Can I somehow define the websecure endpoint as the default one, so Ingresses and IngressRoutes, which don't explicitely define their entrypoints, will only generate routers for the websecure endpoint?
It's just a smallish imperfection, but it's bothering me, that I now have a lot of unused and unreachable routers for the web entrypoint. I know I could just specify the websecure entrypoint on all of the Ingresses and IngressRoutes, but I wanted to ask if there is an easier solution before doing this.
I couldn't figure out how to do that... My understanding is that for each router you have to explicitly declare an entrypoint, its service, and its rule (i.e. domain). I ended up having to do that for both http and https. Then if you are using HTTPS you have to provide SSL configuration, either by doing all the letsencrypt stuff, or putting the ssl cert info in a config file. Then separately I create a middleware to redirect from the http router to the https router.
Keen to know if anyone thinks this can be done more easily!
This will now create two routers for me connected to the backend service my-service (the service mentioned in the yaml file is a Kubernetes service, not the Traefik one). Both routers are using the default-headers middleware.
I could restrict this to only one router by setting the annotation traefik.ingress.kubernetes.io/router.entrypoints: websecure. But as I have hundreds of ingresses, I'd really like to do something, that just defines websecure as being the default entrypoint, that is used in case none are specified.
And as @Idez pointed out: In a docker environment you only need to define the two annotations traefik.enable: 'true' and traefik.http.routers.example.rule: Host(my-app.my-domain.com) and you'll end up with two routers connected to the default-headers middleware and the appropriate services.
As this comment on Github says, this is a feature, that is will not be implemented again (it was in v1):
With v2, TLS being defined at router level + ability to route at TCP level, the default entrypoint does not make sense as it could break the TCP router, or accidentally mux HTTP/TCP.
There is now the general rule: The default entrypoints in v2 are all "tcp" entrypoints for http/tcp router, there is no default entrypoint for udp.