Error while reading basic auth middleware: failed to load auth credentials

Traefik Traefik v2
,
1

Hello,

I see this in the log:

time="2020-01-12T13:58:48Z" level=error msg="Error while reading basic auth middleware: failed to load auth credentials: secret 'default/traefik-admin-basic-auth' not found" providerName=kubernetescrd middlewareName=default-traefik-use-basic-auth

I am using Kubernetes 1.14. The basicAuth middleware is created with

---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: traefik-use-basic-auth
spec:
  basicAuth:
    secret: traefik-admin-basic-auth

The Traefik pods are instantiated using this deployment:

---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik-deployment
  labels:
    app: traefik
spec:
  replicas: 3
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-ingress-controller
      containers:
      - name: traefik
        image: traefik:v2.1.1
        args:
          - --entrypoints.web.address=:80
          - --entrypoints.websecure.address=:443
          - --api=true
          - --api.dashboard=true
          - --log.level=INFO
          - --accesslog=true
          - --providers.kubernetescrd=true
          - --providers.kubernetesingress=true
          - --ping=true
        ports:
          - name: web
            containerPort: 80
          - name: websecure
            containerPort: 443

The secret is defined:

$ kubectl get secret traefik-admin-basic-auth -o yaml
apiVersion: v1
data:
  users: YWRtaXXXXXXXXXXXXXXXXXXXXXXXX1hDTnVqWHhETUlGTU5ZTEQwVzVXUE13VUlLCg==
kind: Secret
metadata:
  creationTimestamp: "2020-01-12T00:01:27Z"
  name: traefik-admin-basic-auth
  namespace: default
  resourceVersion: "195692"
  selfLink: /api/v1/namespaces/default/secrets/traefik-admin-basic-auth
  uid: ae16cb20-34ce-11ea-97dc-0a36a3f0713e
type: Opaque

I would be grateful for any insights on why the basic auth middleware cannot find the secret.

Please let me know if I need to provide more information.

Thanks,

Scott

2

I have verified that both the secret and the Traefik pods are in the same (default) namespace and so cross-namespace issues should not be the problem.

Also looking at the code for loadAuthCredentials() at

I see that the error message "default/traefik-admin-basic-auth" confirms that the Traefik container knows the namespace it should use for the secret is default.

I have also verified that the Traefik container was instantiated using the correct serviceAccountName (traefik-ingress-controller) and that the RBAC has been setup as detailed in the documentation, so that service account should have the correct privileges.

Are there other steps I can take to debug? I did set log.level=DEBUG but did not immediately see any other details that hinted at why the container cannot find the secret.

Again, thanks for any input or guidance anyone can provide.