traefik-helm-chart
traefik-helm-chart copied to clipboard
How is one to access the dashboard with a single traefik instance or multiple traefik instances on a cluster?
Welcome!
- [X] Yes, I've searched similar issues on GitHub and didn't find any.
- [X] Yes, I've searched similar issues on the Traefik community forum and didn't find any.
What version of the Traefik's Helm Chart are you using?
10.19.4
What version of Traefik are you using?
2.6.3
What did you do?
I am deploying 2 instances of this chart. One called traefik-internal
and one called traefik-external
I set in values
--api.dashboard=true
on both
What did you see instead?
I cannot access the dashboard via the IP @ either of the traefik instances LB ips
I also tried creating my own IngressRoute
adding a custom Host(...)
stanza.... to no avail
I noticed the IngressRoute
on this chart references the service as:
services:
- kind: TraefikService
name: api@internal
How is this supposed to determine which traefik instance, when there are multiple on the cluster/
What is your environment & configuration?
the helm chart w/ the value noted above for the IngressRoute customization
Additional Information
Overall both the documentation and simplicity of getting this to work is super confusing
https://github.com/traefik/traefik-helm-chart/issues/596
Same for me, doesn't work
I have two traefik instances deployed manually (as helm chart was not applicable for multi instances) in two different namespaces - traefik-int and traefik-ext. Even I deploy two ingressroutes in different namespaces (ingress allow cross namespace) - the dashboard always only refers the one traefik instance. I assume somehow the ingress class is bundled with the traefik deployment.
example:
- traefik ext - no dashboard - namespace - traefik-ext
- traefik int - one dashboard for traefik-int and one dashboard for traefik-ext -> both ingressroutes only shows traefik-int dashboard
works:
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
kubernetes.io/ingress.class: traefik-int
name: traefik-dashboard-internal
namespace: traefik-int
spec:
entryPoints:
- websecure
routes:
- match: Host(`internal-routes.example.com`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
namespace: traefik-int
tls:
certResolver: tx
does not work (shows internal dashboard)
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
kubernetes.io/ingress.class: traefik-int
name: traefik-dashboard-public
namespace: traefik-ext
spec:
entryPoints:
- websecure
routes:
- match: Host(`public-routes.example.com`)
kind: Rule
services:
- name: api@internal
kind: TraefikService
namespace: traefik-ext
tls:
certResolver: tx
@maltegrosse Assuming you have a separate ingress class for each Traefik instance, you probably want to use traefik-ext
on your second definition so that only your external Traefik will utilize that IngressRoute
. As pasted above, it looks like you are applying both with traefik-int
ingress class, which likely means they are both routed to api@internal
of your internal Traefik
@jmmk my idea was to only publish both dashboards internally. As I dont fully understand the TraefikService, I decided to switch to dashboard.insecure=true
, in order to expose the dashboard on port 9000 (default 8080) and then directly refer to the service. I also deployed both traefik instances in the same traefik namespace in order to avoid multiple service accounts etc..
It works now by creating two ingressroutes:
for internal-routes:
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
kubernetes.io/ingress.class: traefik-int
name: traefik-dashboard-internal
namespace: traefik
spec:
entryPoints:
- websecure
routes:
- match: Host(`internal-routes.internal.example.com`)
kind: Rule
services:
- name: traefik-int
kind: Service
port: 9000
tls:
certResolver: ...
and the dashboard for external routes:
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
annotations:
kubernetes.io/ingress.class: traefik-int
name: traefik-dashboard-internal
namespace: traefik
spec:
entryPoints:
- websecure
routes:
- match: Host(`external-routes.internal.example.com`)
kind: Rule
services:
- name: traefik-ext
kind: Service
port: 9000
tls:
certResolver: ...
Its not a perfect solution, but it would be nice to see some further hint regarding TraefikService and specifying the exact service name.
Hi!
Thanks for your interest in Traefik!
We dedicate the issue tracker to bug reports and feature requests only. So I'll close this issue.
You may ask configuration question on our Community Forum and reach out to us on the Traefik section.
You can also double check Traefik's documentation.