I am experiencing some issue setting up the following configuration using traefik v2 (I have tested both branches 2.1 and 2.2).
I have set up traefik (deployed in docker-compose) on the frontend to act as a loadbalancer. I am using a dynamic configuration based on the file provider.
The traffic is routed using that traefic to a K8s cluster that is using traefik as an ingress controller, deployed as a daemonset.
The loadbalacing is used for balancing both the various ingress and also the K8s API. The loadbalancing is done correctly for the K8s API using a TCP router in order to let the K8s nodes do the TLS termninaison.
But I haven't been able to reach any website (I get a 404 error) exposed by the K8s cluster using either tcp or http router.
I guess the ingress is done correctly, because I am able to contact the webserver when connected on the K8s cluster.
Here are the various configurarion file I have. Please note that 10.68.134.105 is the IP of one of my K8s controller, and yes traefik is running on it, I have checked that. And I am confirming that while requesting locally with a simple curl on 127.0.0.1 port 80 (and the hostname I want to reach in header) the websites I am trying to expose...
static traefik.yml configuration
api: insecure: true dashboard: true log: level: "DEBUG" filePath: "/logs/traefik/traefik.log" accessLog: filePath: "/logs/traefik/access.log" providers: file: directory: "/etc/traefik/file-provider/" watch: true entryPoints: web: address: ":80" forwardedHeaders: insecure: true websecure: address: ":443" forwardedHeaders: insecure: true k8s: address: ":6443" forwardedHeaders: insecure: true
The dynamic configuration for http on port 80
http: routers: router-web: entryPoints: - web rule: "Host(`*`)" service: service-web services: service-web: loadBalancer: servers: - url: "http://10.68.134.105:80"
The dynamic configruation for https on port 443 (so using tcp because I don't want my traefik loadbalancer to do the SSL terminaison)
tcp: routers: router-websecure: entryPoints: - websecure rule: "HostSNI(`*`)" service: service-websecure tls: passthrough: true services: service-websecure: loadBalancer: servers: - address: "10.68.134.105:443"
I am just posting (for completion of my configuraiton) here the dynamic configuration used for the K8s loadbalancing which is working.
tcp: routers: router-k8s: entryPoints: - k8s rule: "HostSNI(`*`)" service: service-k8s tls: passthrough: true services: service-k8s: loadBalancer: servers: - address: "10.68.134.105:6443"
Does anyone has a clue of the error ? because I am loosing the last hair I have trying to figure out the issues