traefik: TLS not working

Do you want to request a feature or report a bug?

Bug

What did you do?

Deploy with tls config

What did you expect to see?

Normal operation with http redirecting to https

What did you see instead?

time="2018-11-24T04:57:18Z" level=error msg="Error configuring TLS for ingress kube-system/traefik-web-ui: secret kube-system/traefik-ui-tls-cert does not exist"

Output of traefik version: (What version of Traefik are you using?)

time="2018-11-24T04:57:18Z" level=info msg="Traefik version v1.7.4 built on 2018-10-30_10:44:30AM"

What is your environment & configuration (arguments, toml, provider, platform, …)?

apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-conf
data:
  traefik.toml: |
    # traefik.toml
    logLevel = "INFO"
    defaultEntryPoints = ["http", "https"]
    [entryPoints]
      [entryPoints.http]
      address = ":80"
        [entryPoints.http.redirect]
        entryPoint = "https"
      [entryPoints.https]
      address = ":443"
        [entryPoints.https.tls]
          [[entryPoints.https.tls.certificates]]
          certFile = "/ssl/tls.crt"
          keyFile = "/ssl/tls.key"
    [kubernetes]

If applicable, please paste the log output in DEBUG level (--logLevel=DEBUG switch)

time="2018-11-24T04:57:18Z" level=info msg="Using TOML configuration file /config/traefik.toml"
time="2018-11-24T04:57:18Z" level=info msg="No tls.defaultCertificate given for https: using the first item in tls.certificates as a fallback."
time="2018-11-24T04:57:18Z" level=info msg="Traefik version v1.7.4 built on 2018-10-30_10:44:30AM"
time="2018-11-24T04:57:18Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://docs.traefik.io/basics/#collected-data\n"
time="2018-11-24T04:57:18Z" level=info msg="Preparing server http &{Address::80 TLS:<nil> Redirect:0xc0003e89c0 Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc000347c40} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2018-11-24T04:57:18Z" level=info msg="Preparing server https &{Address::443 TLS:0xc000490870 Redirect:<nil> Auth:<nil> WhitelistSourceRange:[] WhiteList:<nil> Compress:false ProxyProtocol:<nil> ForwardedHeaders:0xc000347c60} with readTimeout=0s writeTimeout=0s idleTimeout=3m0s"
time="2018-11-24T04:57:18Z" level=info msg="Starting server on :80"
time="2018-11-24T04:57:18Z" level=info msg="Starting provider configuration.ProviderAggregator {}"
time="2018-11-24T04:57:18Z" level=info msg="Starting server on :443"
time="2018-11-24T04:57:18Z" level=info msg="Starting provider *kubernetes.Provider {\"Watch\":true,\"Filename\":\"\",\"Constraints\":[],\"Trace\":false,\"TemplateVersion\":0,\"DebugLogGeneratedTemplate\":false,\"Endpoint\":\"\",\"Token\":\"\",\"CertAuthFilePath\":\"\",\"DisablePassHostHeaders\":false,\"EnablePassTLSCert\":false,\"Namespaces\":null,\"LabelSelector\":\"\",\"IngressClass\":\"\",\"IngressEndpoint\":null}"
time="2018-11-24T04:57:18Z" level=info msg="ingress label selector is: \"\""
time="2018-11-24T04:57:18Z" level=info msg="Creating in-cluster Provider client"
time="2018-11-24T04:57:18Z" level=error msg="Error configuring TLS for ingress kube-system/traefik-web-ui: secret kube-system/traefik-ui-tls-cert does not exist"
time="2018-11-24T04:57:18Z" level=info msg="Server configuration reloaded on :443"
time="2018-11-24T04:57:18Z" level=info msg="Server configuration reloaded on :80"
time="2018-11-24T04:57:18Z" level=warning msg="Endpoints not available for kube-system/traefik-web-ui"
time="2018-11-24T04:57:18Z" level=warning msg="Endpoints not available for kube-system/traefik-web-ui"
time="2018-11-24T04:57:20Z" level=info msg="Server configuration reloaded on :80"
time="2018-11-24T04:57:20Z" level=info msg="Server configuration reloaded on :443"

When I check the secret it’s there…

kubectl get secret -n kube-system traefik-ui-tls-cert
NAME                  TYPE                DATA   AGE
traefik-ui-tls-cert   kubernetes.io/tls   2      20m

This has been mentioned in another ticket and closed without much investigation. (I’ll reference the ticket here if I can find it)

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Reactions: 8
  • Comments: 24 (2 by maintainers)

Most upvoted comments

Hello, I have the kubernetes ingress installed and running since January 2019 and it was all fine until today that I had to renew the certificates and did a restart on the ingress controller pods. I followed the documentation on https://docs.traefik.io/user-guide/kubernetes/#add-a-tls-certificate-to-the-ingress back in the time and it all worked well.

Traefik version v1.7.14 built on 2019-08-14_09:46:58AM GKE version 1.11.10-gke.5 , thinking that it might be caused by outdated GKE version, I have just upgraded to version 1.13.7-gke.24 and still the same issue

I have tried to see the outout when the secret does not exist for real and the output is completely different, secret-does-not-exist.txt.

For the case when the secret exists but the server is not started, secret-not-found.txt.

Any ideas are welcome.

P.S. I have already tried changing the order of the entry points property as defaultentrypoints=https,http but didn’t work for me.

+4
cuneytcalishkan on Sep 9, 2019
Read more comments on GitHub
← traefik: Support override of HTTP 404 when service does not exist or is down
traefik: Traefik 2.0 not working with traefik-forward-auth, but works with 1.7 →