EKS w/ ALB & NodePort - Migrated to v2.5, IngressRoutes and Dashboard broken

StigidyMarley · September 7, 2021, 2:52pm

Attempting to migrate from v1.7 to v2.5.1 to make use of new features and I'm not having much success.

The implementation differs from most others I've found, due to using an AWS Application LB & node port service.

I've tried several changes to the configuration, if anybody could help point me in the right direction, that would be great. This should be the most important parts of the configuration:

...
ports:
- name: "traefik"
  containerPort: 9000
  protocol: "TCP"
  hostPort: 9000
- name: "web"
  containerPort: 8000
  hostPort: 8000
  protocol: "TCP"
- name: "websecure"
  containerPort: 8443
  hostPort: 8443
  protocol: "TCP"
securityContext:
  capabilities:
    drop:
    - ALL          
    add:
    - NET_BIND_SERVICE
  runAsGroup: 65532
  runAsUser: 65532
volumeMounts:
  - name: data
    mountPath: /data
  - name: tmp
    mountPath: /tmp
args:
  - "--global.checknewversion=false"
  - "--global.sendanonymoususage=false"
  - "--entryPoints.traefik.address=:9000/tcp"
  - "--entryPoints.web.address=:8000/tcp"
  - "--entryPoints.websecure.address=:8443/tcp"
  - "--entryPoints.websecure.http.tls=true"
  - "--api=true"
  - "--api.dashboard=true"
  - "--api.insecure=true"
  - "--ping=true"
  - "--providers.kubernetescrd"
  - "--providers.kubernetesingress"
  - "--providers.kubernetesCRD.namespaces=[]"
  - "--providers.kubernetescrd.allowcrossnamespace"
  - "--log.level=info"
  - "--accesslog=true"
  - "--accesslog.fields.defaultmode=keep"
  - "--accesslog.fields.headers.defaultmode=drop"
  - "--serversTransport.insecureSkipVerify=true"
...

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard
  namespace: dev
  annotations:
  labels:
    app.kubernetes.io/name: traefik
spec:
  entryPoints:
    - traefik
  routes:
  - match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
    kind: Rule
    services:
    - name: dashboard@internal
      kind: TraefikService
  tls:
    secretName: traefik-ui-tls-cert

kind: Service
apiVersion: v1
metadata:
  name: traefik
  namespace: dev
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-west-2:{{acc}}:certificate/{{cert-uid}}
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
    service.beta.kubernetes.io/aws-load-balancer-type: alb
spec:
  selector:
    k8s-app: traefik
  ports:
    - protocol: TCP
      port: 8443
      nodePort: 31205
      name: traefik
  type: NodePort

Thanks

Topic		Replies	Views
Hosting a HTTP-App on a custom TCP-Port with TLS Traefik v2 (latest) kubernetes-crd , kubernetes-ingress , tcp	1	986	March 25, 2022
AWS ALB -> Traefik -> 404 on everything Traefik v2 (latest) kubernetes-ingress	3	2362	September 13, 2020
Unable to route to Traefik2 dashboard through IngressRoute without insecure API Traefik v2 (latest) kubernetes-crd , dashboard-api	2	3194	November 28, 2019
Traefik 2.0 can not change port for dashboard Traefik v2 (latest) dashboard-api	7	5218	January 26, 2020
Traefik on kubernetes, stuck to access dashboard Traefik v2 (latest) dashboard-api	7	4439	July 18, 2022

EKS w/ ALB & NodePort - Migrated to v2.5, IngressRoutes and Dashboard broken

Related Topics