-
Notifications
You must be signed in to change notification settings - Fork 2.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updating Traefik Ingress Configuration #1313
Comments
Make sure your change is still in
|
Thanks very much for your assistance @a01fe :) Btw. I installed k3s using the k3sup tool. I believe the equivalent command for k3sup is:
Also, I saw the following recent k3s post where the author changed the traefik manifest file to "traefik-custom.yaml" and also applied the '--no-deploy traefik' argument to achieve the same result: I'll try both suggestions and let you know the results. |
Just confirming that both these methods worked to changed the traefik.yaml settings for my k3s install. |
Is there no good way of upgrading the |
You need to run the installer once with |
This is too inhumane |
k3s 1.19 (and current master builds) include a new HelmChartConfig CRD that can be used to customize the values of a HelmChart without modifying the resource itself. The core use case for this is things like the packaged Traefik deployment. See: https://rancher.com/docs/k3s/latest/en/helm/#customizing-packaged-components-with-helmchartconfig |
The default port 443 need to be used by other service and cannot not be changed, to assign another port for k3s, I had to reinstall the k3s server,that is unpractical.Any plan to resolve this? |
If you don't want to reinstall, you could edit the service and add |
@brandond one quick question. When communicating from "traefik <==> backend " and backend has https on port 22000.
Using that I see an error in Traefik logs.
Is this because of 1.81 (default Traefik version in K3s 1.24) ? |
I'm not sure what that is for or where you're putting it, but you appear to be mixing yaml and ini style configuration syntax? You don't normally see : and = mixed together. |
Ignore the syntax please, I edited the way toml syntax expects it to be.
Then restart the traefik controller by scaling down and up the pod. That insecure... flag is to ignore tls verify , when Traefik talks to the backend. |
If anyone else is like me and stumbles upon this while trying to figure out how to set
|
I'm confused - in order to update the traefik config we have to disable traefik?? |
Yes, you disable it (to uninstall the old traefik v1 chart) and then enable it again to get v2. The v1 chart can't be safely directly upgraded to v2 so you have to basically uninstall and reinstall it. |
OK, the solution with I battled with this issue for days now but there was nothing logged to the Where/how can I see proper traefik error and access logs? |
It sounds like you want to enable logging via the helm chart values: https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml#L170-L171 |
I am unclear as to how this should work. Since we (as users) did not install traefik, I'm not sure how we should manage it via helm. The above discussion seems to imply re-installing the k3s server which is a bit extreme. The HelmChartConfig option is nice but I don't see the link to a helm chart or a values.yaml. |
K3s installs Traefik via helm chart. The values you can set in the HelmChartConfig as shown above are passed through directly to the chart installation; any of the upstream chart values can be used. You don't need to reinstall to modify the configuration. This is covered in the docs at https://rancher.com/docs/k3s/latest/en/helm/#customizing-packaged-components-with-helmchartconfig |
I've read those docs but the various version numbers (helm, traefik, k3s, kubernetes...) are confusing. Is it: accessLog:
enabled: true OR logs:
access:
enabled: true Where can I see which helm version is employed? |
It seems to be the latter. I am now getting access logs on stdout of the pod. |
Sorry to bump a dead issue. I'm trying to use @davesilva's suggestion, but it doesn't seem to be working. I'm using K3s I'm trying to run the UniFi controller in K3s, and the UniFi controller uses a self-signed certificate.
I applied the HelmChartConfig as suggested, but am still getting this in the UniFi web UI.
When running this command
|
@loganmarchione All that shows is that you've disabled certificate validation on the back-end connection. The error from your unifi web server is that a HTTPS connection between traefik and the pod is required, but you're using HTTP instead. This is not an error about invalid certificates, as you're not even using them. If you're using an Ingress resource to configure the routing to the pod, you're probably missing configuration to tell traefik to use https. See: https://doc.traefik.io/traefik/v2.2/routing/providers/kubernetes-ingress/#on-service |
@brandond thanks for the quick reply, it's working now!
|
Note that fixing the port on the service to be properly named |
Yep you're right, thanks! |
I have K3s (release v1.17.0+k3s.1) installed on my Raspberry Pi cluster, running on Raspbian Buster.
I used the standard configuration for installation, and Traefik is being used as the ingress controller.
I would like to disable TLS verification in Traefik by setting the "insecureSkipVerify" setting to "true".
Note. I am running Kubernetes Dashboard with a self-signed certificate. This is on my home network and I'm not too concerned about verifying the validity of the certificate.
K3s appears to install Traefik using a Helm Chart, and I can see the Traefik chart manifest is installed in:
/var/lib/rancher/k3s/server/manifests/traefik.yaml
I have updated the traefik.yaml in this folder to include the additional setting:
How can I apply the updated Traefik settings from my chart manifest file?
The text was updated successfully, but these errors were encountered: