I have a microk8s running on my raspberry pi and I'm hoping to use a traefik ingressroute to expose kubernetes API to my subdomain
below is my ingressroute:
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: kube-api
spec:
entryPoints:
- web
- websecure
routes:
- match: Host(`kubernetes.mydomain.com`)
kind: Rule
services:
- kind: Service
name: kubernetes
port: 16443 # have also tried 443
tls:
secretName: kubernetes.mydomain.com
This works fine for my other services+ingressroute but not with the api.
For the kubernetes api I'm only able to see my certificate was successfully generated but the page just displays 'Internal Server Error'
Please let me know what additional information I can provide and I will gladly do so!
This issue was because traefik was trying to connect with kube-apiserver over https.
I had to use a serverTransport to allow insecure communication between traefik and kube-apiserver. This is not a security concern as communication to traefik will verify ssl.
The way to do this can be found at the very bottom of this page. https://doc.traefik.io/traefik/v2.4/routing/providers/kubernetes-crd/#kind-serverstransport