My expected behaviour is quite simple but seems to be impossible to configure.
Expected: a service is available on HTTP and HTTPS
Actual: It's either depending on the IngressRoute
All the provided configurations are valid according to the log files as well as the Traefik dashboard. The configuration is also correctly reflected on the different dashboard pages. In the curl
results the in my opinion wrong results are in bold.
Full configuration:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: https
spec:
redirectScheme:
scheme: https
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: whoami
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`whoami.domain.io`)
kind: Rule
services:
- name: whoami
port: 80
tls:
certResolver: default
---
apiVersion: v1
kind: Service
metadata:
name: whoami
spec:
ports:
- protocol: TCP
name: web
port: 80
selector:
app: whoami
---
kind: Deployment
apiVersion: apps/v1
metadata:
name: whoami
labels:
app: whoami
spec:
replicas: 2
selector:
matchLabels:
app: whoami
template:
metadata:
labels:
app: whoami
spec:
containers:
- name: whoami
image: containous/whoami
ports:
- name: web
containerPort: 80
$ curl http://whoami.domain.io => 404
$ curl https://whoami.domain.io => 200
$ curl http://172.16.x.x:8000 -H Host:whoami.domain.io => 404
$ curl https://172.16.x.x:4443 -H Host:whoami.domain.io -k => 200
Now the different variations of IngressRoute
with it's results
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: whoami
spec:
entryPoints:
- web
routes:
- match: Host(`whoami.domain.io`)
kind: Rule
services:
- name: whoami
port: 80
$ curl http://whoami.domain.io => 200
$ curl https://whoami.domain.io => 404
$ curl http://172.16.x.x:8000 -H Host:whoami.domain.io => 200
$ curl https://172.16.x.x:4443 -H Host:whoami.domain.io -k => 404
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: whoami
spec:
entryPoints:
- websecure
routes:
- match: Host(`whoami.domain.io`)
kind: Rule
services:
- name: whoami
port: 80
$ curl http://whoami.domain.io => 404
$ curl https://whoami.domain.io => 404
$ curl http://172.16.x.x:8000 -H Host:whoami.domain.io => 404
$ curl https://172.16.x.x:4443 -H Host:whoami.domain.io -k => 404
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: whoami
spec:
entryPoints:
- web
routes:
- match: Host(`whoami.domain.io`)
kind: Rule
services:
- name: whoami
port: 80
tls:
certResolver: default
$ curl http://whoami.domain.io => 404
$ curl https://whoami.domain.io => 404
$ curl http://172.16.x.x:8000 -H Host:whoami.domain.io => 404
$ curl https://172.16.x.x:4443 -H Host:whoami.domain.io -k => 404
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: whoami
spec:
entryPoints:
- websecure
routes:
- match: Host(`whoami.domain.io`)
kind: Rule
services:
- name: whoami
port: 80
tls:
certResolver: default
$ curl http://whoami.domain.io => 404
$ curl https://whoami.domain.io => 200
$ curl http://172.16.x.x:8000 -H Host:whoami.domain.io => 404
$ curl https://172.16.x.x:4443 -H Host:whoami.domain.io -k => 200
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: whoami
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`whoami.domain.io`)
kind: Rule
services:
- name: whoami
port: 80
$ curl http://whoami.domain.io => 404
$ curl https://whoami.domain.io => 404
$ curl http://172.16.x.x:8000 -H Host:whoami.domain.io => 404
$ curl https://172.16.x.x:4443 -H Host:whoami.domain.io -k => 404
And what I firstly really tried to achieve (Redirect of HTTP -> HTTPS):
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: whoami
spec:
entryPoints:
- websecure
routes:
- match: Host(`whoami.domain.io`)
kind: Rule
services:
- name: whoami
port: 80
middlewares:
- name: https
tls:
certResolver: default
$ curl http://whoami.domain.io => 404
$ curl https://whoami.domain.io => 200
$ curl http://172.16.x.x:8000 -H Host:whoami.domain.io => 404
$ curl https://172.16.x.x:4443 -H Host:whoami.domain.io -k => 200
Is this the expected behaviour? I hope not.