I am using Traefik as an ingress in my Kubernetes cluster. I have set up the routes using the IngressRoute CRD, and every application has its subdomain, such as traefik.mydomain.com, argocd.mydomain.com, my-app.mydomain dot com.
I can access the Traefik dashboard behind traefik.mydomain dot com without any trouble. Furthermore, I can also access my-app.mydomain dot com.
The problem is that I can't access my-app.mydomain dot com/api because it returns 401 unauthorized. If I change the prefix to my-app.subdomain dot com/v1, no problem. The reason I think it's because of Traefik is that when I try to access argocd.mydomain dot com, instead of requesting my ArgoCD credentials, I have to input my Traefik credentials and it works. Well not completely as it messes the call to the dashboard, but the password requested is my Traefik credentials.
Could you please help me out?
Here is the config for my traefik setup, using the helm chart, as well as the route for ArgoCD's dashboard. Do you think anything wrong in this setup?
Traefik's values.yaml
traefik:
deployment:
enabled: true
kind: Deployment # -- Deployment or DaemonSet
replicas: 1
ingressRoute:
dashboard:
enabled: true
matchRule: Host(`traefik.mydomain dot com`)
entryPoints: ["websecure"]
# Add custom middlewares : authentication and redirection
middlewares:
- name: traefik-dashboard-basicauth
ports:
web:
redirectTo:
port: websecure
websecure:
tls:
enabled: true
providers:
kubernetesCRD:
enabled: true
allowExternalNameServices: false
namespaces: []
kubernetesIngress:
enabled: false
rbac:
enabled: true
service:
enabled: true
type: LoadBalancer
annotations: {}
labels: {}
spec:
loadBalancerIP: ###.###.##.###
loadBalancerSourceRanges: []
externalIPs: []
tlsStore:
default:
defaultCertificate:
secretName: mydomain-production-tls
ArgoCD dashboard's route
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: argocd-server
namespace: argocd
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`argocd.mydomain dot com`)
priority: 10
services:
- name: argocd-server
port: 80
scheme: http
- kind: Rule
match: Host(`argocd.mydomain dot com`) && Headers(`Content-Type`, `application/grpc`)
priority: 11
services:
- name: argocd-server
port: 80
scheme: h2c
tls:
secretName: mydomain-production-tls