LetsEncrypt on Kubernetes... Not working & v2.1 User Guide.... Oddity

I followed the "User Guide: Kubernetes and Let's Encrypt" in the v2.1 documentation to stand up Traefik in Kubernetes.

Link to the documentation: https://docs.traefik.io/user-guides/crd-acme/

I followed the guide to the T but ended up making some small changes when I couldn't get the LetsEncrypt/SSL/HTTPS working:

  • Changed web/websecure on the port names to http/https to be consistent with the rest of Traefik
  • Stood up an Apache site, Plex and a variety of other services with UIs to see if LetsEncrypt would kick in
  • Added httpchallenge as I could not get Kubernetes IngressRoute to work but Ingress was working fine

My Traefik Deployment:

apiVersion: v1

kind: ServiceAccount

metadata:

  namespace: default

  name: traefik-ingress-controller

---

kind: Deployment

apiVersion: apps/v1

metadata:

  namespace: default

  name: traefik

  labels:

    app: traefik

spec:

  replicas: 1

  selector:

    matchLabels:

      app: traefik

  template:

    metadata:

      labels:

        app: traefik

    spec:

      serviceAccountName: traefik-ingress-controller

      containers:

        - name: traefik

          image: traefik:v2.1

          args:

            - --api.insecure

            - --accesslog

            - --entrypoints.http.Address=:80

            - --entrypoints.https.Address=:443

            - --providers.kubernetescrd

            - --providers.kubernetesIngress

            - --certificatesresolvers.default.acme.tlschallenge

            - --certificatesresolvers.default.acme.httpchallenge

            - --certificatesresolvers.default.acme.httpchallenge.entrypoint

            - --certificatesresolvers.default.acme.email=MYEMAIL@gmail.com

            - --certificatesresolvers.default.acme.storage=acme.json

#          volumeMounts:

#            - name: nfs-traefik-config

#              mountPath: "/config"

#            - name: nfs-traefik-cert

#              mountPath: "/etc/traefik"

          ports:

            - name: http

              containerPort: 80

            - name: https

              containerPort: 443

            - name: admin

              containerPort: 8080

#      volumes:

#      - name: nfs-traefik-config

#        configMap:

#          name: traefik-conf

#      - name: nfs-traefik-cert

#        persistentVolumeClaim:

#          claimName: nfs-traefik-cert

---

kind: Service

apiVersion: v1

metadata:

  name: traefik-ingress-service

  namespace: default

spec:

  selector:

    app: traefik

  ports:

    - protocol: TCP

      port: 80

      nodePort: 30000

      name: http

    - protocol: TCP

      port: 443

      nodePort: 30001

      name: https

    - protocol: TCP

      port: 8080

      nodePort: 30002

      name: admin

  type: NodePort

Example Ingress:

apiVersion: extensions/v1beta1

kind: Ingress

metadata:

  name: plex

spec:

  rules:

    - host: "plex.SITE.com"

      http:

        paths:

          - path: /

            backend:

              serviceName: plex

              servicePort: 32400

Expected Behavior:

When I go to plex.SITE .com, I get https://plex.SITE .com and everything works (no errors).

Current Behavior:

When I go to plex.SITE .com, I get a "your connection is not private" and if I advance through the error, I get a 404 message (Traefik not redirecting the port/no working SSL).

When I go to http://plex.SITE .com, the site works as expected, just no SSL.


What kills me is that this all works perfectly in my Docker machine but I can not for the life of me get this working in Kubernetes.

Help?