Goal
Get Traefik 2.0 up and running in GKE with minimal but meaningful settings.
Requirements
- Expose Traefik dashboard via domain (e.g. traefik.yourdomain.com)
- Allow only TLS communication allowed from (who uses plain HTTP nowadays?)
- Terminate TLS using Traefik with existing wildcard TLS certificate (*.yourdomain.com)
- Prefer Kubernetes resource-based configuration over files
Progress so far
Everything works until this point. I have also explained the steps in this article.
Problem
When I try to add a second ingress in similar fashion, it turns out Traefik doesn't allow me to use the same TLS certificate created as a Secret in different namespace. Is this a bug, or am I forced to put all my ingresses - and consequently my services - in the same namespace in order to be able to use the same wildcard TLS certificate?
I get flooded by this warning:
Skipping addition of certificate for domain(s) \"*.yourhost.dev,yourhost.dev\", to EntryPoint default, as it already exists for this Entrypoint."
Also, I wonder if/how I should set the headers for Linkerd in Traefik 2.0. Example for Traefik 1.x can be found here.