Help to setup Traefik Dashboard on a subdomain

Traefik Traefik v2
, ,
1

Hi everyone,

I'm having trouble setting up the dashboard on my subdomain.

First of all,
I have successfully deploy the whoami service on the main domain example.com.
This is running behind Cloudflare.

With the example on the docs using insecure option, I can see the dashboard.
The problem is when using the secure option (with basic auth).

I think there is a problem in my configuration, deployment.yaml:

apiVersion: v1
kind: Service
metadata:
 name: traefik
spec:
 ports:
 - protocol: TCP
   name: web
   port: 80
 - protocol: TCP
   name: admin
   port: 8080
 - protocol: TCP
   name: websecure
   port: 443
 type: LoadBalancer
 selector:
  app: traefik
---
apiVersion: v1
kind: ServiceAccount
metadata:
 namespace: default
 name: traefik-ingress-controller

---
apiVersion: apps/v1
kind: Deployment
metadata:
  namespace: default
  name: traefik
  labels:
    app: traefik

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      containers:
       - name: traefik
         image: traefik:v2.2
         args:
            - --api
            - --api.dashboard
            - --accesslog
            - --entrypoints.web.Address=:80
            - --entrypoints.websecure.Address=:443
            - --providers.kubernetescrd
            - --certificatesresolvers.myresolver.acme.tlschallenge
            - --certificatesresolvers.myresolver.acme.email=email@gmail.com
            - --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
            - --certificatesresolvers.myresolver.acme.storage=acme.json
         ports:
            - name: web
              containerPort: 80
            - name: websecure
              containerPort: 443
            - name: admin
              containerPort: 8080

dashboard.yaml:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard-route
spec:
  entryPoints:
  - websecure
  routes:
  - match: Host(`admin.mydomain.dev`)
    kind: Rule
    services:
    - name: api@internal
      kind: TraefikService
    middlewares:
      - name: traefik-dashboard-auth
  certResolver: myresolver

---

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: traefik-dashboard-auth
spec:
  basicAuth:
    secret: traefik-dashboard-auth-secret

---

# Note: in a kubernetes secret the string (e.g. generated by htpasswd) must be base64-encoded first.
# To create an encoded user:password pair, the following command can be used:
# htpasswd -nb user password | openssl base64
apiVersion: v1
kind: Secret
metadata:
  name: traefik-dashboard-auth-secret
data:
  users: |2
    ...

whoami.yaml:

kind: Deployment
apiVersion: apps/v1
metadata:
   name: whoami-app
spec:
   replicas: 1
   selector:
      matchLabels:
         app: whoami-app
   template:
      metadata:
         labels:
            app: whoami-app
      spec:
         containers:
            - name: whoami-app
              image: containous/whoami
---
apiVersion: v1
kind: Service
metadata:
   name: whoami-app
   labels:
      app: whoami-app
spec:
   ports:
      - port: 80
        name: whoami-app
   selector:
      app: whoami-app
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroutetls
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`altiano.dev`)
    kind: Rule
    services:
    - name: whoami-app
      port: 80
  tls: # This route uses TLS
      certResolver: myresolver