traefik-helm-chart icon indicating copy to clipboard operation
traefik-helm-chart copied to clipboard

Published 20 hours ago verified publisher icon traefik

How is one to access the dashboard with a single traefik instance or multiple traefik instances on a cluster?

Open bitsofinfo opened this issue 2 years ago • 4 comments

Welcome!

  • [X] Yes, I've searched similar issues on GitHub and didn't find any.
  • [X] Yes, I've searched similar issues on the Traefik community forum and didn't find any.

What version of the Traefik's Helm Chart are you using?

10.19.4

What version of Traefik are you using?

2.6.3

What did you do?

I am deploying 2 instances of this chart. One called traefik-internal and one called traefik-external

I set in values --api.dashboard=true on both

What did you see instead?

I cannot access the dashboard via the IP @ either of the traefik instances LB ips

I also tried creating my own IngressRoute adding a custom Host(...) stanza.... to no avail

I noticed the IngressRoute on this chart references the service as:

    services:
    - kind: TraefikService
      name: api@internal

How is this supposed to determine which traefik instance, when there are multiple on the cluster/

What is your environment & configuration?

the helm chart w/ the value noted above for the IngressRoute customization

Additional Information

Overall both the documentation and simplicity of getting this to work is super confusing

https://github.com/traefik/traefik-helm-chart/issues/596

bitsofinfo avatar Jun 13 '22 16:06 bitsofinfo

Same for me, doesn't work

xakaitetoia avatar Jun 21 '22 21:06 xakaitetoia

I have two traefik instances deployed manually (as helm chart was not applicable for multi instances) in two different namespaces - traefik-int and traefik-ext. Even I deploy two ingressroutes in different namespaces (ingress allow cross namespace) - the dashboard always only refers the one traefik instance. I assume somehow the ingress class is bundled with the traefik deployment.

example:

  • traefik ext - no dashboard - namespace - traefik-ext
  • traefik int - one dashboard for traefik-int and one dashboard for traefik-ext -> both ingressroutes only shows traefik-int dashboard

works:

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik-int
  name: traefik-dashboard-internal
  namespace: traefik-int

spec:
  entryPoints:
    - websecure

  routes:
    - match: Host(`internal-routes.example.com`)
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService
          namespace: traefik-int

  tls:
    certResolver: tx

does not work (shows internal dashboard)

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik-int
  name: traefik-dashboard-public
  namespace: traefik-ext

spec:
  entryPoints:
    - websecure

  routes:
    - match: Host(`public-routes.example.com`)
      kind: Rule
      services:
        - name: api@internal
          kind: TraefikService
          namespace: traefik-ext

  tls:
    certResolver: tx

maltegrosse avatar Jul 10 '22 13:07 maltegrosse

@maltegrosse Assuming you have a separate ingress class for each Traefik instance, you probably want to use traefik-ext on your second definition so that only your external Traefik will utilize that IngressRoute. As pasted above, it looks like you are applying both with traefik-int ingress class, which likely means they are both routed to api@internal of your internal Traefik

jmmk avatar Jul 11 '22 15:07 jmmk

@jmmk my idea was to only publish both dashboards internally. As I dont fully understand the TraefikService, I decided to switch to dashboard.insecure=true, in order to expose the dashboard on port 9000 (default 8080) and then directly refer to the service. I also deployed both traefik instances in the same traefik namespace in order to avoid multiple service accounts etc..

It works now by creating two ingressroutes:

for internal-routes:

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik-int
  name: traefik-dashboard-internal
  namespace: traefik

spec:
  entryPoints:
    - websecure

  routes:
    - match: Host(`internal-routes.internal.example.com`)
      kind: Rule
      services:
         - name: traefik-int
           kind: Service
           port: 9000

  tls:
    certResolver: ...

and the dashboard for external routes:

---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik-int
  name: traefik-dashboard-internal
  namespace: traefik

spec:
  entryPoints:
    - websecure

  routes:
    - match: Host(`external-routes.internal.example.com`)
      kind: Rule
      services:
         - name: traefik-ext
           kind: Service
           port: 9000

  tls:
    certResolver: ...

Its not a perfect solution, but it would be nice to see some further hint regarding TraefikService and specifying the exact service name.

maltegrosse avatar Jul 13 '22 08:07 maltegrosse

Hi!

Thanks for your interest in Traefik!

We dedicate the issue tracker to bug reports and feature requests only. So I'll close this issue.

You may ask configuration question on our Community Forum and reach out to us on the Traefik section.

You can also double check Traefik's documentation.

mloiseleur avatar Sep 29 '22 09:09 mloiseleur