Setup clustered Traefik Edge Router on Azure kubernetes with Lets Encrypt

1/14/2019

I'm trying to setup traefik with Lets Encrypt on kubernetes in Azure, so far so good and every thing is almost working ... this is the first time, so hoping I'm missing something to get everything working.

I have used the DeploymentController with 1 replica(later there will be more than one, going for clustered setup).

The issue is with the Lets Encrypt certificate.

I'm getting this error: Failed to read new account, ACME data conversion is not available : permissions 755 for acme/acme.json are too open, please use 600

This seems like a fair requirement but how do I set this since I'm using the "node's storage" ... I know this is not the best option but having a hard time finding a good guide to follow ... so need some guidence here.

Guides says using a KV Storage as etcd

I have read: https://docs.traefik.io/configuration/acme/ https://docs.traefik.io/user-guide/kubernetes/

It also says here: https://docs.traefik.io/configuration/acme/#as-a-key-value-store-entry

ACME certificates can be stored in a KV Store entry. This kind of storage is mandatory in cluster mode.

So I guess this is a requirement :-)

This all makes sense so every pod don't request the same certificate but can share it and be notified when a new certicate is requested ...

This page show the KV stores that is supported: https://docs.traefik.io/user-guide/kv-config/ - kubentes uses etcd, but I can't find any information if I can use that to store the certicate ... ?

So what is my options here? Do I need to install my own KV Store to support Lets Encrypt Certificates? Can i use Azure Storage Disk?

-- Syska
azure
kubernetes
lets-encrypt
traefik

0 Answers