Traefik in kubernetes

Traefik Traefik v1
1

Hi,

I try to use traefik in kubernetes.

However, when I try to start my treafik pods I get an error:

"Unable to obtain ACME certificate for domains "*****" : cannot get ACME client ACME challenge not specified, please select TLS or HTTP or DNS Challenge" providerName=acme

In my traefik.toml I have:

[acme]
    email = "***hidden***"
    storageFile = "/acme/acme.json"
    entryPoint = "https"
    onDemand = true
    onHostRule = true
    caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
      [acme.httpChallenge]
       entryPoint = "http"
   [[acme.domains]]
    main = "***hidden***"

"Static configuration loaded" from debug output gives:

..."ACME":{
        "Email":"***hidden***",
        "ACMELogging":true,
        "CAServer":"https://acme-staging-v02.api.letsencrypt.org/directory",
        "Storage":"/acme/acme.json",
        "EntryPoint":"https",
        "KeyType":"",
        "OnHostRule":true,
        "DNSChallenge":null,
        "HTTPChallenge":{
            "EntryPoint":""
        },
        "TLSChallenge":null,
        "Domains":[
            {
                "Main":"***hidden***",
                "SANs":null
            }]
    }

First question: What is wrong in this config?

Second question: After this step traefik is still not visible from outside. Is it okay to create the ingress rules afterwards as in the blog suggested?

pirat8

2

I mean this blog:


BTW I use image: containous/traefik:experimental

3

Ok, I think I solved it. The problem was, that I started traefik with the commandline option
–acme.httpchallenge=true
This option seems to raise this error. When I omit this option traefik starts successful.

4

I’m a new user here and can only put two links in message, so I try another reply for further problems…

I added a LoadBlancer in front of traefik service and added a A record in route53 in aws.
In route53 I have now two entries:

  1. rose.mmm.io pointing to the Loadbalancer IP
  2. *.rose.mmm.io pointing to the Loadbalancer IP too

In my traefik.toml I have the following line:
main = “rose.mmm.io

5

In my ingress.yaml I have:

- host: whoami.rose.mmm.io
  http:
    paths:
      - backend:
          serviceName: whoami
          servicePort: 80
- host: kubia.rose.mmm.io
  http:
    paths:
      - backend:
          serviceName: kubia
          servicePort: 80
6

The problem: I can request both services from internal kubernetes network, but when I call kubia.rose.mmm.io from outside via curl and https :
I see in the traefik logs:
Serving default certificate for request: “kubia.rose.mmm.io

But I get
“404 page not found”

The same curl request from inside kubernetes gives me the service-content.

What could be wrong? And how to debug this further?

10

The containous/traefik:experimental is very old and unstable image, and I recommend to don’t use it.

Please use the Official Docker image: traefik:v1.7.12

To help you to debug, use the API, the Dashboard, and the logs.

I recommend to read our tutorial: https://docs.traefik.io/user-guide/kubernetes/

If you cannot fix your problem, provide your complete configuration (toml, ingress files, etc.) and logs.

2 Likes
11

Indeed! Changing the traefik-image was enough. Same configuration and it works. Thank you.

1 Like