Let's Encrypt on Traefik with Helm

9/17/2018

I am trying to install Traefik as an Ingress Controller for my self-installed Kubernetes cluster. For convenience I try to install the helm chart of Traefik and this works excellent without the acme part; this is my variables yml now:

externalIP: xxx.xxx.xx.xxx
dashboard:
  enabled: true
  domain: traefik-ui.example.com
ssl:
  enabled: true
  enforced: true
acme:
  enabled: true
  challengeType: http-01
  email: example@gmail.com
  staging: true
  persistence.enabled: true
  logging: true

Installed with:

helm install --name traefik --namespace kube-traefik --values traefik-variables.yml stable/traefik

But with helm status traefik I can see the v1/PersistentVolumeClaim named traefik-acme stays pending and the certificate is never assigned.

-- Joost Döbken
kubernetes
kubernetes-helm
lets-encrypt
traefik

1 Answer

9/17/2018

It is highly recommended you use cert-manager instead of the built-in ACME support in Traefik, at least at this time. It is much better at dealing with multiple copies of Traefik, which you probably want. Ingress-shim (which is a default part of cert-manager) will handle Traefik-backed Ingresses just fine.

-- coderanger
Source: StackOverflow