
http01:
ingress:
class: traefik
The deployment of Traefik :
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: traefik
name: traefik-ingress-controller
---
kind: Deployment
apiVersion: apps/v1
metadata:
namespace: traefik
name: traefik
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- name: traefik
image: traefik:v2.2
args:
- --log.level=INFO
- --api
- --api.dashboard
# Providers
- --providers.kubernetescrd
- --providers.kubernetesingress
# Entry points
- --entrypoints.web.address=:80
- --entrypoints.websecure.address=:443
ports:
- name: web
containerPort: 80
- name: websecure
containerPort: 443
resources:
requests:
memory: "64Mi"
cpu: "100m"
limits:
memory: "64Mi"
cpu: "250m"
---
apiVersion: v1
kind: Service
metadata:
namespace: traefik
name: traefik
spec:
type: LoadBalancer
selector:
app: traefik
ports:
- protocol: TCP
port: 80
name: web
targetPort: 80
- protocol: TCP
port: 443
name: websecure
targetPort: 443
externalIPs:
- x.x.x.x
The logs of traefik :
time="2020-05-06T09:48:30Z" level=error msg="Error configuring TLS: secret traefik/traefik-cert does not exist" namespace=traefik providerName=kubernetescrd ingress=traefik-web-ui
time="2020-05-06T09:48:30Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrd
time="2020-05-06T09:48:31Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetes
For my configuration i have follow that tutorial : https://www.cerenit.fr/tags/cert-manager/
And that : https://docs.traefik.io/user-guides/crd-acme/#ingressroute-definition
Thanks.