k8s provider w/ acme?

[krancour]

Is there a comprehensive example of using the Kubernetes provider with ACME support?

It's really awesome that Traefik can be used as an ingress controller, but so far, what I can't get it to do is use ACME to request certificates for whatever hosts are named in my ingress resources. i.e. I still need to explicitly include the following in my toml:

[[acme.domains]]
  main = "stilton.krancour.deis.ninja"
[[acme.domains]]
  main = "cheddar.krancour.deis.ninja"
[[acme.domains]]
  main = "wensleydale.krancour.deis.ninja"

Updating that configuration each time I add or modify ingresses doesn't seem ideal.

Can the ACME module work seamlessly with the k8s provider? Or is that not yet possible?

[emilevauge]

In the 1.1 version (v1.1.0-rc2 released 2 days ago), you can enable OnHostRule that will request a certificate from Let's Encrypt for each frontend with a Host rule: http://docs.traefik.io/toml/#acme-lets-encrypt-configuration

[ArchiFleKs]

@krancour I tested it with Kubernetes recently and wrote a post here : https://archifleks.github.io/blog/kubernetes-ingress/

basically if you are using a configmap like that It should work seamlessly :

apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-conf
data:
  traefik.toml: |
    # traefik.toml
    defaultEntryPoints = ["http","https"]
    [entryPoints]
      [entryPoints.http]
      address = ":80"
      [entryPoints.http.redirect]
      entryPoint = "https"
      [entryPoints.https.auth.basic]
      users = ["klefevre:$HASH"]
      [entryPoints.https]
      address = ":443"
      [entryPoints.https.tls]
    [acme]
    email = "lefevre.kevin@gmail.com"
    storageFile = "/acme/acme.json"
    entryPoint = "https"
    onDemand = true
    onHostRule = true
    caServer = "https://acme-staging.api.letsencrypt.org/directory"
    [[acme.domains]]
    main = "archifleks.net"

[krancour]

@emilevauge @ArchiFleKs this looks like exactly what I am looking for. I'll take that for a test drive. Thanks!

[krancour]

This worked like a charm. Thank you guys!

[craigwillis85]

@ArchiFleKs I followed your tutorial, but unfortunately my ingress controller always fails with a CrashLoopBackOff

[errm]

Hi @craigwillis85 could share the logoutput from the crashed traefik?

[craigwillis85]

@errm is there an easy way to do that?

[craigwillis85]

@errm I have an issue. I'm running kubeadm, so trying to get logs from the pods is currently broken as of:

kubernetes/kubernetes#22770

[ArchiFleKs]

@craigwillis85 can you log into the node and get the log from the docker daemon ? Did you use a host volume for acme storage ? One of the crash cause I've seen was du to a configuration error with acme storage

[craigwillis85]

I managed to get this working with the lets encrypt staging.

So, all is good!

On 23 Nov 2016 20:04, "Kevin Lefevre" notifications@github.com wrote:

@craigwillis85 https://github.com/craigwillis85 can you log into the
node and get the log from the docker daemon ? Did you use a host volume for
acme storage ? One of the crash cause I've seen was du to a configuration
error with acme storage

—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
#752 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/ABrvJUkWytXvyNed-ddfZxXo0Rukk1jUks5rBJxigaJpZM4KbgCv
.