Minimal but meaningful v2.0 GKE configuration


Get Traefik 2.0 up and running in GKE with minimal but meaningful settings.


  1. Expose Traefik dashboard via domain (e.g.
  2. Allow only TLS communication allowed from (who uses plain HTTP nowadays?)
  3. Terminate TLS using Traefik with existing wildcard TLS certificate (*
  4. Prefer Kubernetes resource-based configuration over files

Progress so far

  1. Custom resources
  2. Service account and related configuration
  3. Deployment
  4. Services
  5. Ingress

Everything works until this point. I have also explained the steps in this article.


When I try to add a second ingress in similar fashion, it turns out Traefik doesn't allow me to use the same TLS certificate created as a Secret in different namespace. Is this a bug, or am I forced to put all my ingresses - and consequently my services - in the same namespace in order to be able to use the same wildcard TLS certificate?

I get flooded by this warning:

Skipping addition of certificate for domain(s) \"*,\", to EntryPoint default, as it already exists for this Entrypoint."

Also, I wonder if/how I should set the headers for Linkerd in Traefik 2.0. Example for Traefik 1.x can be found here.