Serverstransport not working with kubernetes ingress

Traefik Traefik v2
1

HTTPS connection from Traefik to a JuypterHub Kubernetes Service does only work with insecureSkipVerify = true set in the global configuration.

To avoid insecureSkipVerify, I tried to configure serverstransport in the ingress configuration:

kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
  name: "jupyter"
  namespace: namespace-jupyterhub
  annotations:
    traefik.ingress.kubernetes.io/service.serversscheme: https
    traefik.ingress.kubernetes.io/service.serverstransport: jupyterhub@file
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.middlewares: secHeaders@file
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  tls:
    - hosts:
        - xxx
      secretName: jupyterhub-tls
  rules:
    - host: xxx
      http:
        paths:
          - path: /
            backend:
              serviceName: proxy-public
              servicePort: 443

and a dynamic configuration

  [http.serversTransports.jupyterhub]
    serverName = "xxx"
    rootCAs = "/etc/ssl/chain.pem"

The serverstransport works with the same certificates for docker services.

2

Hello @z3ky and thanks for your interest in Traefik,

As described in the documentation, the following annotations have to be defined on the Kubernetes service (proxy-public).

traefik.ingress.kubernetes.io/service.serversscheme: https
traefik.ingress.kubernetes.io/service.serverstransport: jupyterhub@file

Hope this helps!

1 Like
3

Oooh "On Service" Annotation... get it now. Thank you very much!

1 Like