Traefik 2.5.3 error TLS

Traefik Traefik v2 (latest)
1

Error Traefik v2.5.3 TLS

traefik is not adding ssl certificate to ingress deployment:

time="2021-10-01T18:11:51Z" level=error msg="Unable to append certificate 0\x82\x0690\x82\x05!\xa0\x03\x02\x01\x02\x02\ft\xf5\x95m>l\xa6\x9c\b\x8f\xb8u0\r\x06\t*\x86H\x86\xf7\r\x01\x01\v\x05\x000L1\v0\t\x06\x03U\x04\x06\x13\x02BE1\x190\x17\x06\x03U\x04\n\x13\x10GlobalSign nv-sa1"0 \x06\x03U\x04\x03\x13\x19AlphaSSL CA - SHA256 - G20\x1e\x17\r210817150314Z\x17\r220918150314Z0\x181\x160\x14\x06\x03U\x04\x03\f\r*.tcemt.tc.br0\x82\x01"0\r\x06\t*\x86H\x86\xf7\r\x01\x01\x01\x05\x00\x03\x82\x01\x0f\x000\x82\x01\n\x02\x82\x01\x01\x00\xca\xe8\u007fҫ\t\xd6\xda%\xe5\xc8֔\xa4\x84\xcdfx\xee\x89\x113C,\a\xc2;\xf9?\x1f\x98\xa5wm\xc0\xeb\xab+=\xd4L#,\xf0|8\xcb\xd4.\x1b'\xb4&\x84\xcb\x1eCwF\xe3\x8d\xdd<\xba\x84\x13\xa3\x0f\vַ\xd9\x15=bӄ\x1du\xda\x11#\x81\x18\xee};\x0f\xf2\x0f\x8c^\xf6X\xa1U^\x92\x96\vac\xfa\xa1\x03I\xc7\t\xa4\xb6*\xf3\xda\xd0\x0255\x80\xdbF\xe7;Rb\xc6\xfeD\xa5\xfah\xa6B컨\xad\xeb1\xf2\xe2\x1f\v\xdaզ\x9e\x05\xdc\xfb\x82=\xd3~\x1a\x15\xfdgP!G\xd0\x18T\xab\x85\xe6ۛ\xa2\x18p\xb9\xa9\xad\x80.X\xbcpt\xf9\x05\xbfh\xd9\xfc\xa78\xb3v\xc1\xb8B\x94h\x85ּ\xbbu{b\x98\xa6k\x149\xe02\x86 O"\xa3g\xa1\xc1%C!\xcb\xf8\xde\x10\xfb\n\x87\xae8\x00N\x90\xf3\xe0p\xa1"\x87\x94!\xbb4^\xb8\xf7D\xf5\xdbq\xf7\xfe\xa0\x92\x1b\x05o\x02\x03\x01\x00\x01\xa3\x82\x03M0\x82\x03I0\x0e\x06\x03U\x1d\x0f\x01\x01\xff\x04\x04\x03\x02\x05\xa00\x81\x89\x06\b+\x06\x01\x05\x05\a\x01\x01\x04}0{0B\x06\b+\x06\x01\x05\x05\a0\x02\x866http://secure2.alphassl.com/cacert/gsalphasha2g2r1.crt05\x06\b+\x06\x01\x05\x05\a0\x01\x86)http://ocsp2.globalsign.com/gsalphasha2g20W\x06\x03U\x1d \x04P0N0B\x06\n+\x06\x01\x04\x01\xa02\x01\n\n0402\x06\b+\x06\x01\x05\x05\a\x02\x01\x16&https://www.globalsign.com/repository/0\b\x06\x06g\x81\f\x01\x02\x010\t\x06\x03U\x1d\x13\x04\x020\x000>\x06\x03U\x1d\x1f\x0470503\xa01\xa0/\x86-http://crl2.alphassl.com/gs/gsalphasha2g2.crl0%\x06\x03U\x1d\x11\x04\x1e0\x1c\x82\r*.tcemt.tc.br\x82\vtcemt.tc.br0\x1d\x06\x03U\x1d%\x04\x160\x14\x06\b+\x06\x01\x05\x05\a\x03\x01\x06\b+\x06\x01\x05\x05\a\x03\x020\x1f\x06
\x03U\x1d#\x04\x180\x16\x80\x14\xf5\xcd\xd5<\bP\xf9jO:\xb7\x97\xdaV\x83\xe6i\xd2h\xf70\x1d\x06\x03U\x1d\x0e\x04\x16\x04\x14\x14E\xeb\xbf\xedB\xe3\x9b\b\x18S\xc1(\xe1\x15\x02Ć\x00S0\x82\x01\u007f\x06\n+\x06\x01\x04\x01\xd6y\x02\x04\x02\x04\x82\x01o\x04\x82\x01k\x01i\x00u\x00oSv\xac1\xf01\x19ؙ\x00\xa4Q\x15\xffw\x15\x1c\x11\xd9\x02\xc1\x00)\x06\x8d\xb2\b\x9a7\xd9\x13\x00\x00\x01{T\xa3Y]\x00\x00\x04\x03\x00F0D\x02 Zh\xe6J\xa1p-\x87O\x94\xbb\xed\xdc\xffm\xa3\xc3\xc5\xf5\xec\xb2s\xbb\xba!qQ\xa3\xf6\xb2u"\x02 l\xb6\xcf_]\xc4f\xeec\xdcK\x19%\x18\x88#\x92P\b\xc3\xee\xd9?T\x0fD\x87\x8c\xc1\xc2͖\x00w\x00)y\xbe\xf0\x9e99!\xf0Vs\x9fc\xa5w\xe5\xbeW}\x9c\n\xf8\xf9M]&\\%]DŽ\x00\x00\x01{T\xa3YP\x00\x00\x04\x03\x00H0F\x02!\x00\xcdp\x88\xbb\x94D\aW\xedt\x03\x94\xa8l\xd7i^\xc6q\x0eg\xf1\xa5\t\x8c\x9f\xab?\x01&+\x02!\x00\xb7w\x1c\x19\x0f\xdf\x03\x94r\xa0\x93f4\x86\xfd2\b\xc7Ei\xf1\xea~\xbcVf\x93s\x90~{\xcc\x00w\x00U\x81\xd4\xc2\x16\x906\x01J\xea\v\x9bW<S\xf0\xc0\xe48xp%\b\x17/\xa3\xaa\x1d\a\x13\xd3\f\x00\x00\x01{T\xa3Y\x84\x00\x00\x04\x03\x00H0F\x02!\x00\xafr\xf5\xa1\x00\xd8P\x86\x1c\xbeү\xbe\xb1\xa7$\xb1\xddX:\xb7\xbe#늙!u \x00\x03\xcb\x02!\x00\xe7'\xe9\x18\xfd\x1c\x91\xe6\xe4\xaaAܤD\xf7<\xe7_\x95\x88\x82~]t\x05\x11\x90\u007fk\xc5n|0\r\x06\t*\x86H\x86\xf7\r\x01\x01\v\x05\x00\x03\x82\x01\x01\x00\x03ᐬ\xadr\xc2\n\x9b\x15\t\xb0\x81\xf1\xf9ض\xb8\xbf\xf7\xecXc\xe4\x9fL5\x02\x81>\xadn3@<\xc1\a\x91\xb8\xef\xf1\xe2\x8e\xf4\xa1\x14\xfd2\xc9D\x8e\xaa\x80l\xb4\x180I\xa0\xf5ۣ\xd5Ɓ\v\xd8d\xc0\xec\xaa\xfdQ\xabJ\x0f\xac\x1b\xa3\xfaV\x1a\xe4X\xee\x81u\x98\x92:\xab\xed\t\xb5JU\x9b\x98\xd4psW\xa11\xe8\x18X|\x82Sb1\xc4x\x8e\x06\x16\xc6\x13\xc7W\xa16kE\x03U\xa8\x86\xe9 \x91nC\x1b\xee\x03\xc8ST\xcb~\xbe\x91:\xc3Sa\xc64\xcc\x80\x8f\xa9/\x9e\xfa\xbd\xf2ރ\x98ۆ豙\xee\xd0&\f\U000a075f\x96B\xfd\x8a\x99H*\x1f\x03!\xd3=RM仛K\xab\xa2\xaa\xf1\xe0\fK\xdc\xf9\x9fm\x80X\xaeM(C\xae}\n\x0eB\x1b\xda\x12\xd5rY\x94!z\xf8Tn\x18og\xb9\xe8*%\x1f\xf2\x19\xeb\xf3\x9e\x04J\x15\xff\xa7颁\xbbb+Y\xff\x19 to store: unable to generate TLS certificate : tls: fail
ed to find any PEM data in certificate input" tlsStoreName=default

time="2021-10-01T18:11:51Z" level=error msg="the router traefik-kube-system-traefik-tcemt-tc-br@kubernetes uses a non-existent resolver: default"

ubuntu@harbor:~/Traefik-v2-TLS$ cat traefik.toml

traefik.toml

defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/tls.crt"
KeyFile = "/ssl/tls.key"

ubuntu@harbor:~/Traefik-v2-TLS$ cat traefik-daemon-set.yaml

kind: DaemonSet
apiVersion: apps/v1
metadata:
name: traefik-daemon-set
namespace: kube-system
labels:
app: traefik-daemon-set

spec:
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
containers:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
volumes:
- name: ssl
secret:
secretName: traefik-cert
- name: config
configMap:
name: traefik-conf
containers:
- image: traefik:v2.5.3
name: traefik
ports:
- name: http
containerPort: 80
hostPort: 80
- name: https
containerPort: 443
hostPort: 443
- name: admin
containerPort: 8080
hostPort: 8080
securityContext:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
livenessProbe:
failureThreshold: 3
httpGet:
path: /ping
port: 8080
scheme: HTTP
initialDelaySeconds: 10
periodSeconds: 10
timeoutSeconds: 3
args:
# Enable the dashboard without requiring a password. Not recommended
# for production.
- --api.insecure
- --api.dashboard=true
- --ping=true

    # Specify that we want to use Traefik as an Ingress Controller.
    - --providers.kubernetesingress

    # Define two entrypoint ports, and setup a redirect from HTTP to HTTPS.
    #- --entrypoints.traefik.address=:8080
    - --configfile=/config/traefik.toml
    - --entryPoints.web.address=:80
    - --entryPoints.websecure.address=:443
    - --entrypoints.web.http.redirections.entryPoint.to=websecure
    - --entrypoints.web.http.redirections.entryPoint.scheme=https
    - --entrypoints.web.http.redirections.entrypoint.permanent=true

    # Metricas e Logs
    - --accesslog=true
    - --log=true
    - --metrics=true
    - --log.level=INFO
    - --metrics.prometheus=true

ubuntu@harbor:~/Traefik-v2-TLS$ cat traefik-ingress.yaml

apiVersion: traefik.containo.us/v1alpha1
kind: TLSStore
metadata:
name: default
namespace: kube-system
spec:
defaultCertificate:
secretName: traefik-cert

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: traefik
namespace: kube-system
annotations:
kubernetes.io/ingress.class: traefik
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.ingress.kubernetes.io/router.tls.certresolver: default
spec:
tls:
- secretName: traefik-cert
rules:
- host: traefik.tcemt.tc.br
http:
paths:
- backend:
serviceName: traefik
servicePort: 80

ubuntu@harbor:~/Traefik-v2-TLS$ cat traefik-conf.yaml

apiVersion: v1
data:
traefik.toml: |
# traefik.toml
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/tls.crt"
KeyFile = "/ssl/tls.key"
kind: ConfigMap
metadata:
managedFields:

  • apiVersion: v1
    fieldsType: FieldsV1
    fieldsV1:
    f:data:
    .: {}
    f:traefik.toml: {}
    manager: kubectl-create
    operation: Update
    name: traefik-conf
    namespace: kube-system