traefik-helm-chart
traefik-helm-chart copied to clipboard
dashboard-hook-ingressroute.yaml has hardcoded values
Welcome!
- [X] Yes, I've searched similar issues on GitHub and didn't find any.
- [X] Yes, I've searched similar issues on the Traefik community forum and didn't find any.
What version of the Traefik's Helm Chart are you using?
10.15.0
What version of Traefik are you using?
2.6.1
What did you do?
trying to use the helm chart to publish the dashboard, but I defined other endpointnames and the dashboard-hook-ingressroute.yaml has the endpoint hardcoded Also is not possible to define a host for the dashboard
What did you see instead?
no access to dashboard
What is your environment & configuration?
Rancher 2.6.3, kubernetes 1.21.7
Additional Information
No response
same here, not sure how to access (or simply configurre the host) for the dashboard using this chart
I deploy my chart the following way.
helm install traefik traefik/traefik -n traefik-system --create-namespace \
--set providers.kubernetesCRD.allowExternalNameServices=true \
--set providers.kubernetesIngress.publishedService.enabled=true \
--set providers.kubernetesIngress.publishedService.pathOverride="traefik-system/traefik" \
--set providers.kubernetesIngress.allowExternalNameServices=true \
--set ports.websecure.tls.enabled=true \
--set ports.traefik.expose=true \
--set ports.metrics.expose=true \
--set ingressRoute.dashboard.enabled=false
That exposes port 9000 (--set ports.traefik.expose=true
) and I can access the dashboard via the external load balancer ip for example.
In situations where I do not want to expose port 9000, I do not set the parameter and I either patch the ingressRoute
with kubectl patch ingressroute -n kube-system traefik-dashboard --type=merge -p '{"spec":{"entryPoints":["websecure"]}}'
to make it reachable over 443 or I disable the dashboard during install with --set ingressRoute.dashboard.enabled=false
and deploy my own ingressRoute.
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
labels:
app.kubernetes.io/instance: traefik
app.kubernetes.io/name: traefik
name: traefik-dashboard
namespace: traefik-system
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: PathPrefix(`/dashboard`) || PathPrefix(`/api`)
services:
- kind: TraefikService
name: api@internal
But I fully agree, if the entryPoint would be configurable via the values that would be much better, to avoid additional steps in the deployment workflow.
Hello @gioppoluca
Thanks for your interest in Traefik !
As you have guessed, the IngressRoute provided by default is an easy-to-go access to dashboard, without security issues. This Helm Chart is designed to help when installing traefik, not managing IngressRoute. The dashboard is not an exception to this design.