Traefik v2.1 Configuration for HTTPs support with Kubernetes Ingress

Hello,

We are trying to migrate from v1.7 to v2.1, and we can't find the way to setup the HTTPs redirect but also serve our Ingress on HTTPs.

So we understood the TLS options and the redirect http to https are now set in the routers configuration. These routers are retrieved from the provider kubernetes in our case. And we add in a separate dynamic configuration file the default certificate which is a wildcard on our domain.

We create an Ingress object in Kubernetes for each subdomains / client.

The two problems are:

  • The Ingress services are not served via HTTPs port 443. The response are always 404 (the certificate / TLS is ok though) . This point is weird, because if we look at the dashboard, we see the services are served via the 80 and 443 endpoints... So why are they served only through port 80 HTTP?
  • No HTTPs redirect are configured

How can I add the HTTPs redirect from HTTP and also servce the Ingress from HTTPs?

Is it possible to add some default options on the routers?

Do we need to move from Ingress to IngressRoute?

Thank you

My static config file:

# traefik.toml
[global]
  checkNewVersion = true
  sendAnonymousUsage = false

[providers]
  [providers.kubernetesIngress]

  [providers.file]
    filename = "/dynamic_conf.toml"

[log]
  level = "DEBUG"
  format = "json"

[serversTransport]
  insecureSkipVerify = true

[api]
  dashboard = true
  insecure = true

[entryPoints.web]
  address = ":80"

[entryPoints.websecure]
  address = ":443"

And my dynamic file

[tls]
  [tls.options]
    [tls.options.default]
      sniStrict = true
      minVersion = "VersionTLS12"
      cipherSuites = [
          "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
          "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
          "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
          "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
          "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
          "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
          "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256",
          "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
          ]

  [tls.stores]
    [tls.stores.default]
      [tls.stores.default.defaultCertificate]
        certFile = "/wildcard.XXXX.crt"
        keyFile = "/wildcard.XXXX.key"


  [[tls.certificates]]
    certFile = "/wildcard.XXXX.crt"
    keyFile = "/wildcard.XXXX.key"