Serving prometheus kubernetes helm chart over HTTPS

francoisl · September 15, 2021, 5:58pm

Hello,
I am trying to make the prometheus helm chart work on a fresh K8s using fluxcd.
the chart link: helm-charts/values.yaml at main · prometheus-community/helm-charts · GitHub

Here are my values:

###########
# my ingress
###########
  values: 
    prometheus:
      ingress: # https://github.com/prometheus-community/helm-charts/blob/main/charts/kube-prometheus-stack/values.yaml#L1805
        enabled: true
        ingressClassName: traefik
        annotations:
          traefik.ingress.kubernetes.io/router.entrypoints: web,websecure
          ingress.kubernetes.io/auth-type: basic
          ingress.kubernetes.io/auth-secret: prom-basic-auth-manual

        hosts:
        - my.host.com
        paths:
        - /
        pathType: Prefix

I want to be able to reach Prometheus from outside using HTTPS.
Traefik is used as ingress controller with this configuration, using the helm chart (I did not include the DO secret & the volume-permissions init-container).

  values:
    image:
      tag: 2.5.1
    additionalArguments:
      - "--certificatesresolvers.le.acme.storage=/data/acme.json"
      - --certificatesresolvers.le.acme.dnschallenge.provider=digitalocean
      - --certificatesresolvers.le.acme.email=my@orga.eu
    ports:
      traefik:
        expose: false
        exposedPort: 9000
        port: 9000
        protocol: TCP
      web:
        expose: true
        exposedPort: 80
        port: 8000
        protocol: TCP
        # redirects traffic to the HTTPS section by default
        redirectTo: websecure
      websecure:
        expose: true
        exposedPort: 443
        port: 8443
        protocol: TCP
        tls:
          certResolver: le
          domains:
          - main: host.com
            sans:
            - '*.host.com'
          enabled: true
          options: ""

    env:
      - name: DO_AUTH_TOKEN
        valueFrom:
          secretKeyRef:
            key: apiKey
            name: do-api-credentials

The weird part is:
If I use an ingressRoute that I manually create, it will work, I can access Prometheus over HTTPS,

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: kube-prometheus-ingress
  namespace: default
spec:
  entryPoints:
    - websecure
    - web
  routes:
  - match: Host(`my.host.com`)
    kind: Rule
    services:
    - name: default-kube-prometheus-st-prometheus
      port: 9090
  tls:
    certResolver: le

As the Prometheus helm chart is using the Ingress object, how to use it / why is my configuration wrong for the ingress ?

best regards, all answers would be appreciated

Topic		Replies	Views
Traefik does not expose prometheus Port Traefik v3 (latest) kubernetes-ingress , metrics	0	60	August 21, 2024
Traefik Helm Chart & Acme on starting up Traefik v1 kubernetes-helm	2	1117	August 15, 2019
404 on all the ingresses with TLS on AKS Traefik v2 kubernetes-ingress	3	382	February 23, 2024
Monitor traefik with prometheus all on k8s Traefik v2 kubernetes-ingress , metrics , tracing	4	1636	October 31, 2021
Http -> Https Redirection Not Working Traefik v2 kubernetes-crd , kubernetes-ingress	0	566	May 31, 2022

Serving prometheus kubernetes helm chart over HTTPS

Related Topics