Traefik behind GCP Load Balancer,

[jbrunetext]

Hello ,
I would like to config my Traefik behind my ingress-gce .
i have created an ingress with TLS endpoint with GCP.

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: tools-grafana-ingress
  annotations:
    kubernetes.io/ingress.global-static-ip-name: tools-lb-static-ip
    networking.gke.io/managed-certificates: grafana-tools-lb-managed-certificate
spec:
  rules:
    - host: {{ tpl (.Values.url) . }}
      http:
        paths:
          - path: /*
            backend:
              serviceName: tools-grafana
              servicePort: 80

Conform to GCE ingres doc it's work, I can natively auth my user with IAP through Ingress https://cloud.google.com/iap/docs/enabling-kubernetes-howto
but i would like proxy pass by internal load balancer
in other word i would like to forward request to gce ingress to traefik proxy. All the trafic on url grafana.tools.XXXXXXX.cloud will be route to traefik ingress port 80

ingress

NAME                      HOSTS                                    ADDRESS        PORTS   AGE
gce-tools-grafana-ingress     grafana.tools.XXXXXXX.cloud   34.107.XX.XX  80      3h55m
traefik-grafana-ingress     grafana.tools.XXXXXXX.cloud                  80      3h55m

instead of reach directly the service tools-grafana (Nodeport 80)
. i would like to reach my helm install of traefik (Nodeport 80 with backend Config IAP

tools-traefik   LoadBalancer   192.168.16.30   10.205.151.246   443:32577/TCP,80:32650/TCP

note my Loadbalancer is internal and get Internal IP address (Nodeport)
but i haven't found the annotation or example in documentation to implement this Scenario.
Traefik behind GCP Load Balancer with IAP

[bowei]

What annotation are you looking for?

[jbrunetext]

i forget to say that i have set the forwardedHeaders for proxy traefik.

  proxyProtocol:
    enabled: true
    trustedIPs:
      - 34.107.XX.XX
   
  forwardedHeaders:
    enabled: true
    trustedIPs:
      - 34.107.XX.XX

How i can know if my request have been successfully treated with IAP ?

{
  "Request": "{\"Method\":\"GET\",\"URL\":{\"Scheme\":\"\",\"Opaque\":\"\",\"User\":null,\"Host\":\"\",\"Path\":\"/login\",\"RawPath\":\"\",\"ForceQuery\":false,\"RawQuery\":\"\",\"Fragment\":\"\"},\"Proto\":\"HTTP/1.1\",\"ProtoMajor\":1,\"ProtoMinor\":1,\"Header\":{\"Accept\":[\"text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8\"],\"Accept-Encoding\":[\"gzip, deflate, br\"],\"Accept-Language\":[\"en-GB,en;q=0.5\"],\"Connection\":[\"Keep-Alive\"],\"Cookie\":[\"_ga=GA1.2.947704363.1580294326; GCP_IAP_UID=113557392538188238330; redirect_to=%2F\"],\"Upgrade-Insecure-Requests\":[\"1\"],\"User-Agent\":[\"Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:72.0) Gecko/20100101 Firefox/72.0\"],\"Via\":[\"1.1 google\"],\"X-Cloud-Trace-Context\":[\"864991425b7374ab2bf586df876d12bc/736578987621031236\"],\"X-Forwarded-For\":[\"81.66.XX.XX, 34.XX.XX.5\"],\"X-Forwarded-Proto\":[\"https\"]},\"ContentLength\":0,\"TransferEncoding\":null,\"Host\":\"grafana.tools.XXXXXXX.cloud\",\"Form\":null,\"PostForm\":null,\"MultipartForm\":null,\"Trailer\":null,\"RemoteAddr\":\"10.205.151.228:52964\",\"RequestURI\":\"/login\",\"TLS\":null}",
  "level": "debug",
  "msg": "vulcand/oxy/roundrobin/rr: completed ServeHttp on request",
  "time": "2020-02-06T18:55:37Z"
}

I have always the /login instead of been connected directly .
Have I missed something?

[jbrunetext]

OK my mistake ! . i forget to turn on IAP on my service Traefik on google console . You can close the issue