This feels like a noob problem, but I'm having a hard time getting a few things working moving from v1.7 to v 2.1
Problem 1: I can't get the dashboard to fully load without --api-secure=false (even following the few articles I found on the issue).
Problem 2: My auth config is totally ignored for the dashboard, I never get prompted (I did on 1.7)
Problem 3: My generated cert isn't loaded, the Traefik Default Cert is loaded each time. I'm able to jump onto the container and see the /ssl is being mounted and the two cert files are there.
Here are my config files:
#CRD, RBAC, and Service Account
# All resources definition must be declared
apiVersion: v1
kind: ServiceAccount
metadata:
namespace: apps
name: traefik-ingress-controller
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutes.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRoute
plural: ingressroutes
singular: ingressroute
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: middlewares.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: Middleware
plural: middlewares
singular: middleware
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: ingressroutetcps.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: IngressRouteTCP
plural: ingressroutetcps
singular: ingressroutetcp
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: tlsoptions.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TLSOption
plural: tlsoptions
singular: tlsoption
scope: Namespaced
---
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition
metadata:
name: traefikservices.traefik.containo.us
spec:
group: traefik.containo.us
version: v1alpha1
names:
kind: TraefikService
plural: traefikservices
singular: traefikservice
scope: Namespaced
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.containo.us
resources:
- middlewares
- ingressroutes
- traefikservices
- ingressroutetcps
- tlsoptions
verbs:
- get
- list
- watch
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: traefik-ingress-controller
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
name: traefik-ingress-controller
namespace: apps
#Auth section
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: traefik-dashboard-auth
namespace: apps
spec:
basicAuth:
secret: traefik-secret-auth
---
apiVersion: v1
kind: Secret
metadata:
name: traefik-secret-auth
namespace: apps
data:
users: A BLOCK THAT BASE64 DECODES INTO USER:PASSWORD
---
# Deployment, Service, IngressRoute
kind: Deployment
apiVersion: apps/v1
metadata:
name: traefik-ingress-controller
namespace: apps
spec:
replicas: 1
selector:
matchLabels:
app: traefik-ingress-controller
template:
metadata:
labels:
app: traefik-ingress-controller
spec:
serviceAccountName: traefik-ingress-controller
terminationGracePeriodSeconds: 60
containers:
- name: traefik
image: "traefik:v2.1.1"
args:
- --api
- --api.dashboard=true
- --api.insecure=true
- --accesslog
- --entrypoints.web.Address=:80
- --entrypoints.websecure.Address=:443
- --providers.kubernetescrd=true
- --providers.kubernetesCRD.namespaces=[]
- --providers.kubernetesIngress=true
- --log.level=INFO
ports:
- name: web
containerPort: 80
- name: websecure
containerPort: 443
- name: traefik
containerPort: 8080
volumeMounts:
- name: ssl
mountPath: /ssl
volumes:
- name: ssl
secret:
secretName: traefik-cert
---
kind: Service
apiVersion: v1
metadata:
name: traefik-ingress-controller
namespace: apps
spec:
selector:
app: traefik-ingress-controller
ports:
- protocol: TCP
port: 80
name: web
- protocol: TCP
port: 443
name: websecure
type: LoadBalancer
---
kind: Service
apiVersion: v1
metadata:
name: traefik-dashboard
namespace: apps
spec:
selector:
app: traefik-ingress-controller
ports:
- protocol: TCP
port: 8080
name: traefik
type: LoadBalancer
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: dh-ingressroute
namespace: apps
spec:
entryPoints:
- web
- websecure
- traefik
routes:
- match: PathPrefix(`/api`) || PathPrefix(`/dashboard`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
middlewares:
- name: traefik-dashboard-auth
tls:
certificates:
- certFile: /ssl/tls.crt
keyFile: /ssl/tls.key
---
apiVersion: v1
kind: Secret
metadata:
name: traefik-cert
namespace: apps
type: Opaque
data:
tls.crt: certstuff
tls.key: keystuff
Thank you for any help!