Hi I am setting up a test K3s cluster on Proxmox VMs and everything seems to be up and running. I have added Traffic using helm with the following values.yaml:
globalArguments:
- "--global.sendanonymoususage=false"
- "--global.checknewversion=false"
additionalArguments:
- "--serversTransport.insecureSkipVerify=true"
- "--log.level=INFO"
deployment:
enabled: true
replicas: 3
annotations: {}
podAnnotations: {}
additionalContainers: []
initContainers: []
ports:
web:
redirectTo: websecure
websecure:
tls:
enabled: true
ingressRoute:
dashboard:
enabled: false
providers:
kubernetesCRD:
enabled: true
ingressClass: traefik-external
allowExternalNameServices: true
kubernetesIngress:
enabled: true
allowExternalNameServices: true
publishedService:
enabled: false
rbac:
enabled: true
service:
enabled: true
type: LoadBalancer
annotations: {}
labels: {}
spec:
loadBalancerIP: 192.168.1.40 # this should be an IP in the MetalLB range
loadBalancerSourceRanges: []
externalIPs: []
I then created a secret:
apiVersion: v1
kind: Secret
metadata:
name: traefik-dashboard-auth
namespace: traefik
type: Opaque
data:
users: YWRtaW46JGFwcjEkWGJwWE9MWkUkNHpHTzNjWFk2cE93SWhURUVIUkZoMQoK
I then added some middleware:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: traefik-dashboard-basicauth
namespace: traefik
spec:
basicAuth:
secret: traefik-dashboard-auth
removeHeader: true
and finally a ingress route:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard
namespace: traefik
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`traefik.merwood.com`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
# tls:
# secretName: local-example-com-staging-tls
It all applies cleanly and I can see the objects. If I point my browser at traffic.merwood.com I get a login prompt - but no matter what I type I can never get the username/password to be accepted. I have regerneated the password string using:
htpasswd -nb username password | openssl base64
and updated the secret. No Joy.
I have tried removing the middleware from the ingressroute which I think should remove the authentication but I still get prompted for a password - I don't understand this?
I have a second live cluster with almost exactly the same setup configured and working - I can login with username and password and get to the dashboard. I have compared the setup and even copied elements from the working config to the non-working test setup but I can't get basicauth to work with the dashboard.
I am clearly making a fundamental mistake here? Help???