<!--
DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
The issue tracker is …for reporting bugs and feature requests only.
For end-user related support questions, refer to one of the following:
- Stack Overflow (using the "traefik" tag): https://stackoverflow.com/questions/tagged/traefik
- the Traefik community Slack channel: https://traefik.herokuapp.com
-->
### Do you want to request a *feature* or report a *bug*?
*bug*
<!--
If you intend to ask a support question: DO NOT FILE AN ISSUE.
-->
### What did you do?
Update from v1.2.3 to v1.3.0 of traefik
<!--
HOW TO WRITE A GOOD ISSUE?
- Respect the issue template as more as possible.
- If it's possible use the command `traefik bug`. See https://www.youtube.com/watch?v=Lyz62L8m93I.
- The title must be short and descriptive.
- Explain the conditions which led you to write this issue: the context.
- The context should lead to something, an idea or a problem that you’re facing.
- Remain clear and concise.
- Format your messages to help the reader focus on what matters and understand the structure of your message, use Markdown syntax https://help.github.com/articles/github-flavored-markdown
-->
### What did you expect to see?
Update from v1.2.3 to any higher version should work
### What did you see instead?
Any version higher than v1.2.3 fails to start on Kubernetes 1.7.3 where certificate files are stored in a Kubernetes secret
### Output of `traefik version`: (_What version of Traefik are you using?_)
```
$ docker run -it --entrypoint=traefik traefik:v1.3.0-local version
Version: v1.3.0
Codename: raclette
Go version: go1.8.3
Built: 2017-05-31_05:27:18PM
OS/Arch: linux/amd64
```
<!--
For the Traefik Docker image:
docker run [IMAGE] version
ex: docker run traefik version
-->
### What is your environment & configuration (arguments, toml, provider, platform, ...)?
**configmap.yaml**
```yaml
apiVersion: v1
data:
traefik.toml: |
defaultEntryPoints = ["http","https"]
[entryPoints]
[entryPoints.http]
address = ":80"
[entryPoints.http.redirect]
entryPoint = "https"
[entryPoints.https]
address = ":443"
[entryPoints.https.tls]
MinVersion = "VersionTLS12"
CipherSuites = ["TLS_RSA_WITH_AES_256_GCM_SHA384"]
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/wildcard.foo.mydomain.com.crt"
KeyFile = "/ssl/wildcard.foo.mydomain.com.key"
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/wildcard.mydomain.com.crt"
KeyFile = "/ssl/wildcard.mydomain.com.key"
[[entryPoints.https.tls.certificates]]
CertFile = "/ssl/wildcard.local.crt"
KeyFile = "/ssl/wildcard.local.key"
[kubernetes]
labelselector = "expose=internal"
kind: ConfigMap
metadata:
annotations:
documentation: https://traefik.io/
es_index: |
{"cluster-traefik":"kubernetes-cluster_traefik"}
maintainers: Systems:systems@mydomain.com
sandbox: "true"
source: https://github.com/containous/traefik
labels:
app: traefik
project: kube
release: cluster-traefik
role: traefik
subproject: cluster1
name: cluster-traefik
namespace: cluster
```
**deployment.yaml**
```yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
annotations:
documentation: https://traefik.io/
es_index: |
{"cluster-traefik":"kubernetes-cluster_traefik"}
maintainers: Systems:systems@mydomain.com
source: https://github.com/containous/traefik
labels:
app: traefik
project: kube
release: cluster-traefik
role: traefik
subproject: cluster1
name: cluster-traefik
namespace: cluster
spec:
replicas: 3
selector:
matchLabels:
app: traefik
project: kube
release: cluster-traefik
role: traefik
subproject: cluster1
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
annotations:
documentation: https://traefik.io/
es_index: "{\"cluster-traefik\":\"kubernetes-cluster_traefik\"}\n \n"
maintainers: Systems:systems@mydomain.com
prometheus.io/scheme: http
prometheus.io/scrape: "true"
sandbox: "true"
source: https://github.com/containous/traefik
labels:
app: traefik
project: kube
release: cluster-traefik
role: traefik
subproject: cluster1
name: cluster-traefik
spec:
containers:
- args:
- --configfile=/config/traefik.toml
- --web
- --web.metrics.prometheus
- --logLevel=DEBUG
image: registry.mydomain.com/ops/traefik:v1.3.0-4
imagePullPolicy: IfNotPresent
name: cluster-traefik
ports:
- containerPort: 80
protocol: TCP
- containerPort: 443
protocol: TCP
- containerPort: 8080
name: metrics
protocol: TCP
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /config
name: config
- mountPath: /ssl
name: ssl
resources:
requests:
cpu: 1
memory: 256Mi
dnsPolicy: ClusterFirst
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: cluster-traefik
serviceAccountName: cluster-traefik
terminationGracePeriodSeconds: 60
volumes:
- configMap:
defaultMode: 420
name: cluster-traefik
name: config
- name: ssl
secret:
defaultMode: 420
secretName: traefik-certs
```
**Dockerfile**
```Dockerfile
FROM registry.mydomain.com/centos/7/base:7.2.1511
# Labels
LABEL com.mydomain.traefik.version="1.3.0"
COPY sha256sums.txt /tmp/
RUN cd /tmp && \
curl -L -s --fail -o traefik_linux-amd64 https://github.com/containous/traefik/releases/download/v1.3.0/traefik_linux-amd64 && \
sha256sum --check sha256sums.txt && \
chmod a+x traefik_linux-amd64 && \
mv traefik_linux-amd64 /usr/local/bin/traefik && \
rm -rf /tmp/*
ENTRYPOINT ["/usr/local/bin/traefik"]
LABEL com.mydomain.build.gitrepo='docker-images/centos-7-traefik' \
com.mydomain.build.gitsha='03ff2b9' \
com.mydomain.build.timestamp='1503496482' \
com.mydomain.build.user='k4k' \
com.mydomain.build.dependency='centos/7/base:7.2.1511-39'
```
### If applicable, please paste the log output in debug mode (`--debug` switch)
`--logLevel=DEBUG`
```shell
time="2017-08-23T14:00:25Z" level=info msg="Traefik version v1.3.0 built on 2017-05-31_05:27:18PM"
time="2017-08-23T14:00:25Z" level=info msg="Using TOML configuration file /config/traefik.toml"
time="2017-08-23T14:00:25Z" level=debug msg="Global configuration loaded {"GraceTimeOut":10000000000,"Debug":false,"CheckNewVersion":true,"AccessLogsFile":"","TraefikLogsFile":"","LogLevel":"DEBUG","EntryPoints":{"http":{"Network":"","Address":":80","TLS":null,"Redirect":{"EntryPoint":"https","Regex":"","Replacement":""},"Auth":null,"Compress":false},"https":{"Network":"","Address":":443","TLS":{"MinVersion":"","CipherSuites":null,"Certificates":[{"CertFile":"/ssl/wildcard.foo.mydomain.com.crt","KeyFile":"/ssl/wildcard.foo.mydomain.com.key"},{"CertFile":"/ssl/wildcard.mydomain.com.crt","KeyFile":"/ssl/wildcard.mydomain.com.key"},{"CertFile":"/ssl/wildcard.local.crt","KeyFile":"/ssl/wildcard.local.key"}],"ClientCAFiles":null},"Redirect":null,"Auth":null,"Compress":false}},"Cluster":null,"Constraints":[],"ACME":null,"DefaultEntryPoints":["http","https"],"ProvidersThrottleDuration":2000000000,"MaxIdleConnsPerHost":200,"IdleTimeout":180000000000,"InsecureSkipVerify":false,"Retry":null,"HealthCheck":{"Interval":30000000000},"Docker":null,"File":null,"Web":{"Address":":8080","CertFile":"","KeyFile":"","ReadOnly":false,"Statistics":null,"Metrics":{"Prometheus":{"Buckets":[0.1,0.3,1.2,5]}},"Path":"","Auth":null},"Marathon":null,"Consul":null,"ConsulCatalog":null,"Etcd":null,"Zookeeper":null,"Boltdb":null,"Kubernetes":{"Watch":true,"Filename":"","Constraints":[],"Endpoint":"","Token":"","CertAuthFilePath":"","DisablePassHostHeaders":false,"Namespaces":null,"LabelSelector":"expose=internal"},"Mesos":null,"Eureka":null,"ECS":null,"Rancher":null,"DynamoDB":null}"
time="2017-08-23T14:00:25Z" level=info msg="Preparing server https &{Network: Address::443 TLS:0xc4205b1920 Redirect:<nil> Auth:<nil> Compress:false}"
time="2017-08-23T14:00:25Z" level=error msg="Error creating TLS config: tls: failed to find any PEM data in key input"
time="2017-08-23T14:00:25Z" level=fatal msg="Error preparing server: tls: failed to find any PEM data in key input"
```
https://stackoverflow.com/questions/45826786/error-creating-tls-config-after-updating-traefik-to-v1-3-6