When using a ConfigMap for the *toml file traefik is not enabling api/dashboard

groenator · November 3, 2020, 12:30pm

Hi,

I have configured traefik 2.3 in k8s using the official documentation. Using the examples in the docs worked very well. I decided to move the configuration from the container arguments into a *.toml file and create a configMap for it. One issue I am encountering now is that I cannot enable the dashboard nor the API.

Deamonset configuration file:

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller

---
apiVersion: v1
data:
  traefik.toml: |
    [accessLog]
    [api]
      dashboard = true
      debug = true
    [ping]
    [log]
      level = "DEBUG"
      filePath = "/var/log/access.log"
    [entryPoints]
      [entryPoints.web]
        address = ":80"
      [entryPoints.web.http.redirections.entryPoint]
        to = "websecure"
        scheme = "https"
        permanent = true
      [entryPoints.websecure]
        address = ":443"
      [entryPoints.websecure.http.tls]
          certResolver = "le"
    [certificatesResolvers.le.acme]
      email = "email@gmail.com"
      storage = "/cert/acme.json"
      [certificatesResolvers.le.acme.httpChallenge]
        entryPoint = "web"
kind: ConfigMap
metadata:
  creationTimestamp: null
  name: traefik-config

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
 name: traefik-ingress-controller
 labels:
   k8s-app: traefik-ingress-lb
   kubernetes.io/cluster-service: "true"
spec:
 selector:
   matchLabels:
      k8s-app: traefik-ingress-lb
 template:
  metadata:
    labels:
      k8s-app: traefik-ingress-lb
      name: traefik-ingress-lb
  spec:
    hostNetwork: true
    dnsPolicy: ClusterFirstWithHostNet
    serviceAccountName: traefik-ingress-controller
    terminationGracePeriodSeconds: 60
    tolerations:
    - key: node-role.kubernetes.io/master
      effect: NoSchedule
    containers:
    - image: traefik:v2.3.2
      name: traefik-ingress-lb
      imagePullPolicy: Always
      volumeMounts:
        - mountPath: "/cert/"
          name: cert
        - mountPath: "/etc/traefik/"
          name: traefik-config
      resources:
        requests:
          cpu: 100m
          memory: 20Mi
      ports:
       - name: web
         containerPort: 80
       - name: websecure
         containerPort: 443
       - name: api
         containerPort: 8080
      args:
      - --providers.file.directory=/etc/traefik
      - --providers.file.watch=true
      - --providers.kubernetescrd
    volumes:
    - name: cert
      hostPath:
        path: /data/traefik/certs/
        type: Directory
    - name: traefik-config
      configMap:
        name: traefik-config

Traefik log file:

time="2020-11-03T00:32:05Z" level=info msg="Traefik version 2.3.2 built on 2020-10-19T18:36:22Z"
time="2020-11-03T00:32:05Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"websecure\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483647}}}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{\"tls\":{\"certResolver\":\"le\"}}}},\"providers\":{\"providersThrottleDuration\":2000000000},\"api\":{\"dashboard\":true,\"debug\":true},\"ping\":{\"entryPoint\":\"traefik\",\"terminatingStatusCode\":503},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"/var/log/access.log\",\"format\":\"common\"},\"accessLog\":{\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"certificatesResolvers\":{\"le\":{\"acme\":{\"email\":\"email@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/cert/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"}}}}}"
time="2020-11-03T00:32:05Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2020-11-03T00:32:05Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2020-11-03T00:32:05Z" level=debug msg="Start TCP Server" entryPointName=traefik
time="2020-11-03T00:32:05Z" level=debug msg="Start TCP Server" entryPointName=websecure
time="2020-11-03T00:32:05Z" level=debug msg="Start TCP Server" entryPointName=web
time="2020-11-03T00:32:05Z" level=info msg="Starting provider *traefik.Provider {}"
time="2020-11-03T00:32:05Z" level=info msg="Starting provider *acme.Provider {\"email\":\"email\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/cert/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"},\"ResolverName\":\"le\",\"store\":{},\"ChallengeStore\":{}}"
time="2020-11-03T00:32:05Z" level=info msg="Testing certificate renew..." providerName=le.acme
time="2020-11-03T00:32:05Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"routers\":{\"ping\":{\"entryPoints\":[\"traefik\"],\"service\":\"ping@internal\",\"rule\":\"PathPrefix(`/ping`)\",\"priority\":2147483647},\"web-to-websecure\":{\"entryPoints\":[\"web\"],\"middlewares\":[\"redirect-web-to-websecure\"],\"service\":\"noop@internal\",\"rule\":\"HostRegexp(`{host:.+}`)\",\"priority\":2147483647}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{},\"ping\":{}},\"middlewares\":{\"redirect-web-to-websecure\":{\"redirectScheme\":{\"scheme\":\"https\",\"port\":\"443\",\"permanent\":true}}},\"models\":{\"websecure\":{\"tls\":{\"certResolver\":\"le\"}}}},\"tcp\":{},\"tls\":{}}" providerName=internal
time="2020-11-03T00:32:05Z" level=debug msg="Configuration received from provider le.acme: {\"http\":{},\"tls\":{}}" providerName=le.acme
time="2020-11-03T00:32:05Z" level=debug msg="Added outgoing tracing middleware ping@internal" middlewareType=TracingForwarder middlewareName=tracing entryPointName=traefik routerName=ping@internal
time="2020-11-03T00:32:05Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-11-03T00:32:05Z" level=debug msg="Added outgoing tracing middleware noop@internal" entryPointName=web routerName=web-to-websecure@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-11-03T00:32:05Z" level=debug msg="Creating middleware" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme
time="2020-11-03T00:32:05Z" level=debug msg="Setting up redirection to https 443" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme
time="2020-11-03T00:32:05Z" level=debug msg="Adding tracing to middleware" entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal
time="2020-11-03T00:32:05Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-11-03T00:32:05Z" level=debug msg="No default certificate, generating one"
time="2020-11-03T00:32:05Z" level=debug msg="Adding certificate for domain(s) domain.com"
time="2020-11-03T00:32:05Z" level=debug msg="No default certificate, generating one"
time="2020-11-03T00:32:05Z" level=debug msg="Added outgoing tracing middleware noop@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=web routerName=web-to-websecure@internal
time="2020-11-03T00:32:05Z" level=debug msg="Creating middleware" middlewareType=RedirectScheme entryPointName=web routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal
time="2020-11-03T00:32:05Z" level=debug msg="Setting up redirection to https 443" routerName=web-to-websecure@internal middlewareName=redirect-web-to-websecure@internal middlewareType=RedirectScheme entryPointName=web
time="2020-11-03T00:32:05Z" level=debug msg="Adding tracing to middleware" middlewareName=redirect-web-to-websecure@internal routerName=web-to-websecure@internal entryPointName=web
time="2020-11-03T00:32:05Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-11-03T00:32:05Z" level=debug msg="Added outgoing tracing middleware ping@internal" entryPointName=traefik routerName=ping@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-11-03T00:32:05Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareType=Recovery middlewareName=traefik-internal-recovery
time="2020-11-03T00:34:39Z" level=info msg="Traefik version 2.3.2 built on 2020-10-19T18:36:22Z"
time="2020-11-03T00:34:39Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"websecure\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483647}}}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{\"tls\":{\"certResolver\":\"le\"}}}},\"providers\":{\"providersThrottleDuration\":2000000000},\"api\":{\"dashboard\":true,\"debug\":true},\"ping\":{\"entryPoint\":\"traefik\",\"terminatingStatusCode\":503},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"/var/log/access.log\",\"format\":\"common\"},\"accessLog\":{\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"certificatesResolvers\":{\"le\":{\"acme\":{\"email\":\"email@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/cert/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"}}}}}"
time="2020-11-03T00:34:39Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2020-11-03T00:34:46Z" level=info msg="Traefik version 2.3.2 built on 2020-10-19T18:36:22Z"
time="2020-11-03T00:34:46Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"websecure\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483647}}}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{\"tls\":{\"certResolver\":\"le\"}}}},\"providers\":{\"providersThrottleDuration\":2000000000},\"api\":{\"dashboard\":true,\"debug\":true},\"ping\":{\"entryPoint\":\"traefik\",\"terminatingStatusCode\":503},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"/var/log/access.log\",\"format\":\"common\"},\"accessLog\":{\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"certificatesResolvers\":{\"le\":{\"acme\":{\"email\":\"email@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/cert/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"}}}}}"
time="2020-11-03T00:34:46Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2020-11-03T00:35:25Z" level=info msg="Traefik version 2.3.2 built on 2020-10-19T18:36:22Z"
time="2020-11-03T00:35:25Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{\"redirections\":{\"entryPoint\":{\"to\":\"websecure\",\"scheme\":\"https\",\"permanent\":true,\"priority\":2147483647}}}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{},\"http\":{\"tls\":{\"certResolver\":\"le\"}}}},\"providers\":{\"providersThrottleDuration\":2000000000},\"api\":{\"dashboard\":true,\"debug\":true},\"ping\":{\"entryPoint\":\"traefik\",\"terminatingStatusCode\":503},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"/var/log/access.log\",\"format\":\"common\"},\"accessLog\":{\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}},\"certificatesResolvers\":{\"le\":{\"acme\":{\"email\":\"email@gmail.com\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/cert/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"}}}}}"
time="2020-11-03T00:35:25Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"

Inside the container, I have only these variables available, the variables for the DASHBOARD are missing.

export -p
export HOME='/root'
export KUBERNETES_PORT='tcp://10.96.0.1:443'
export KUBERNETES_PORT_443_TCP='tcp://10.96.0.1:443'
export KUBERNETES_PORT_443_TCP_ADDR='10.96.0.1'
export KUBERNETES_PORT_443_TCP_PORT='443'
export KUBERNETES_PORT_443_TCP_PROTO='tcp'
export KUBERNETES_SERVICE_HOST='10.96.0.1'
export KUBERNETES_SERVICE_PORT='443'
export KUBERNETES_SERVICE_PORT_HTTPS='443'
export PATH='/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
export PWD='/'
export SHLVL='1'
export TERM='xterm'

From the logs, I see that the dashboard is set to true however, the api@internal service is not created. What am I missing?

With version 2.3 can I create a ConfigMap for the *toml file instead of using the container arguments? When I used the container arguments everything worked well.

Thank you for your time,

Regards,

groenator · November 17, 2020, 11:26am

I manage to make it work by following this blog:

Topic		Replies	Views
Dashboard is not working and unable to access application using https Traefik v2 kubernetes-ingress	14	2211	June 8, 2021
Enable auth based traefik dashboard Traefik v2 file , dashboard-api	5	951	June 29, 2021
Deploying Traefik via Helm - 404s for Dashboard and API Traefik v2 kubernetes-crd , dashboard-api	2	970	August 13, 2020
GKE v2 Dashboard & Redirect + Middleware with no effects Traefik v2 kubernetes-crd , dashboard-api , middleware	10	1742	December 4, 2019
Minimal config parameters for Traefik v2 Traefik v2 docker	1	509	March 5, 2020

When using a ConfigMap for the *toml file traefik is not enabling api/dashboard

Related topics