Adding a docker provider to traefik k3s error docker.sock access

k3s version v1.26.3+k3s1
Docker version 23.0.3
Traefik 2.9.4

default installation with traefik

curl -sfL https://get.k3s.io | sh -

Check for Ready node, takes ~30 seconds

sudo k3s kubectl get node

adding configuration according to k3s instructions and traefik commands

https://docs.k3s.io/helm
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
additionalArguments:

--accesslog=true
--global.checknewversion
--providers.docker=true
--providers.docker.exposedByDefault=false
--entrypoints.web.http.redirections.entryPoint.to=:443
--entrypoints.web.http.redirections.entryPoint.scheme=https

I also used such a command , the result is the same

--providers.docker.endpoint=unix:///var/run/docker.sock
level=error msg="Provider connection error Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?, retrying in 1.642087069s" providerName=docker

the user is a member of the docker group and executes docker commands , just like root

What did you see instead?
Provider connection error Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

What version of Traefik are you using?
Traefik 2.9.4

What is your environment & configuration?

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
name: traefik
namespace: kube-system
spec:
valuesContent: |-
additionalArguments:
- --accesslog=true
- --global.checknewversion
- --providers.docker=true
- --providers.docker.exposedByDefault=false
- --entrypoints.web.http.redirections.entryPoint.to=:443
- --entrypoints.web.http.redirections.entryPoint.scheme=https

If applicable, please paste the log output in DEBUG level

level=error msg="Provider connection error Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?, retrying in 1.642087069s" providerName=docker

We don’t use k3s, so I have no idea how to do it right. But why do want to use provider.docker for Traefik Docker Configuration Discovery in a kubernetes setup? Usually this is used for pure Docker (Swarm) environments.

because it can , I used k3s kubernetes and wanted to connect docker provider to access the internet

k3s uses traefik by default

this is what my panel looks like now

I think I have never seen a provider.docker used in any k8s related community post here.

Did you check the docs?

"A Simple Use Case of Traefik Proxy and Kubernetes"
"Install Traefik - Use the Helm Chart"
"Install And Configure Traefik Proxy with Helm"

traefik can work with different providers - this is understandable, what is listed is the usual easy initial instructions - in fact, it is not clear why traefik does not have access to the docker socket

When running Traefik in Docker, you have to mount unix:///var/run/docker.sock into the Traefik container to be read by provider.docker.

I assume you need to do the same when running in k3s.

----providers.docker=true is the same - by default as --providers.docker.endpoint=unix:///var/run/docker.sock

how would I find out if it is true that traefik can use all these providers at the same time or is it just a picture

in fact, I even wanted to connect a remote docker socket via ssh

  • --providers.docker.endpoint=ssh://user@192.168.1.10

but it didn 't work out to connect to the socket either , so I decided to experiment on the same host where kubernetes put docker

by look at how to understand such a picture? there are a lot of providers there , I thought traefik could connect them all at the same time

adding configuration according to k3s instructions and traefik commands

https://docs.k3s.io/helm

I installed k3s without traefik
installing it separately traefik через yaml
it turned out the same thing
probably it won't work :frowning:
I wanted to serve different providers with one proxy server

I noticed that the processes in the pod go under the name traefik

I think we need to create a traefik user and give him docker rights

Traefik providers enable dynamic Traefik configuration. Just because you can enable all providers, does not mean you should enable all providers.

I personally doubt that the Docker socket is available in a k3s environment. K3s can run Docker containers, but I am not sure the underlaying Docker APIs are available, because k3s handles the container management.

I decided to go the other way - through the file provider

apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: traefik
  namespace: kube-system
spec:
  valuesContent: |-
    additionalArguments:
      - --accesslog=true
      - --global.checknewversion
      - --providers.file.directory=/file
      - --entryPoints.vpn.address=:51820/udp
      - --entrypoints.web.http.redirections.entryPoint.to=:443
      - --entrypoints.web.http.redirections.entryPoint.scheme=https
    volumes:
      - name: config-file
        mountPath: file/
        type: configMap
apiVersion: v1
kind: ConfigMap
metadata:
  name: config-file
  namespace: kube-system
data:
  vpn.yaml: |-
    udp:
      routers:
        vpn-router:
          entryPoints:
            - vpn
          service: vpn-service
      services:
        vpn-service:
          loadBalancer:
            servers:
            - address: 192.168.88.3:51820


everything is fine
, but the traffic does not go - it does not return from the service
firewalls everything is ok
if you connect inside a local network, everything works

the server itself means ok

the problem with Traefik - what could be wrong now?