Got stuck with IngressRoute and 404

Traefik
1

I do have the following Service :

---
apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: whoami
  name: whoami
spec:
  replicas: 1
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
        - image: traefik/whoami:latest
          name: whoami
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: whoami-svc
spec:
  type: ClusterIP
  selector:
    app: whoami
  ports:
    - port: 80

It can be reached via the following Ingress :

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: whoami-ingress
  annotations:
    traefik.ingress.kubernetes.io/router.entrypoints: web
spec:
  rules:
    - http:
        paths:
          - path: /whoami
            pathType: Prefix
            backend:
              service:
                name: whoami-svc
                port:
                  number: 80

“curl http://localhost/whoami” works fine. Anyway because of missing the annotation “urlRewrite” I think I need to use “IngressRouter”

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: whoami-ingressroute
  namespace: demo
spec:
  entryPoints:
    - web # Change to "websecure" if using HTTPS
  routes:
    - match: PathPrefix(`/whoami`)
      kind: Rule
      services:
        - kind: Service
          name: whoami-svc
          port: 80
          namespace: demo

But the I receive 404 when “curl http://localhost/whoami” I am stuck here.

Additionally I tried the same with HttpRoute :

% kubectl get gateway -A
NAMESPACE     NAME              CLASS     ADDRESS   PROGRAMMED   AGE
kube-system   traefik-gateway   traefik             True         5h32m

And then

---
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: whoami-httproute
spec:
  parentRefs:
  - name: traefik-gateway
    namespace: kube-system
  rules:
    - matches:
      - path:
          type: PathPrefix
          value: /whoami
      backendRefs:
        - name: whoami-svc
          port: 80

Same results

2

I got a working configuration on RKE2

  1. Setup traefik on RKE2
# /etc/rancher/rke2/config.yaml
token: xx5029xxxxxxxxxxxxxxxb38f6
agent-token: xxx337xxxxxxxxxxxxxxxxxxxxxxca21f
tls-san:
  - rke2.ext.example.com
node-name: control-plane-01
ingress-controller:
  - traefik

Configuration for traefik

# /var/lib/rancher/rke2/server/manifests/rke2-traefik-config.yaml
apiVersion: helm.cattle.io/v1
kind: HelmChartConfig
metadata:
  name: rke2-traefik
  namespace: kube-system
spec:
  valuesContent: |-
    providers:
      kubernetesGateway:
        enabled: true
    gateway:
      listeners:
        web:
          namespacePolicy:
            from: All

Deployment and Service

# whoami.yaml
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: whoami
spec:
  replicas: 2
  selector:
    matchLabels:
      app: whoami
  template:
    metadata:
      labels:
        app: whoami
    spec:
      containers:
        - name: whoami
          image: traefik/whoami
          ports:
            - containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
  name: whoami
spec:
  ports:
    - port: 80
  selector:
    app: whoami

And finally the httproute using traefik-gateway

# whoami-httproute.yaml
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: whoami-httproute
spec:
  parentRefs:
    - name: traefik-gateway
      namespace: kube-system
  rules:
    - matches:
        - path:
            type: PathPrefix
            value: /whoami
      backendRefs:
        - name: whoami
          port: 80

As this is using the following gateway that accepts “all” namespaces

% kubectl get gateway -A
NAMESPACE     NAME              CLASS     ADDRESS   PROGRAMMED   AGE
kube-system   traefik-gateway   traefik             True         4h11m

“curl http://localhost/whoami” works like a charm. The next Steps will be urlRewrite and Certs