Traefik 2 is unable to route to its Dashboard

santiagopoli · October 18, 2019, 3:44pm

Hi there, can someone help me with a simple case? I’m experimenting with Traefik 2 to determine how hard would it be to migrate from 1.7 to 2.0, but I’m struggling with a simple example.
Here is my traefik deployment:

---
kind: Deployment
apiVersion: extensions/v1beta1
metadata:
  name: traefik
  namespace: infrastructure
  labels:
    app: traefik2
spec:
  replicas: 2
  selector:
    matchLabels:
      app: traefik2
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 0
      maxSurge: 2
  template:
    metadata:
      labels:
        app: traefik2
    spec:
      serviceAccountName: traefik2
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik:2.0.2
        name: traefik
        readinessProbe:
          httpGet:
            path: /
            port: 8080
        ports:
        - name: http
          containerPort: 80
        - name: https
          containerPort: 443
        - name: api
          containerPort: 8080
        args:
        - --api=true
        - --api.insecure=true
        - --log=true
        - --log.level=DEBUG
        - --providers.kubernetescrd=true
        - --metrics.prometheus=true
        - --metrics.prometheus.buckets=0.0010,0.0020,0.0040,0.0080,0.0160,0.0320,0.0640,0.1280,0.2560,0.5120,1.0240,2.0480,4.0960
        - --serverstransport.maxidleconnsperhost=10000
        - --entrypoints.http=true
        - --entrypoints.http.address=:80
        - --entrypoints.http.proxyprotocol=true
        - --entrypoints.http.proxyprotocol.trustedips=10.111.0.0/16
        - --entrypoints.https=true
        - --entrypoints.https.address=:443
        - --entrypoints.https.proxyprotocol=true
        - --entrypoints.https.proxyprotocol.trustedips=10.111.0.0/16

Here is my Traefik (API) service

---
kind: Service
apiVersion: v1
metadata:
  name: traefik-api
  namespace: infrastructure
  labels:
    app: traefik2
spec:
  type: ClusterIP
  selector:
    app: traefik2
  ports:
  - name: api
    port: 8080
    protocol: TCP
    targetPort: api

Here's my IngressRoute

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik
  namespace: infrastructure
spec:
  entryPoints:
  - http
  - https
  routes:
  - match: Host(`traefik.domain.com`) && PathPrefix(`/`)
    kind: Rule
    services:
    - name: traefik-api
      port: 8080

And finally, my Traefik Service

---
kind: Service
apiVersion: v1
metadata:
  name: traefik
  namespace: infrastructure
  labels:
    app: traefik2
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*"
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "tcp"
    service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "https"
    service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled: "true"
spec:
  type: LoadBalancer
  externalTrafficPolicy: Cluster
  selector:
    app: traefik2
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: http
  - name: https
    port: 443
    protocol: TCP
    targetPort: https

However, If I hit my load balancer with the ‘traefik.domain.com’ Host Header, it returns 404 (so the request reaches Traefik, but is not routed correctly) instead of the Traefik Dashboard

How can I troubleshoot this type of errors? Both the HTTP Router and the Service are shown and appear as healthy in the dashboard (I can access the dashboard by doing kubectl port-forward)

Creating an IngressRoute pointing to another service works as expected, but I can’t get the Traefik dashboard to work

Thanks!

dduportal · October 20, 2019, 3:15pm

Hi @santiagopoli, could you remove the 2nd part of the rule and try again please (with only the hostname)?

santiagopoli · October 21, 2019, 1:39pm

It didn't work, same 404

I have another IngressRoute that works, but is for another service:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: grafana
  namespace: infrastructure
spec:
  entryPoints:
  - http
  - https
  routes:
  - match: Host(`metrics.example.com`) && PathPrefix(`/`)
    kind: Rule
    services:
    - name: grafana
      port: 80  
    middlewares:
    - name: auth-global-private

santiagopoli · October 21, 2019, 1:42pm

I've tried deleting the other IngressRoute (the Grafana one) and it didn't work as well, so I don't think it's a routing conflict.

dduportal · October 23, 2019, 2:40pm

Mmmh it's weird, I might be missing something but it looks right at quick sight.

2 other things to try:

What are the log of the traefik2 pod saying? Can ensure it is set on debug, and deploy it?
Can you try with only 1 replica for the traefik2 deployment?

=> For information, we have a helm chart currently in "incubation" at https://github.com/containous/traefik-helm-chart that do almost the same config, it might help to compare resulting YAMLs

zespri · January 16, 2020, 1:36am

So --api.insecure=true is not recommended

How does one make traefik dashboard work in kubernetes without it?

zespri · January 16, 2020, 1:38am

Never mind, answered here

Topic		Replies	Views
Unable to route to Traefik2 dashboard through IngressRoute without insecure API Traefik v2 kubernetes-crd , dashboard-api	2	3333	November 28, 2019
New deployment on Kubernetes just results in 503's Traefik v2 kubernetes-ingress	0	490	February 3, 2020
404 Help, please Traefik v2 kubernetes-crd	4	3093	October 28, 2020
Kubernetes CRD route trouble Traefik v2 kubernetes-crd	6	6038	July 10, 2020
Unable to connect to traefik dashboard Traefik v2 file , kubernetes-ingress	1	660	September 20, 2022

Traefik 2 is unable to route to its Dashboard

Related topics