Using Traefik version 2.0.0-beta1, my Traefik servers have two entrypoints: "web" for HTTP on port 80, and "web-secure" for HTTPS on port 443. When I create a Kubernetes Ingress object and attempt get Traefik to serve it only over HTTPS, Traefik always responds with a 404 response code, regardless of whether the Ingress uses a default backend, a host-based rule, a prefix-based rule, or both. I've tried including the "spec.tls" field nominating a Kubernetes Secret; doing so doesn't change the outcome.
I've tried forcing Traefik to use the HTTPS entrypoint with both of these annotations:
Neither had any effect.
I tried removing the "web" entrypoint, so that Traefik would only serve HTTPS. That didn't help either.
I notice that Traefik is serving this route over HTTP. It talks to my backend pods over HTTPS as intended. However, I can't get Traefik to serve this route over HTTPS.
Here's a snapshot of my Ingress object. I've commented and uncommented just about every combination of fields that Kubernetes will accept as being valid.
apiVersion: networking.k8s.io/v1beta1 kind: Ingress metadata: name: somesvc namespace: myns annotations: # Is this still honored? traefik.frontend.rule.type: PathPrefixStrip # What about this one? traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip # Is this still honored? traefik.frontend.entryPoints: web-secure # What about this one? traefik.ingress.kubernetes.io/frontend-entry-points: web-secure spec: tls: - secretName: somesvc-tls # backend: # serviceName: somesvc # servicePort: 443 rules: - # host: traefik.local http: paths: - path: /somesvc backend: serviceName: somesvc servicePort: 443
What does it take to get this route served over HTTPS?