fix: Fix Traefik TLS verification to front#390
Conversation
Signed-off-by: fastlorenzo <git@bernardi.be>
|
I tried this locally and it only worked when adding the following annotation to the Also, helm warns about the |
| {{- if .Values.commonAnnotations }} | ||
| {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} | ||
| {{- end }} | ||
| {{- if and (eq .Values.ingress.type "traefik") .Values.ingress.enabled .Values.ingress.traefik.insecureSkipVerify }} |
There was a problem hiding this comment.
This is needed instead on the mailu-front service. Although it's also documented for Ingress: https://doc.traefik.io/traefik-hub/api-gateway/reference/routing/kubernetes/http/services/ref-svc-annotations
Also, the https/443 port on the mailu-front deployment should be enabled again, otherwise traefik refuses to link the ingress as the pod does not expose https
|
Hi everyone Just wondering if there’s any update on this topic? I tried applying the suggested solution with my Traefik setup, but it looks like the Ingress isn’t working properly. From what I can tell, the problem comes from the fact that it’s not possible to clearly separate the HTTP port from the mail service ports. It might be useful to introduce a way to split those concerns:
That way we could leverage Traefik for the web parts (admin/webmail, API, etc.) while keeping the mail protocols accessible. |
|
This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days. |
github-actions
bot
added
the
Stale
DrPsychick
removed
the
Stale
DrPsychick
added
the
pending answer
|
This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 14 days. |
github-actions
bot
added
the
Stale
DrPsychick
removed
the
Stale
|
This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 14 days. |
github-actions
bot
added
the
Stale
DrPsychick
removed
the
Stale
|
This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 14 days. |
github-actions
bot
added
the
Stale
|
This PR was closed because it has been stale for 14 days with no further activity. |
github-actions
bot
added
area/docs
|
This PR is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 14 days. |
github-actions
bot
added
the
Stale
3 participants
This pull request introduces several changes fixing support for Traefik as an ingress controller and allowing the disabling of TLS verification between Traefik and the backend.
Documentation updates:
mailu/README.md: Added descriptions for new ingress settings, includingingress.typeandingress.traefik.insecureSkipVerify. [1] [2]Configuration updates:
mailu/values.yaml: Introduced new parametersingress.typeandingress.traefik.insecureSkipVerifyto support Traefik and allow disabling TLS verification.Template updates:
mailu/templates/front/ingress.yaml: Added conditional annotations for Traefik wheningress.traefik.insecureSkipVerifyis enabled.mailu/templates/front/service.yaml: IncludedserversTransportconfiguration for Traefik wheningress.traefik.insecureSkipVerifyis enabled.mailu/templates/front/traefik-serverstransport.yaml: Added a new template forServersTransportresource configuration when using Traefik withinsecureSkipVerify.Fixes #368