My k8s ressources to deploy Traefik
# Source: traefik/templates/rbac/serviceaccount.yaml
kind: ServiceAccount
apiVersion: v1
metadata:
name: traefik
labels:
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-9.4.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: traefik
annotations:
---
# Source: traefik/templates/rbac/clusterrole.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik
labels:
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-9.4.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: traefik
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- ingressroutes
- ingressroutetcps
- ingressrouteudps
- middlewares
- tlsoptions
- tlsstores
- traefikservices
verbs:
- get
- list
- watch
---
# Source: traefik/templates/rbac/clusterrolebinding.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik
labels:
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-9.4.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: traefik
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik
subjects:
- kind: ServiceAccount
name: traefik
namespace: nexus-dev
---
# Source: traefik/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
name: traefik
spec:
selector:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik
ports:
- name: http
protocol: TCP
port: 80
targetPort: 8000
- name: https
protocol: TCP
port: 443
targetPort: 8443
- name: traefik
protocol: TCP
port: 9000
targetPort: 9000
externalIPs:
- @IP
---
# Source: traefik/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik
labels:
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-9.4.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: traefik
annotations:
spec:
replicas: 1
selector:
matchLabels:
app.kubernetes.io/name: traefik
app.kubernetes.io/instance: traefik
template:
metadata:
labels:
app.kubernetes.io/name: traefik
helm.sh/chart: traefik-9.4.3
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: traefik
spec:
securityContext:
fsGroup: 65532
serviceAccountName: traefik
terminationGracePeriodSeconds: 60
# hostNetwork: true
containers:
- image: traefik:2.3.1
imagePullPolicy: IfNotPresent
name: traefik
ports:
- name: web
containerPort: 8000
- name: websecure
containerPort: 8443
- name: traefik
containerPort: 9000
args:
- "--entryPoints.web.address=:8000/tcp"
- "--entryPoints.websecure.address=:8443/tcp"
- "--entryPoints.traefik.address=:9000/tcp"
- "--api.dashboard=true"
- "--api.insecure"
- "--ping=true"
- "--providers.kubernetescrd"
- "--providers.kubernetesingress"
- "--log.level=DEBUG"
securityContext:
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
i deployed a tool (let's name it mytool) here is the ingressroute and the middleware to redirect to https
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: {{ .Release.Name }}
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`mytool_url`)
kind: Rule
services:
- name: mytool-svc
port: mytool-port
middlewares:
- name: redirect-https
tls:
secretName: tls-secret
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: redirect-https
spec:
redirectScheme:
scheme: https
permanent: true
now, when i try to reach my tool using https all works fine but once i try reach it using http the error 404 not found is throwed.
https://mytool_url -> works
http://mytool_url -> 404 error
expected result that Traefik will redirect http to https automatically
any ideas or hints ?