Traefik 2.0 can not change port for dashboard

Macrame · December 25, 2019, 3:25am

I am trying to use Traefik 2.0 on kubernetes 1.16.2 and found it does not support to change the port of dashboard. It tries to bind the port 8080 which was used by kube-apiserver.

kind: DaemonSet
apiVersion: apps/v1
...
          volumeMounts:
          - mountPath: "/config"
            name: "config"
          - mountPath: "/crts"
            name: "tls-certs"
          args:
            - --api
            - --log.level=INFO
            - --accesslog
            - --entrypoints.http.Address=:80
            - --entrypoints.https.Address=:443
            - --providers.kubernetescrd
            - --providers.kubernetesingress
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: https-redirect
...
  - match: Host(`traefik-dashboard-xxxx`)
    kind: Rule
    middlewares:
    - name: http-auth
    priority: 50
    services:
    - name: api@internal
      port: 8080

And the kubernetes log:

level=error msg="Cannot create service: service not found xxx/api@internal" namespace=xxx serviceName=api@internal providerName=kubernetescrd ingress=https-redirect servicePort=8080

Whatever I change the port, it does not work.

ldez · December 25, 2019, 3:34am

Hello,

you have to use Traefik v2.1 because it's the current stable version.
you have to read "Dashboard Dynamic Configuration Examples" in https://docs.traefik.io/v2.1/operations/dashboard/#secure-mode
you have to define the entrypoint of your IngressRoute https://docs.traefik.io/v2.1/routing/providers/kubernetes-crd/#traefik-ingressroute-definition

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: ingressroutefoo

spec:
  entryPoints:
    - web
# ...

Macrame · December 25, 2019, 4:06am

Now, I upgraded to the v2.1.1 version.

kind: DaemonSet
apiVersion: apps/v1
...
spec:
  ...
    spec:
      serviceAccountName: traefik-ingress-controller
      hostNetwork: true
...
      containers:
        - name: traefik
          image: traefik:v2.1.1
          volumeMounts:
          - mountPath: "/config"
            name: "config"
          - mountPath: "/crts"
            name: "tls-certs"
          args:
            - --api
            - --log.level=INFO
            - --accesslog
            - --entrypoints.http.Address=:80
            - --entrypoints.https.Address=:443
            - --providers.kubernetescrd
            - --providers.kubernetesingress
          ports:
            - name: http
              containerPort: 80
              hostPort: 80
            - name: https
              containerPort: 443
              hostPort: 443
---
---
apiVersion: v1
kind: Service
...
spec:
  ports:
    - protocol: TCP
      name: http
      port: 80
    - protocol: TCP
      name: https
      port: 443
  selector:
    app: traefik-ingress-controller
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: https-redirect
...
  - match: Host(`traefik-dashboard-xxxx`)
    kind: Rule
    middlewares:
    - name: http-auth
    priority: 50
    services:
    - name: api@internal
      port: 8080

And the kubernetes log:

level=error msg="kubernetes service not found: xxx/api@internal" providerName=kubernetescrd ingress=https-redirect namespace=xxx
level=error msg="Error while building TraefikService: kubernetes service not found: xxx/api@internal" providerName=kubernetescrd serviceName=traefikservice

ldez · December 25, 2019, 4:09am

the current stable version is v2.1.1

Macrame · December 25, 2019, 4:11am

I don't have a public external loadbalancer. So I set the DaemonSet to use the host network. I hope it can listen the port 80, 443, and 6080 instead of 8080 which was bound by kube-apiserver.
There are 2 problem to me:

How to set the port of dashboard or can it use the 80/443 port to access via ingress rule?
If use the dashboard port, k8s logs api@internal service not found.

Oh, sorry, I am using the version v2.1.1

ldez · December 25, 2019, 4:15am

When you are using the api in the secure mode, the port used is the port of the entrypoint of the InrgressRoute (not 8080) because it's an internal service (no port)

from the documentation:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik-dashboard
spec:
  entryPoints:
    - http
  routes:
  - match: Host(`traefik.domain.com`)
    kind: Rule
    services:
    - name: api@internal
      kind: TraefikService

https://docs.traefik.io/v2.1/operations/dashboard/#secure-mode

Macrame · December 25, 2019, 5:05am

Thank you very much. BTW, could I change the port for dashboard if I want to use it in Insecure Mode? Thanks again.

rsoika · January 26, 2020, 10:49pm

@Macrame, can you please provide an examples how all the objects need to be configures. I am struggling to setup traefik 2.1 in kubernetes 17.1 since days. I am not the kubernetes expert and need a coherent example of the deployment, the service and the IngressRoute.

Topic		Replies	Views
Unable to route to Traefik2 dashboard through IngressRoute without insecure API Traefik v2 kubernetes-crd , dashboard-api	2	3327	November 28, 2019
Traefik on kubernetes, stuck to access dashboard Traefik v2 dashboard-api	7	6460	July 18, 2022
EKS w/ ALB & NodePort - Migrated to v2.5, IngressRoutes and Dashboard broken Traefik v2 kubernetes-crd , dashboard-api	0	624	September 7, 2021
Unable use kubernetes Ingress to visit dashboard Traefik v2 kubernetes-ingress , dashboard-api	0	452	August 26, 2022
Changing dashboard URI no longer works in v2? Traefik v2 dashboard-api	3	831	January 17, 2020

Traefik 2.0 can not change port for dashboard

Related Topics