Hi, I am running a traefik on my server and want it to function as an ingressprovider to my k8s cluster.
My traefik runs in a docker container on the host. My Cluster (using microk8s) is running on the same machine.
My Docker-Compose-File for traefik:
version: "3.3"
services:
################################################
#### Traefik Proxy Setup #####
###############################################
traefik:
image: traefik:v2.2
restart: always
container_name: traefik
ports:
- "80:80" # <== http
- "8080:8080" # <== :8080 is where the dashboard runs on
- "443:443" # <== https
command:
#### These are the CLI commands that will configure Traefik and tell it how to work! ####
## API Settings - https://docs.traefik.io/operations/api/, endpoints - https://docs.traefik.io/operations/api/#endpoints ##
- --api.insecure=true # <== Enabling insecure api, NOT RECOMMENDED FOR PRODUCTION
- --api.dashboard=true # <== Enabling the dashboard to view services, middlewares, routers, etc...
- --api.debug=true # <== Enabling additional endpoints for debugging and profiling
## Log Settings (options: ERROR, DEBUG, PANIC, FATAL, WARN, INFO) - https://docs.traefik.io/observability/logs/ ##
- --log.level=DEBUG # <== Setting the level of the logs from traefik
## Provider Settings - https://docs.traefik.io/providers/docker/#provider-configuration ##
- --providers.docker=true # <== Enabling docker as the provider for traefik
- --providers.docker.exposedbydefault=false # <== Don't expose every container to traefik, only expose enabled ones
## k8s cluster config
- --providers.kubernetesingress=true
- --providers.kubernetesingress.endpoint=https://external-endpoint-url
- --providers.kubernetesingress.certauthfilepath=/var/snap/microk8s/current/certs/ca.crt
- --providers.kubernetesingress.namespaces=production,staging
- --providers.kubernetesingress.ingressendpoint.hostname=host.name
- --providers.file.filename=/dynamic.yaml # <== Referring to a dynamic configuration file
- --providers.docker.network=web # <== Operate on the docker network named web
- --providers.providersThrottleDuration=10s
## Entrypoints Settings - https://docs.traefik.io/routing/entrypoints/#configuration ##
- --entrypoints.http.address=:80 # <== Defining an entrypoint for port :80 named web
- --entrypoints.https.address=:443 # <== Defining an entrypoint for https on port :443 named web-secured
## Certificate Settings (Let's Encrypt) - https://docs.traefik.io/https/acme/#configuration-examples ##
- --certificatesresolvers.letsencrypt.acme.tlschallenge=true # <== Enable TLS-ALPN-01 to generate and renew ACME certs
- --certificatesresolvers.letsencrypt.acme.email=email@adress.name # <== Setting email for certs
- --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json # <== Defining acme file to store cert information
volumes:
- ./letsencrypt:/letsencrypt # <== Volume for certs (TLS)
- /var/run/docker.sock:/var/run/docker.sock # <== Volume for docker admin
- ./dynamic.yaml:/dynamic.yaml # <== Volume for dynamic conf file, **ref: line 27
networks:
- web # <== Placing traefik on the network named web, to access containers on this network
labels:
#### Labels define the behavior and rules of the traefik proxy for this container ####
- "traefik.enable=true" # <== Enable traefik on itself to view dashboard and assign subdomain to view it
- "traefik.http.routers.api.rule=Host(`monitor.weltenbummler.it`)" # <== Setting the domain for the dashboard
- "traefik.http.routers.api.service=api@internal" # <== Enabling the api to be a service to access
networks:
web:
external: true
In my dashboard it shows KubernetesIngress as a provider.
However, I have no clue, if the cluster actually sees it and can use it.
Here is my corresponding ingress.yaml:
kind: Ingress
apiVersion: networking.k8s.io/v1beta1
metadata:
name: "my"
namespace: production
annotations:
kubernetes.io/ingress.class: "traefik"
traefik.ingress.kubernetes.io/router.tls: "true"
traefik.enable: "true"
traefik.http.routers.myTestProject.rule: "Host(`my.host.name`)"
traefik.http.routers.myTestProject.entrypoints: "https"
traefik.http.routers.myTestProject.tls.certresolver: "letsencrypt"
traefik.http.routers.myTestProject.middlewares: "myTestProject-headers"
traefik.http.routers.myTestProject.service: "myTestProject"
# traefik.http.middlewares.myTestProject-headers.headers.customrequestheaders.X_FORWARDED_PROTO: "https"
# traefik.http.middlewares.myTestProject-headers.headers.customrequestheaders.X_Forwarded-Ssl: "on"
# traefik.http.middlewares.myTestProject-headers.headers.customresponseheaders.X_FORWARDED_PROTO: "https"
# traefik.http.middlewares.myTestProject-headers.headers.customresponseheaders.X_Forwarded-Ssl: "on"
traefik.http.services.myTestProject.loadbalancer.server.port: "2342"
spec:
tls:
- secretName: mySecret
rules:
- host: my.host.name
http:
paths:
- path: ""
backend:
serviceName: myTestProject
servicePort: 2342
What am I missing? How can I debug it?