fix: Fix Traefik TLS verification to front #390
Conversation
Signed-off-by: fastlorenzo <[email protected]>
|
I tried this locally and it only worked when adding the following annotation to the Also, helm warns about the |
| {{- if .Values.commonAnnotations }} | ||
| {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} | ||
| {{- end }} | ||
| {{- if and (eq .Values.ingress.type "traefik") .Values.ingress.enabled .Values.ingress.traefik.insecureSkipVerify }} |
There was a problem hiding this comment.
This is needed instead on the mailu-front service. Although it's also documented for Ingress: https://doc.traefik.io/traefik-hub/api-gateway/reference/routing/kubernetes/http/services/ref-svc-annotations
Also, the https/443 port on the mailu-front deployment should be enabled again, otherwise traefik refuses to link the ingress as the pod does not expose https
|
Hi everyone Just wondering if there’s any update on this topic? I tried applying the suggested solution with my Traefik setup, but it looks like the Ingress isn’t working properly. From what I can tell, the problem comes from the fact that it’s not possible to clearly separate the HTTP port from the mail service ports. It might be useful to introduce a way to split those concerns:
That way we could leverage Traefik for the web parts (admin/webmail, API, etc.) while keeping the mail protocols accessible. |
|
This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days. |
github-actions
bot
added
the
Stale
DrPsychick
removed
the
Stale
DrPsychick
added
the
pending answer
This pull request introduces several changes fixing support for Traefik as an ingress controller and allowing the disabling of TLS verification between Traefik and the backend.
Documentation updates:
mailu/README.md: Added descriptions for new ingress settings, includingingress.typeandingress.traefik.insecureSkipVerify. [1] [2]Configuration updates:
mailu/values.yaml: Introduced new parametersingress.typeandingress.traefik.insecureSkipVerifyto support Traefik and allow disabling TLS verification.Template updates:
mailu/templates/front/ingress.yaml: Added conditional annotations for Traefik wheningress.traefik.insecureSkipVerifyis enabled.mailu/templates/front/service.yaml: IncludedserversTransportconfiguration for Traefik wheningress.traefik.insecureSkipVerifyis enabled.mailu/templates/front/traefik-serverstransport.yaml: Added a new template forServersTransportresource configuration when using Traefik withinsecureSkipVerify.Fixes #368