Hello !
I am experiencing some issue setting up the following configuration using traefik v2 (I have tested both branches 2.1 and 2.2).
I have set up traefik (deployed in docker-compose) on the frontend to act as a loadbalancer. I am using a dynamic configuration based on the file provider.
The traffic is routed using that traefic to a K8s cluster that is using traefik as an ingress controller, deployed as a daemonset.
The loadbalacing is used for balancing both the various ingress and also the K8s API. The loadbalancing is done correctly for the K8s API using a TCP router in order to let the K8s nodes do the TLS termninaison.
But I haven't been able to reach any website (I get a 404 error) exposed by the K8s cluster using either tcp or http router.
I guess the ingress is done correctly, because I am able to contact the webserver when connected on the K8s cluster.
Here are the various configurarion file I have. Please note that 10.68.134.105 is the IP of one of my K8s controller, and yes traefik is running on it, I have checked that. And I am confirming that while requesting locally with a simple curl on 127.0.0.1 port 80 (and the hostname I want to reach in header) the websites I am trying to expose...
static traefik.yml configuration
api:
insecure: true
dashboard: true
log:
level: "DEBUG"
filePath: "/logs/traefik/traefik.log"
accessLog:
filePath: "/logs/traefik/access.log"
providers:
file:
directory: "/etc/traefik/file-provider/"
watch: true
entryPoints:
web:
address: ":80"
forwardedHeaders:
insecure: true
websecure:
address: ":443"
forwardedHeaders:
insecure: true
k8s:
address: ":6443"
forwardedHeaders:
insecure: true
The dynamic configuration for http on port 80
http:
routers:
router-web:
entryPoints:
- web
rule: "Host(`*`)"
service: service-web
services:
service-web:
loadBalancer:
servers:
- url: "http://10.68.134.105:80"
The dynamic configruation for https on port 443 (so using tcp because I don't want my traefik loadbalancer to do the SSL terminaison)
tcp:
routers:
router-websecure:
entryPoints:
- websecure
rule: "HostSNI(`*`)"
service: service-websecure
tls:
passthrough: true
services:
service-websecure:
loadBalancer:
servers:
- address: "10.68.134.105:443"
I am just posting (for completion of my configuraiton) here the dynamic configuration used for the K8s loadbalancing which is working.
tcp:
routers:
router-k8s:
entryPoints:
- k8s
rule: "HostSNI(`*`)"
service: service-k8s
tls:
passthrough: true
services:
service-k8s:
loadBalancer:
servers:
- address: "10.68.134.105:6443"
Does anyone has a clue of the error ? because I am loosing the last hair I have trying to figure out the issues