Error configuring Traefik TLS "Error configuring TLS for ingress secret does not exist"

10/12/2018

Introduction

Configuring a new ingress-controller with Traefik using helm chart and creating secrets.

Info

Kubernetes version: 1.9.3

Helm version: 2.9

Traefik chart version: 1.5

Traefik version: 1.7.2

Problem

I am deploying Traefik through official helm chart, but always I have the same problem in the logs "Error configuring TLS for ingress default/traefik-testing-tls: secret default/traefik-tls does not exist"

I have the secret properly created and configured in the same namespace and also checked the clusterrole and clusterrolebinds are ok and allows the access to secrets

I tried to change the defaultCert and defaultKey but not sure about this.

Configmap:

data:
traefik.toml: |
# traefik.toml
logLevel = "INFO"
defaultEntryPoints = ["http", "https", "httpn"]
[entryPoints]
  [entryPoints.http]
  address = ":80"
  compress = true
  [entryPoints.https]
  address = ":443"
  compress = true
  [entryPoints.httpn]
  address = ":8880"
  compress = true
[kubernetes]
namespaces = ["default", "kube-system"]
[traefikLog]
  format = "json"
[accessLog]
  format = "common"
[accessLog.fields]
  defaultMode = "keep"
[accessLog.fields.names]
[accessLog.fields.headers]
  defaultMode = "keep"
[accessLog.fields.headers.names]
-- curratore
kubernetes
kubernetes-helm
kubernetes-secrets
ssl
traefik

2 Answers

10/16/2018

After several checks, rbacs, namespaces, etc. a member from Traefik told us that the k8s objects are loaded asynchronously (so the ingress may be loaded before the secret) this is the reason because it gives a problem at start of the Traefik.

-- curratore
Source: StackOverflow

10/12/2018

Looks like you are missing the traefik-tls secret, for your traefik-testing-tls ingress, that probably holds your TLS certificates. You can follow this.

Instead of:

kubectl -n kube-system create secret tls traefik-ui-tls-cert --key=tls.key --cert=tls.crt

You can use:

kubectl -n kube-system create secret tls traefik-tls --key=tls.key --cert=tls.crt
-- Rico
Source: StackOverflow