Traefik on kubernetes, stuck to access dashboard

agp · July 5, 2022, 8:18am

Hi,

I'm trying to deploy traefik on kuebernetes cluster. I'm using the helm chart to deploy it. All is ready and working except the traefik dashboard !!!

I get it working using the 9000 port when I expose it in sevice. But I want to remove this exposed port and use api@internal (just like I use it in docker swarm). But traefik send me 404 to all requests to my dashboard FQDN.

traefik is running in a dedicated namespace, not in kube-system.

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik
  namespace: traefik-system
  annotations:
    kubernetes.io/ingress.class: traefik
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`traefik.domain.local`)
      kind: Rule
      services:
        - kind: TraefikService
          name: api@internal

Traefik is deployed with this arguments:

args:
            - '--entrypoints.metrics.address=:9101/tcp'
            - '--entrypoints.traefik.address=:9000/tcp'
            - '--entrypoints.web.address=:80/tcp'
            - '--entrypoints.websecure.address=:443/tcp'
            - '--api.dashboard=true'
            - '--ping=true'
            - '--metrics.prometheus=true'
            - '--metrics.prometheus.entrypoint=metrics'
            - '--providers.kubernetescrd'
            - '--providers.kubernetescrd.allowCrossNamespace=true'
            - '--providers.kubernetesingress'
            - '--accesslog=true'
            - '--accesslog.format=json'
            - '--accesslog.fields.defaultmode=keep'
            - '--accesslog.fields.headers.defaultmode=drop'
            - '--providers.kubernetesingress.ingressclass=traefik'
            - '--api=true'
            - '--api.insecure=true'
            - '--serversTransport.insecureSkipVerify=true'

I have tried to use web (80) instead of websecure to avoid any problems with certificates without any success.

This commands returns nothing. Is it normal ?

kubectl -n traefik-system get traefikservices.traefik.containo.us 
No resources found in traefik-system namespace.

When I can reach the dashboard using the exposed 9000 port, I can see the api@internal service in "http services" tab.

Any idea pleeaaassseee ??

moutoum · July 5, 2022, 9:02am

Hi @agp,

Thanks for your interest in Traefik.

Just looking at the IngressRoute resource you describe, and I see some issues:

traefik annotation are not working on IngressRoutes, they are effective only on native Ingresses.
You can find the IngressRoute specifications in our documentation.. Note: the ingress class annotation is not a traefik one, so you can keep it.
In spec.entryPoints, you specified only the websecure endpoint, so the router will not be appended to the web entrypoint.

Let me know if it helps.

Thanks,
Maxence

agp · July 5, 2022, 9:52am

ok I have removed all annotations and added the web entrypoint without any success.

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik
  namespace: traefik-system
spec:
  entryPoints:
    - web
    - websecure
  routes:
    - match: Host(`traefik.domain.local`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
      kind: Rule
      services:
        - kind: TraefikService
          name: api@internal

In comparison with a docker swarm cluster, the port 9000 is not exposed and is not used by traefik. The service is using api@internal. The kubernetes cluster is in the same configuration but the dashboard is reachable. Traefik starts the port 9000, 80, 443, and a service called api@internal (which I can't find with kubectl). is there a way to verify if api@internal is well created and its kind is TraefikService ??

The dashboard is working only if I use a standard ingress with the port 9000 exposed.

moutoum · July 6, 2022, 3:43pm

Hi @agp,

Your ingress route is better so far.
Here is a configuration that is working on my side.

kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik-deployment
  labels:
    app: traefik

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-account
      containers:
        - name: traefik
          image: traefik:v2.7
          args:
            - --log.level=debug
            - --api.insecure=false
            - --api.dashboard=true
            - --providers.kubernetescrd
            - --entrypoints.web.address=:80
          ports:
            - name: web
              containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-web-service

spec:
  type: LoadBalancer
  ports:
    - targetPort: web
      port: 80
  selector:
    app: traefik
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: traefik
spec:
  entryPoints:
    - web
  routes:
    - match: Host(`match.example.com`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
      kind: Rule
      services:
        - kind: TraefikService
          name: api@internal

It is a bit simpler than yours, but could check that your configuration is similar and that the one I gave you in working?

NOTE: when accessing the dashboard in your browser, be sure to add a trailing / at the end. e.g: example.com/dashboard/

Thanks,
Maxence

agp · July 11, 2022, 10:01am

Hello,

sorry for the time. The dashboard is not working with any of above configuration with api@internal and ingress route. It needs to expose port 9000 to access to dashboard using http/9000 port.

I don't know why traefik can not use its api@internal endpoint ??

moutoum · July 11, 2022, 1:03pm

Hi @agp,

I don't understand why it is not working. Could you please share your latest configuration (static, dynamic, services, ingresses)?

Thanks,
Maxence

agp · July 18, 2022, 8:28am

Hello. I will prepare all configuration to post here.

I'm currently trying to create a standalone test k8s where I could try multiple configurations without blocking the prod service.

m4dm4rtig4n · July 18, 2022, 11:31am

Same problem here, i have reinstall traefik with last helm chart (GitHub - traefik/traefik-helm-chart: Traefik v2 helm chart / 10.24.0) and I can no longer activate the dashboard...

Even with a local ip (loadbalancer):9000/dashboard/ => 404

While in the logs in debug mode I can see that it is activated :

  "api": {
    "dashboard": true
  },

PS : Port 9000 is well exposed :

ports:
  traefik:
    port: 9000    
    expose: true
    exposedPort: 9000
    protocol: TCP

If have fix access on local with :

additionalArguments:
  - "--api.insecure=true"

Topic		Replies	Views
K8s: dashboard@internal: where daes it come from? Traefik v2 (latest) kubernetes-crd	1	727	September 2, 2021
Exposing traefik v2 dashboard on local k8s cluster does not work properly! Traefik v2 (latest) docker , kubernetes-ingress	2	1024	November 18, 2021
Unable use kubernetes Ingress to visit dashboard Traefik v2 (latest) kubernetes-ingress , dashboard-api	0	382	August 26, 2022
Two instances of traefik on kubernetes cluster, no dashboard Traefik v2 (latest) kubernetes-ingress , dashboard-api	0	312	February 27, 2023
404 Not Found on Traefik Dashboard via http on local Kubernetes Cluster Traefik v2 (latest) kubernetes-ingress	2	1869	November 23, 2021

Traefik on kubernetes, stuck to access dashboard

Related Topics