codeaprendiz
commented
4 years ago Hi @sonisaurabh19 , thanks a lot for your valuable response. Yeah I am planning to add such example as well. I will post the example here as comment :) and let you know.
Closed sonisaurabh19 closed 4 years ago
codeaprendiz
commented
4 years ago Hi @sonisaurabh19 , thanks a lot for your valuable response. Yeah I am planning to add such example as well. I will post the example here as comment :) and let you know.
codeaprendiz
commented
4 years ago Hi @sonisaurabh19 , I have added a task for using the pre-existing certs now. Please check this and let me know if this helps.
Let me know if you face any issues. We can improve the document accordingly. You can also check the official docs
I will close the issue if this works.
sonisaurabh19
commented
4 years ago Hi, thanks for doing this quick. I followed the steps as stated with couple minor changes.
✗ mkcert traefik.minikube "*.traefik.minikube" 192.168.64.2
Using the local CA at "/Users/sisuser/Library/Application Support/mkcert" ✨
Warning: the local CA is not installed in the Firefox trust store! ⚠️
Run "mkcert -install" to avoid verification errors ‼️Created a new certificate valid for the following names 📜
Reminder: X.509 wildcards only go one level deep, so this won't match a.b.traefik.minikube ℹ️
The certificate is at "./traefik.minikube+2.pem" and the key at "./traefik.minikube+2-key.pem" ✅
2. Added the base64 key and cert files to ```12-secret.yaml```, I just changed the values i.e. _Add base64 encoded value of you cert.key_ and _Add base64 encoded value of your chained cert.crt_.
3. ```kubectl apply -f 12-secret.yaml```
4. Updated ```35-whoami-ingress-route.yaml```:
> ```
> - match: Host(`traefik.minikube`) && PathPrefix(`/whoami-app-api`)
> ```
5. ```kubectl apply -f .```
6. Setup ```minikube tunnel```
7. Pods
```✗ kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 18d
traefik LoadBalancer 10.98.11.245 10.98.11.245 80:31374/TCP,443:31201/TCP,8080:31166/TCP 4s
whoami ClusterIP 10.110.68.153 <none> 80/TCP 4s
whoami-again ClusterIP 10.111.200.181 <none> 80/TCP 2d4hPlease see the error in traefik.log
✗ kubectl logs traefik-644f4fdf79-877qd
time="2020-07-12T22:16:21Z" level=info msg="Configuration loaded from file: /etc/traefik/traefik.toml"
time="2020-07-12T22:16:21Z" level=info msg="Traefik version 2.1.9 built on 2020-03-23T17:23:17Z"
time="2020-07-12T22:16:21Z" level=debug msg="Static configuration loaded {\"global\":{},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}},\"websecure\":{\"address\":\":443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":10000000000},\"respondingTimeouts\":{\"idleTimeout\":180000000000}},\"forwardedHeaders\":{}}},\"providers\":{\"providersThrottleDuration\":2000000000,\"file\":{\"directory\":\"/var/tf\",\"watch\":true},\"kubernetesCRD\":{}},\"api\":{\"insecure\":true,\"dashboard\":true,\"debug\":true},\"log\":{\"level\":\"DEBUG\",\"format\":\"common\"},\"accessLog\":{\"format\":\"common\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}}}"
time="2020-07-12T22:16:21Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/contributing/data-collection/\n"
time="2020-07-12T22:16:21Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
time="2020-07-12T22:16:21Z" level=debug msg="Start TCP Server" entryPointName=web
time="2020-07-12T22:16:21Z" level=debug msg="Start TCP Server" entryPointName=websecure
time="2020-07-12T22:16:21Z" level=debug msg="Start TCP Server" entryPointName=traefik
time="2020-07-12T22:16:21Z" level=info msg="Starting provider *file.Provider {\"directory\":\"/var/tf\",\"watch\":true}"
time="2020-07-12T22:16:21Z" level=error msg="Cannot start the provider *file.Provider: unable to read directory /var/tf: open /var/tf: no such file or directory"
time="2020-07-12T22:16:21Z" level=info msg="Starting provider *traefik.Provider {}"
time="2020-07-12T22:16:21Z" level=debug msg="Configuration received from provider internal: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645},\"debug\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/debug`)\",\"priority\":2147483646}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/[^:\\\\/]+(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}},\"services\":{\"api\":{},\"dashboard\":{}}},\"tcp\":{},\"tls\":{}}" providerName=internal
time="2020-07-12T22:16:21Z" level=info msg="Starting provider *crd.Provider {}"
time="2020-07-12T22:16:21Z" level=debug msg="Using label selector: \"\"" providerName=kubernetescrd
time="2020-07-12T22:16:21Z" level=info msg="label selector is: \"\"" providerName=kubernetescrd
time="2020-07-12T22:16:21Z" level=info msg="Creating in-cluster Provider client" providerName=kubernetescrd
time="2020-07-12T22:16:21Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=debug@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-07-12T22:16:21Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareName=tracing middlewareType=TracingForwarder
time="2020-07-12T22:16:21Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal
time="2020-07-12T22:16:21Z" level=debug msg="Creating middleware" middlewareType=StripPrefix middlewareName=dashboard_stripprefix@internal routerName=dashboard@internal entryPointName=traefik
time="2020-07-12T22:16:21Z" level=debug msg="Adding tracing to middleware" routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal entryPointName=traefik
time="2020-07-12T22:16:21Z" level=debug msg="Creating middleware" entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal
time="2020-07-12T22:16:21Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2020-07-12T22:16:21Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-07-12T22:16:21Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-07-12T22:16:21Z" level=debug msg="No default certificate, generating one"
time="2020-07-12T22:16:22Z" level=debug msg="Configuration received from provider kubernetescrd: {\"http\":{\"routers\":{\"default-whoami-whoami-0a89be42842c990013d3\":{\"entryPoints\":[\"web\",\"websecure\"],\"service\":\"default-whoami-whoami-0a89be42842c990013d3\",\"rule\":\"Host(`traefik.minikube`) \\u0026\\u0026 PathPrefix(`/whoami-app-api`)\"}},\"services\":{\"default-whoami-whoami-0a89be42842c990013d3\":{\"loadBalancer\":{\"servers\":[{\"url\":\"http://172.17.0.7:80\"}],\"passHostHeader\":true}}}},\"tcp\":{},\"tls\":{}}" providerName=kubernetescrd
time="2020-07-12T22:16:22Z" level=debug msg="Creating middleware" entryPointName=websecure routerName=default-whoami-whoami-0a89be42842c990013d3@kubernetescrd serviceName=default-whoami-whoami-0a89be42842c990013d3 middlewareType=Pipelining middlewareName=pipelining
time="2020-07-12T22:16:22Z" level=debug msg="Creating load-balancer" entryPointName=websecure routerName=default-whoami-whoami-0a89be42842c990013d3@kubernetescrd serviceName=default-whoami-whoami-0a89be42842c990013d3
time="2020-07-12T22:16:22Z" level=debug msg="Creating server 0 http://172.17.0.7:80" serviceName=default-whoami-whoami-0a89be42842c990013d3 entryPointName=websecure routerName=default-whoami-whoami-0a89be42842c990013d3@kubernetescrd serverName=0
time="2020-07-12T22:16:22Z" level=debug msg="Added outgoing tracing middleware default-whoami-whoami-0a89be42842c990013d3" routerName=default-whoami-whoami-0a89be42842c990013d3@kubernetescrd entryPointName=websecure middlewareName=tracing middlewareType=TracingForwarder
time="2020-07-12T22:16:22Z" level=debug msg="Creating middleware" middlewareName=traefik-internal-recovery middlewareType=Recovery entryPointName=websecure
time="2020-07-12T22:16:22Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=api@internal
time="2020-07-12T22:16:22Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" entryPointName=traefik middlewareName=tracing middlewareType=TracingForwarder routerName=dashboard@internal
time="2020-07-12T22:16:22Z" level=debug msg="Creating middleware" middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal
time="2020-07-12T22:16:22Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_stripprefix@internal entryPointName=traefik routerName=dashboard@internal
time="2020-07-12T22:16:22Z" level=debug msg="Creating middleware" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2020-07-12T22:16:22Z" level=debug msg="Setting up redirection from ^(http:\\/\\/[^:\\/]+(:\\d+)?)\\/$ to ${1}/dashboard/" middlewareName=dashboard_redirect@internal middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal
time="2020-07-12T22:16:22Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal
time="2020-07-12T22:16:22Z" level=debug msg="Added outgoing tracing middleware api@internal" middlewareName=tracing middlewareType=TracingForwarder entryPointName=traefik routerName=debug@internal
time="2020-07-12T22:16:22Z" level=debug msg="Creating middleware" middlewareType=Recovery entryPointName=traefik middlewareName=traefik-internal-recovery
time="2020-07-12T22:16:22Z" level=debug msg="Creating middleware" entryPointName=web middlewareName=traefik-internal-recovery middlewareType=Recovery
time="2020-07-12T22:16:22Z" level=debug msg="No default certificate, generating one"
time="2020-07-12T22:16:23Z" level=debug msg="Skipping Kubernetes event kind *v1.Endpoints" providerName=kubernetescrdThe fact that traefik is generating default certificate could be linked to /var/tf missing.
vamshisiddarth
commented
4 years ago @sonisaurabh19 I pushed the changes to fix this issue. Pull the latest master and replace the secret with base64 encoded. It should work now.
sonisaurabh19
commented
4 years ago @vamshisiddarth It is working, thanks! But dashboard is still loading at http, not https!
codeaprendiz
commented
4 years ago @sonisaurabh19 , you can refer the following link for the same. I will be closing the issue now as TLS with custom certificates is working.
Hi, thanks for this great repo! Can you please provide an example of using custom certificates in place of acme. I have a certfile and keyfile that have worked well for me in setting up TLS for traefik and all services it is routing to in Docker.