Bunch of authorizations issues

juchom · April 25, 2023, 8:26am

Helllo,

I have installed Traefik 2.10, Traefik CRDs, and API Gateways 0.6.2 CRDs and I have a bunch of authorization issues like this :

E0425 07:43:06.700629       1 reflector.go:140] k8s.io/client-go@v0.26.3/tools/cache/reflector.go:169: Failed to watch *v1alpha1.Middleware: failed to list *v1alpha1.Middleware: middlewares.traefik.io is forbidden: User "system:serviceaccount:traefik:traefik-controller" cannot list resource "middlewares" in API group "traefik.io" at the cluster scope

But if I run

kubectl auth can-i list middlewares --as=system:serviceaccount:traefik:traefik-controller
yes

If I take from the rbac from the doc :

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: traefik-ingress-controller

rules:
  - apiGroups:
      - traefik.containo.us
    resources:
      - middlewares
      - middlewaretcps
      - ingressroutes
      - traefikservices
      - ingressroutetcps
      - ingressrouteudps
      - tlsoptions
      - tlsstores
      - serverstransports
    verbs:
      - get
      - list
      - watch

The error shows this : cannot list resource "middlewares" in API group "traefik.io"

Is there something missing in the ClusterRole for API group traefik.io ? Is traefik.containo.us still a valid API ?

svx · April 25, 2023, 12:52pm

Hi @juchom!

Did you see the migration docs for 2.10 ?

juchom · April 25, 2023, 1:34pm

One last question I have this remaining warnings:

W0425 13:32:12.838455       1 warnings.go:70] The v1alpha2 version of Gateway has been deprecated and will be removed in a future release of the API. Please upgrade to v1beta1.
W0425 13:32:40.339285       1 warnings.go:70] The v1alpha2 version of HTTPRoute has been deprecated and will be removed in a future release of the API. Please upgrade to v1beta1.

Is it ok to have them is there something I can do to fix it ?

svx · April 26, 2023, 8:44am

Hi @juchom,
You don't have to worry about these.

For now, Traefik only supports v1alpha2.

See: Traefik Migration Documentation - Traefik.

We will address updating to v1beta1 in the future.

juchom · April 26, 2023, 8:47am

Thanks for the answer.

I'll definitely have to read the whole migration page !

system · April 29, 2023, 8:47am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Failed to list/watch resources Traefik v2 kubernetes-crd , kubernetes-ingress	7	10615	November 14, 2019
Logs show errors about ingressroutes Traefik v3 (latest) kubernetes-crd , kubernetes-ingress	1	36	July 21, 2024
Traefik 2.2.1 Middleware problem Traefik v2 middleware	4	1254	July 9, 2020
Middleware Parsing Issue? Traefik v2 kubernetes-crd	2	1043	February 3, 2020
Traefik middleware doesn't work Traefik v2 kubernetes-ingress , middleware	0	1663	April 13, 2021

Bunch of authorizations issues

Related topics