I am deploying the latest Traefik version on k3s:
k3s --version
k3s version v1.30.4+k3s1 (98262b5d)
go version go1.22.5
Traefik version 3.1.2 built on 2024-08-06T13:37:51Z version=3.1.2
Values:
# Default values for Traefik
image:
# -- Traefik image host registry
registry: docker.io
# -- Traefik image repository
repository: traefik
# -- defaults to appVersion
tag: ""
# -- Traefik image pull policy
pullPolicy: Always
# -- Add additional label to all resources
commonLabels: {}
#
# Configure the deployment
#
deployment:
# -- Enable deployment
enabled: true
# -- Deployment or DaemonSet
kind: Deployment
# -- Number of pods of the deployment (only applies when kind == Deployment)
replicas: 1
# -- Number of old history to retain to allow rollback (If not set, default Kubernetes value is set to 10)
# revisionHistoryLimit: 1
# -- Amount of time (in seconds) before Kubernetes will send the SIGKILL signal if Traefik does not shut down
terminationGracePeriodSeconds: 60
# -- The minimum number of seconds Traefik needs to be up and running before the DaemonSet/Deployment controller considers it available
minReadySeconds: 0
## Override the liveness/readiness port. This is useful to integrate traefik
## with an external Load Balancer that performs healthchecks.
## Default: ports.traefik.port
# healthchecksPort: 9000
## Override the liveness/readiness host. Useful for getting ping to respond on non-default entryPoint.
## Default: ports.traefik.hostIP if set, otherwise Pod IP
# healthchecksHost: localhost
## Override the liveness/readiness scheme. Useful for getting ping to
## respond on websecure entryPoint.
# healthchecksScheme: HTTPS
# -- Additional deployment annotations (e.g. for jaeger-operator sidecar injection)
annotations:
diun.enable: "true"
diun.notify_on: "new;update"
initContainers:
# The "volume-permissions" init container is required if you run into permission issues.
# Related issue: https://github.com/traefik/traefik-helm-chart/issues/396
- name: volume-permissions
image: busybox:latest
command: ["sh", "-c", "touch /data/acme.json; chown 65532:65532 /data/acme.json; chmod -v 600 /data/acme.json"]
securityContext:
runAsNonRoot: false
runAsGroup: 65532
runAsUser: 65532
volumeMounts:
- name: data
mountPath: /data
# -- Use process namespace sharing
shareProcessNamespace: false
# -- Custom pod DNS policy. Apply if `hostNetwork: true`
# dnsPolicy: ClusterFirstWithHostNet
dnsConfig: {}
# nameservers:
# - 192.0.2.1 # this is an example
# searches:
# - ns1.svc.cluster-domain.example
# - my.dns.search.suffix
# options:
# - name: ndots
# value: "2"
# - name: edns0
# -- Additional imagePullSecrets
imagePullSecrets: []
runtimeClassName:
# -- Pod disruption budget
podDisruptionBudget:
enabled: false
# maxUnavailable: 1
# maxUnavailable: 33%
# minAvailable: 0
# minAvailable: 25%
# -- Create a default IngressClass for Traefik
ingressClass:
enabled: true
isDefaultClass: true
# name: my-custom-class
## Create an IngressRoute for the dashboard
ingressRoute:
dashboard:
# -- Create an IngressRoute for the dashboard
enabled: true
# -- Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# -- Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
# -- The router match rule used for the dashboard ingressRoute
matchRule: PathPrefix(`/dashboard`) || PathPrefix(`/api`) || Host(`traefik.axtunes.com`)
# Host(`traefik.axtunes.com`) for https cert generation
# -- Specify the allowed entrypoints to use for the dashboard ingress route, (e.g. traefik, web, websecure).
# By default, it's using traefik entrypoint, which is not exposed.
# /!\ Do not expose your dashboard without any protection over the internet /!\
entryPoints: ["traefik"]
# -- Additional ingressRoute middlewares (e.g. for authentication)
middlewares: []
# - name: https-redirectscheme
# namespace: traefik
# -- TLS options (e.g. secret containing certificate)
services:
- name: traefik
kind: TraefikService
port: 9000
tls:
certResolver: ionos
# for cert generation via ionos api
healthcheck:
# -- Create an IngressRoute for the healthcheck probe
enabled: false
# -- Additional ingressRoute annotations (e.g. for kubernetes.io/ingress.class)
annotations: {}
# -- Additional ingressRoute labels (e.g. for filtering IngressRoute by custom labels)
labels: {}
# -- The router match rule used for the healthcheck ingressRoute
matchRule: PathPrefix(`/ping`)
# -- Specify the allowed entrypoints to use for the healthcheck ingress route, (e.g. traefik, web, websecure).
# By default, it's using traefik entrypoint, which is not exposed.
entryPoints: ["traefik"]
# -- Additional ingressRoute middlewares (e.g. for authentication)
middlewares: []
# -- TLS options (e.g. secret containing certificate)
tls: {}
# -- Define Startup Probe for container: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
# eg.
# `startupProbe:
# exec:
# command:
# - mycommand
# - foo
# initialDelaySeconds: 5
# periodSeconds: 5`
startupProbe:
providers:
kubernetesCRD:
# -- Load Kubernetes IngressRoute provider
enabled: true
# -- Allows IngressRoute to reference resources in namespace other than theirs
allowCrossNamespace: false
# -- Allows to reference ExternalName services in IngressRoute
allowExternalNameServices: false
# -- Allows to return 503 when there is no endpoints available
allowEmptyServices: true
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
# -- Array of namespaces to watch. If left empty, Traefik watches all namespaces.
namespaces: []
# - "default"
nativeLBByDefault:
kubernetesIngress:
# -- Load Kubernetes Ingress provider
enabled: true
# -- Allows to reference ExternalName services in Ingress
allowExternalNameServices: false
# -- Allows to return 503 when there is no endpoints available
allowEmptyServices: true
# ingressClass: traefik-internal
# labelSelector: environment=production,method=traefik
# -- Array of namespaces to watch. If left empty, Traefik watches all namespaces.
namespaces: []
# - "default"
# Disable cluster IngressClass Lookup - Requires Traefik V3.
# When combined with rbac.namespaced: true, ClusterRole will not be created and ingresses must use kubernetes.io/ingress.class annotation instead of spec.ingressClassName.
disableIngressClassLookup: false
# IP used for Kubernetes Ingress endpoints
publishedService:
enabled: false
# Published Kubernetes Service to copy status from. Format: namespace/servicename
# By default this Traefik service
# pathOverride: ""
file:
# -- Create a file provider
enabled: false
# -- Allows Traefik to automatically watch for file changes
watch: true
# -- File content (YAML format, go template supported) (see https://doc.traefik.io/traefik/providers/file/)
content: ""
# http:
# routers:
# router0:
# entryPoints:
# - web
# middlewares:
# - my-basic-auth
# service: service-foo
# rule: Path(`/foo`)
#
# -- Add volumes to the traefik pod. The volume name will be passed to tpl.
# This can be used to mount a cert pair or a configmap that holds a config.toml file.
# After the volume has been mounted, add the configs into traefik by using the `additionalArguments` list below, eg:
# `additionalArguments:
# - "--providers.file.filename=/config/dynamic.toml"
# - "--ping"
# - "--ping.entrypoint=web"`
logs:
general:
# -- By default, the logs use a text format (common), but you can
# also ask for the json format in the format option
# format: json
# By default, the level is set to ERROR.
# -- Alternative logging levels are DEBUG, PANIC, FATAL, ERROR, WARN, and INFO.
level: INFO
access:
# -- To enable access logs
enabled: false
## By default, logs are written using the Common Log Format (CLF) on stdout.
## To write logs in JSON, use json in the format option.
## If the given format is unsupported, the default (CLF) is used instead.
# format: json
# filePath: "/var/log/traefik/access.log
## To write the logs in an asynchronous fashion, specify a bufferingSize option.
## This option represents the number of log lines Traefik will keep in memory before writing
## them to the selected output. In some cases, this option can greatly help performances.
# bufferingSize: 100
## Filtering
# -- https://docs.traefik.io/observability/access-logs/#filtering
filters: {}
# statuscodes: "200,300-302"
# retryattempts: true
# minduration: 10ms
fields:
general:
# -- Available modes: keep, drop, redact.
defaultmode: keep
# -- Names of the fields to limit.
names: {}
## Examples:
# ClientUsername: drop
headers:
# -- Available modes: keep, drop, redact.
defaultmode: drop
# -- Names of the headers to limit.
names: {}
## Examples:
# User-Agent: redact
# Authorization: drop
# Content-Type: keep
# -- Global command arguments to be passed to all traefik's pods
globalArguments:
- "--global.checknewversion"
additionalArguments:
# - --entrypoints.websecure.http.tls.certresolver=ionos
- --entrypoints.websecure.http.tls.domains[0].main=axtunes.com
- --entrypoints.websecure.http.tls.domains[0].sans=*.axtunes.com
- --entrypoints.web.http.redirections.entryPoint.to=websecure
- --certificatesresolvers.ionos.acme.dnschallenge.provider=ionos
- --certificatesresolvers.ionos.acme.email=letsencrypt@axtunes.com
- --certificatesresolvers.ionos.acme.dnschallenge.resolvers=ns1092.ui-dns.de
# - --certificatesresolvers.ionos.acme.apiKey=${TRAEFIK_API_KEY}
- --certificatesresolvers.ionos.acme.storage=/data/acme.json
# - --entrypoints.web.address=:80
# - --entrypoints.https.address=:443
# - "--providers.kubernetesingress.ingressclass=traefik-internal"
# - "--log.level=DEBUG"
# -- Environment variables to be passed to Traefik's binary
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
- name: IONOS_API_KEY
valueFrom:
secretKeyRef:
name: traefik-secret
key: IONOS_API_KEY
# -- Environment variables to be passed to Traefik's binary from configMaps or secrets
envFrom: []
# - configMapRef:
# name: config-map-name
# - secretRef:
# name: secret-name
ports:
traefik:
port: 9000
# -- Use hostPort if set.
# hostPort: 9000
#
# -- Use hostIP if set. If not set, Kubernetes will default to 0.0.0.0, which
# means it's listening on all your interfaces and all your IPs. You may want
# to set this value if you need traefik to listen on specific interface
# only.
# hostIP: 192.168.100.10
# Defines whether the port is exposed if service.type is LoadBalancer or
# NodePort.
#
# -- You SHOULD NOT expose the traefik port on production deployments.
# If you want to access it from outside your cluster,
# use `kubectl port-forward` or create a secure ingress
expose:
default: true
# -- The exposed port for this service
exposedPort: 9000
# -- The port protocol (TCP/UDP)
protocol: TCP
web:
## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint.
# asDefault: true
port: 8000
# hostPort: 8000
# containerPort: 8000
expose:
default: true
exposedPort: 80
## -- Different target traefik port on the cluster, useful for IP type LB
# targetPort: 80
# The port protocol (TCP/UDP)
protocol: TCP
# -- Use nodeport if set. This is useful if you have configured Traefik in a
# LoadBalancer.
# nodePort: 32080
# Port Redirections
# Added in 2.2, you can make permanent redirects via entrypoints.
# https://docs.traefik.io/routing/entrypoints/#redirection
# redirectTo:
# port: websecure
# (Optional)
# priority: 10
#
# Trust forwarded headers information (X-Forwarded-*).
# forwardedHeaders:
# trustedIPs: []
# insecure: false
#
# Enable the Proxy Protocol header parsing for the entry point
# proxyProtocol:
# trustedIPs: []
# insecure: false
websecure:
## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint.
# asDefault: true
port: 8443
# hostPort: 8443
# containerPort: 8443
expose:
default: true
exposedPort: 443
## -- Different target traefik port on the cluster, useful for IP type LB
# targetPort: 80
## -- The port protocol (TCP/UDP)
protocol: TCP
gitea-ssh:
## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint.
# asDefault: true
port: 2222
# hostPort: 8443
# containerPort: 8443
expose:
default: true
exposedPort: 2222
## -- Different target traefik port on the cluster, useful for IP type LB
# targetPort: 80
## -- The port protocol (TCP/UDP)
protocol: TCP
torrent-tcp:
## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint.
# asDefault: true
port: 64225
# hostPort: 8443
# containerPort: 8443
expose:
default: true
exposedPort: 64225
## -- Different target traefik port on the cluster, useful for IP type LB
# targetPort: 80
## -- The port protocol (TCP/UDP)
protocol: TCP
torrent-udp:
## -- Enable this entrypoint as a default entrypoint. When a service doesn't explicitly set an entrypoint it will only use this entrypoint.
# asDefault: true
port: 64225
# hostPort: 8443
# containerPort: 8443
expose:
default: true
exposedPort: 64225
## -- Different target traefik port on the cluster, useful for IP type LB
# targetPort: 80
## -- The port protocol (TCP/UDP)
protocol: UDP
# nodePort: 32443
## -- Specify an application protocol. This may be used as a hint for a Layer 7 load balancer.
# appProtocol: https
#
## -- Enable HTTP/3 on the entrypoint
## Enabling it will also enable http3 experimental feature
## https://doc.traefik.io/traefik/routing/entrypoints/#http3
## There are known limitations when trying to listen on same ports for
## TCP & UDP (Http3). There is a workaround in this chart using dual Service.
## https://github.com/kubernetes/kubernetes/issues/47249#issuecomment-587960741
http3:
enabled: false
# advertisedPort: 4443
#
## -- Trust forwarded headers information (X-Forwarded-*).
# forwardedHeaders:
# trustedIPs: []
# insecure: false
#
## -- Enable the Proxy Protocol header parsing for the entry point
# proxyProtocol:
# trustedIPs: []
# insecure: false
#
## Set TLS at the entrypoint
## https://doc.traefik.io/traefik/routing/entrypoints/#tls
tls:
enabled: true
# this is the name of a TLSOption definition
options: ""
certResolver: "letsencrypt"
domains:
- main: "axtunes.com"
sans:
- "*.axtunes.com"
# - bar.example.com
#
# -- One can apply Middlewares on an entrypoint
# https://doc.traefik.io/traefik/middlewares/overview/
# https://doc.traefik.io/traefik/routing/entrypoints/#middlewares
# -- /!\ It introduces here a link between your static configuration and your dynamic configuration /!\
# It follows the provider naming convention: https://doc.traefik.io/traefik/providers/overview/#provider-namespace
# middlewares:
# - namespace-name1@kubernetescrd
# - namespace-name2@kubernetescrd
middlewares: []
metrics:
# -- When using hostNetwork, use another port to avoid conflict with node exporter:
# https://github.com/prometheus/prometheus/wiki/Default-port-allocations
port: 9100
# hostPort: 9100
# Defines whether the port is exposed if service.type is LoadBalancer or
# NodePort.
#
# -- You may not want to expose the metrics port on production deployments.
# If you want to access it from outside your cluster,
# use `kubectl port-forward` or create a secure ingress
expose:
default: false
# -- The exposed port for this service
exposedPort: 9100
# -- The port protocol (TCP/UDP)
protocol: TCP
service:
enabled: true
## -- Single service is using `MixedProtocolLBService` feature gate.
## -- When set to false, it will create two Service, one for TCP and one for UDP.
single: true
type: LoadBalancer
# -- Additional annotations applied to both TCP and UDP services (e.g. for cloud provider specific config)
annotations: {}
# -- Additional annotations for TCP service only
annotationsTCP: {}
# -- Additional annotations for UDP service only
annotationsUDP: {}
# -- Additional service labels (e.g. for filtering Service by custom labels)
labels: {}
# -- Additional entries here will be added to the service spec.
# -- Cannot contain type, selector or ports entries.
spec:
externalTrafficPolicy: Cluster
loadBalancerIP: "192.168.178.81"
# clusterIP: "2.3.4.5"
loadBalancerSourceRanges:
- 192.168.178.0/24
# - 172.16.0.0/16
## -- Class of the load balancer implementation
# loadBalancerClass: service.k8s.aws/nlb
externalIPs:
- 192.168.178.81
persistence:
# -- Enable persistence using Persistent Volume Claims
# ref: http://kubernetes.io/docs/user-guide/persistent-volumes/
# It can be used to store TLS certificates, see `storage` in certResolvers
enabled: true
name: data
existingClaim: "traefik-pvc"
accessMode: ReadWriteMany
size: 128Mi
storageClass: "managed-nfs-storage"
# volumeName: "data"
path: /data
annotations: {}
# -- Only mount a subpath of the Volume into the pod
# subPath: ""
# -- Certificates resolvers configuration
certResolvers:
ionos:
email: letsencrypt@axtunes.com
dnsChallenge:
# also add the provider's required configuration under env
# or expand then from secrets/configmaps with envfrom
# cf. https://doc.traefik.io/traefik/https/acme/#providers
provider: ionos
# add futher options for the dns challenge as needed
# cf. https://doc.traefik.io/traefik/https/acme/#dnschallenge
delayBeforeCheck: 30
resolvers:
- "ns1092.ui-dns.de"
- "ns1092.ui-dns.com"
- "ns1092.ui-dns.org"
- "ns1092.ui-dns.biz"
# apiKey: IONOS_API_KEY
# tlsChallenge: true
# httpChallenge:
# entryPoint: "web"
# It has to match the path with a persistent volume
storage: /data/acme.json
hostNetwork: false
# -- Whether Role Based Access Control objects like roles and rolebindings should be created
rbac:
enabled: true
securityContext:
capabilities:
drop: [ALL]
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
podSecurityContext:
# /!\ When setting fsGroup, Kubernetes will recursively change ownership and
# permissions for the contents of each volume to match the fsGroup. This can
# be an issue when storing sensitive content like TLS Certificates /!\
# fsGroup: 65532
# -- Specifies the policy for changing ownership and permissions of volume contents to match the fsGroup.
fsGroupChangePolicy: "OnRootMismatch"
# -- The ID of the group for all containers in the pod to run as.
runAsGroup: 65532
# -- Specifies whether the containers should run as a non-root user.
runAsNonRoot: true
# -- The ID of the user for all containers in the pod to run as.
runAsUser: 65532
I created a service to fix the error:
2024-09-09T15:53:59Z ERR error="the service "traefik-traefik@kubernetescrd" does not exist" entryPointName=traefik routerName=traefik-traefik-dashboard-d61260683ba5e5f43c7b@kubernetescrd
Service:
apiVersion: v1
kind: Service
metadata:
name: traefik
namespace: traefik
spec:
selector:
app.kubernetes.io/name: traefik
ports:
- protocol: TCP
port: 9000
targetPort: 9000
type: LoadBalancer
loadBalancerIP: 192.168.178.81
IngressRoute:
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard
namespace: traefik
spec:
entryPoints:
- websecure
routes:
- kind: Rule
match: Host(`traefik.axtunes.com`)
services:
- name: traefik
port: 9000
tls:
certResolver: ionos
kubectl describe service traefik -n traefik
Name: traefik
Namespace: traefik
Labels: <none>
Annotations: <none>
Selector: app.kubernetes.io/name=traefik
Type: LoadBalancer
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.43.102.125
IPs: 10.43.102.125
IP: 192.168.178.81
LoadBalancer Ingress: 192.168.178.11, 192.168.178.12, 192.168.178.13
Port: <unset> 9000/TCP
TargetPort: 9000/TCP
NodePort: <unset> 31350/TCP
Endpoints: 10.42.1.11:9000
Session Affinity: None
External Traffic Policy: Cluster
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal UpdatedLoadBalancer 31m service-lb-controller Updated LoadBalancer with new IPs: [] -> [192.168.178.12]
Normal UpdatedLoadBalancer 31m service-lb-controller Updated LoadBalancer with new IPs: [192.168.178.12] -> [192.168.178.12 192.168.178.13]
Normal UpdatedLoadBalancer 31m service-lb-controller Updated LoadBalancer with new IPs: [192.168.178.12 192.168.178.13] -> [192.168.178.11 192.168.178.12 192.168.178.13]
Normal LoadbalancerIP 28m service-controller 192.168.178.8 -> 192.168.178.80
Normal EnsuringLoadBalancer 28m (x4 over 31m) service-controller Ensuring load balancer
Normal AppliedDaemonSet 28m (x4 over 31m) service-lb-controller Applied LoadBalancer DaemonSet kube-system/svclb-traefik-2442c154
Normal LoadbalancerIP 28m service-controller 192.168.178.80 -> 192.168.178.81
Pod:
kubectl describe pod traefik-6f95878457-vcj7n -n traefik
Name: traefik-6f95878457-vcj7n
Namespace: traefik
Priority: 0
Service Account: traefik
Node: k3s02/192.168.178.12
Start Time: Mon, 09 Sep 2024 15:53:55 +0000
Labels: app.kubernetes.io/instance=traefik-traefik
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=traefik
helm.sh/chart=traefik-31.0.0
pod-template-hash=6f95878457
Annotations: prometheus.io/path: /metrics
prometheus.io/port: 9100
prometheus.io/scrape: true
Status: Running
IP: 10.42.1.11
IPs:
IP: 10.42.1.11
Controlled By: ReplicaSet/traefik-6f95878457
Init Containers:
volume-permissions:
Container ID: containerd://4b195f79ea68b94f91f9c04737389a63ebda97530a538e0d0f411023cf330872
Image: busybox:latest
Image ID: docker.io/library/busybox@sha256:34b191d63fbc93e25e275bfccf1b5365664e5ac28f06d974e8d50090fbb49f41
Port: <none>
Host Port: <none>
Command:
sh
-c
touch /data/acme.json; chown 65532:65532 /data/acme.json; chmod -v 600 /data/acme.json
State: Terminated
Reason: Completed
Exit Code: 0
Started: Mon, 09 Sep 2024 15:53:57 +0000
Finished: Mon, 09 Sep 2024 15:53:57 +0000
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/data from data (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-7fjtx (ro)
Containers:
traefik:
Container ID: containerd://a5264254c70a8677530ee8b6dbe4d9de00bb721cb13b9ac1757e438c70941d93
Image: docker.io/traefik:v3.1.2
Image ID: docker.io/library/traefik@sha256:3f92eba47bd4bfda91d47b72d16fef2d7ae15db61a92b2057cf0cb389f8938f6
Ports: 2222/TCP, 9100/TCP, 64225/TCP, 64225/UDP, 9000/TCP, 8000/TCP, 8443/TCP
Host Ports: 0/TCP, 0/TCP, 0/TCP, 0/UDP, 0/TCP, 0/TCP, 0/TCP
Args:
--global.checknewversion
--entryPoints.gitea-ssh.address=:2222/tcp
--entryPoints.metrics.address=:9100/tcp
--entryPoints.torrent-tcp.address=:64225/tcp
--entryPoints.torrent-udp.address=:64225/udp
--entryPoints.traefik.address=:9000/tcp
--entryPoints.web.address=:8000/tcp
--entryPoints.websecure.address=:8443/tcp
--api.dashboard=true
--ping=true
--metrics.prometheus=true
--metrics.prometheus.entrypoint=metrics
--providers.kubernetescrd
--providers.kubernetesingress
--entryPoints.torrent-udp.http.tls=true
--entryPoints.torrent-udp.http.tls.certResolver=letsencrypt
--entryPoints.torrent-udp.http.tls.domains[0].main=axtunes.com
--entryPoints.torrent-udp.http.tls.domains[0].sans=*.axtunes.com
--entryPoints.websecure.http.tls=true
--log.level=INFO
--certificatesresolvers.ionos.acme.dnsChallenge.delayBeforeCheck=30
--certificatesresolvers.ionos.acme.dnsChallenge.provider=ionos
--certificatesresolvers.ionos.acme.dnsChallenge.resolvers=ns1092.ui-dns.de,ns1092.ui-dns.com,ns1092.ui-dns.org,ns1092.ui-dns.biz
--certificatesresolvers.ionos.acme.email=letsencrypt@axtunes.com
--certificatesresolvers.ionos.acme.storage=/data/acme.json
--entrypoints.websecure.http.tls.domains[0].main=axtunes.com
--entrypoints.websecure.http.tls.domains[0].sans=*.axtunes.com
--entrypoints.web.http.redirections.entryPoint.to=websecure
--certificatesresolvers.ionos.acme.dnschallenge.provider=ionos
--certificatesresolvers.ionos.acme.email=letsencrypt@axtunes.com
--certificatesresolvers.ionos.acme.dnschallenge.resolvers=ns1092.ui-dns.de
--certificatesresolvers.ionos.acme.storage=/data/acme.json
State: Running
Started: Mon, 09 Sep 2024 15:53:58 +0000
Ready: True
Restart Count: 0
Liveness: http-get http://:9000/ping delay=2s timeout=2s period=10s #success=1 #failure=3
Readiness: http-get http://:9000/ping delay=2s timeout=2s period=10s #success=1 #failure=1
Environment:
POD_NAME: traefik-6f95878457-vcj7n (v1:metadata.name)
POD_NAMESPACE: traefik (v1:metadata.namespace)
IONOS_API_KEY: <set to the key 'IONOS_API_KEY' in secret 'traefik-secret'> Optional: false
Mounts:
/data from data (rw)
/tmp from tmp (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-7fjtx (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
data:
Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
ClaimName: traefik-pvc
ReadOnly: false
tmp:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
kube-api-access-7fjtx:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 39m default-scheduler Successfully assigned traefik/traefik-6f95878457-vcj7n to k3s02
Normal Pulling 39m kubelet Pulling image "busybox:latest"
Normal Pulled 39m kubelet Successfully pulled image "busybox:latest" in 849ms (849ms including waiting). Image size: 2163676 bytes.
Normal Created 39m kubelet Created container volume-permissions
Normal Started 39m kubelet Started container volume-permissions
Normal Pulling 39m kubelet Pulling image "docker.io/traefik:v3.1.2"
Normal Pulled 39m kubelet Successfully pulled image "docker.io/traefik:v3.1.2" in 809ms (809ms including waiting). Image size: 48588457 bytes.
Normal Created 39m kubelet Created container traefik
Normal Started 39m kubelet Started container traefik
Logs:
{"level":"error","error":"kubernetesingress cannot be a standalone element (type *cli.ingress)","time":"2024-09-09T15:53:59Z","message":"deprecated static options analysis failed"}
2024-09-09T15:53:59Z INF Traefik version 3.1.2 built on 2024-08-06T13:37:51Z version=3.1.2
2024-09-09T15:53:59Z INF
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://doc.traefik.io/traefik/contributing/data-collection/
2024-09-09T15:53:59Z INF Starting provider aggregator aggregator.ProviderAggregator
2024-09-09T15:53:59Z INF Starting provider *traefik.Provider
2024-09-09T15:53:59Z INF Starting provider *ingress.Provider
2024-09-09T15:53:59Z INF Starting provider *crd.Provider
2024-09-09T15:53:59Z INF ingress label selector is: "" providerName=kubernetes
2024-09-09T15:53:59Z INF Creating in-cluster Provider client providerName=kubernetes
2024-09-09T15:53:59Z INF Starting provider *acme.Provider
2024-09-09T15:53:59Z INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=ionos.acme
2024-09-09T15:53:59Z ERR error="the service \"traefik-traefik@kubernetescrd\" does not exist" entryPointName=traefik routerName=traefik-traefik-dashboard-d61260683ba5e5f43c7b@kubernetescrd
2024-09-09T16:00:20Z ERR error="kubernetes service not found: traefik/traefik" ingress=traefik-dashboard namespace=traefik providerName=kubernetescrd
2024-09-09T16:01:04Z ERR error="no servers found for traefik/traefik" ingress=traefik-dashboard namespace=traefik providerName=kubernetescrd
Can somebody point me to the right direction, please? I'm out of ideas and ChatGPT is suggesting the same over and over with no fix.