Hi everyone,
I'm having trouble setting up the dashboard on my subdomain.
First of all,
I have successfully deploy the whoami service on the main domain example.com.
This is running behind Cloudflare.
With the example on the docs using insecure option, I can see the dashboard.
The problem is when using the secure option (with basic auth).
I think there is a problem in my configuration, deployment.yaml:
apiVersion: v1
kind: Service
metadata:
name: traefik
spec:
ports:
- protocol: TCP
name: web
port: 80
- protocol: TCP
name: admin
port: 8080
- protocol: TCP
name: websecure
port: 443
type: LoadBalancer
selector:
app: traefik
---
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: default
name: traefik-ingress-controller
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: default
name: traefik
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-ingress-controller
containers:
- name: traefik
image: traefik:v2.2
args:
- --api
- --api.dashboard
- --accesslog
- --entrypoints.web.Address=:80
- --entrypoints.websecure.Address=:443
- --providers.kubernetescrd
- --certificatesresolvers.myresolver.acme.tlschallenge
- --certificatesresolvers.myresolver.acme.email=email@gmail.com
- --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
- --certificatesresolvers.myresolver.acme.storage=acme.json
ports:
- name: web
containerPort: 80
- name: websecure
containerPort: 443
- name: admin
containerPort: 8080
dashboard.yaml:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard-route
spec:
entryPoints:
- websecure
routes:
- match: Host(`admin.mydomain.dev`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
middlewares:
- name: traefik-dashboard-auth
certResolver: myresolver
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: traefik-dashboard-auth
spec:
basicAuth:
secret: traefik-dashboard-auth-secret
---
# Note: in a kubernetes secret the string (e.g. generated by htpasswd) must be base64-encoded first.
# To create an encoded user:password pair, the following command can be used:
# htpasswd -nb user password | openssl base64
apiVersion: v1
kind: Secret
metadata:
name: traefik-dashboard-auth-secret
data:
users: |2
...
whoami.yaml:
kind: Deployment
apiVersion: apps/v1
metadata:
name: whoami-app
spec:
replicas: 1
selector:
matchLabels:
app: whoami-app
template:
metadata:
labels:
app: whoami-app
spec:
containers:
- name: whoami-app
image: containous/whoami
---
apiVersion: v1
kind: Service
metadata:
name: whoami-app
labels:
app: whoami-app
spec:
ports:
- port: 80
name: whoami-app
selector:
app: whoami-app
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutetls
spec:
entryPoints:
- websecure
routes:
- match: Host(`altiano.dev`)
kind: Rule
services:
- name: whoami-app
port: 80
tls: # This route uses TLS
certResolver: myresolver