I have a similar setup used for Traefiks' Service (LB) definition for v2 as I did for v1.7. There seem to be some notable differences -- specifically WRT routing to a service. Looks like I need to use traefik.domain.com/<service>
in order to access the resource. Is it possible to omit traefik
as part of the subdomain?
This assumption (if it is one) to route traffic under traefik
subdomain seems to affect my SSL setup which isn't taking that subdomain into account when the cert was generated. I would like to just access my services as domain.com/svc
or subdomain.domain.com/svc
. As is, I am using traefik.subdomain.domain.com
.
Service:
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: <namespace>
labels:
app: traefik
annotations:
external-dns.alpha.kubernetes.io/hostname: "*.<subdomain>.<hostname>.io"
service.beta.kubernetes.io/aws-load-balancer-backend-protocol: TCP
service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
service.beta.kubernetes.io/aws-load-balancer-ssl-cert: <arn..>
service.beta.kubernetes.io/aws-load-balancer-ssl-negotiation-policy: ELBSecurityPolicy-TLS-1-1-2017-01
service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
spec:
type: LoadBalancer
selector:
app: traefik
release: traefik
ports:
- port: 80
name: web
targetPort: "web"
- port: 443
name: websecure
targetPort: "websecure"
Deployment Manifest
apiVersion: apps/v1
kind: Deployment
metadata:
name: traefik
namespace: <namespace>
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik
terminationGracePeriodSeconds: 60
containers:
- image: traefik:2.1.3
name: traefik
resources:
limits:
cpu: 250m
memory: 200Mi
requests:
cpu: 200m
memory: 100Mi
readinessProbe:
httpGet:
path: /ping
port: 9000
failureThreshold: 1
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
livenessProbe:
httpGet:
path: /ping
port: 9000
failureThreshold: 3
initialDelaySeconds: 10
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 2
ports:
- name: "traefik"
containerPort: 9000
protocol: TCP
- name: "web"
containerPort: 8000
protocol: TCP
- name: "websecure"
containerPort: 8443
protocol: TCP
args:
- "--global.checknewversion=true"
- "--global.sendanonymoususage=true"
- "--entryPoints.traefik.address=:9000"
- "--entryPoints.web.address=:8000"
- "--entryPoints.websecure.address=:8443"
- "--api.dashboard=true"
- "--api.insecure=false"
- "--ping=true"
- "--providers.kubernetescrd"