How to allow middleware in another kubernetes namespace with traefik 2.5.x

Hello, I have created several middleware-definitions within the traefik-namespace and I am using them in several other projects and namespaces with traefik 2.4.9

The ingressroute definitions actually look like this:

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: app-public-http
  namespace: registry
spec:
  entryPoints:
  - public-http
  routes:
  - kind: Rule
    match: Host(`docker.xxxx.com`)
    middlewares:
    - name: redirect-to-https-temp
      namespace: traefik-2
    services:
    - name: registry
      port: 5000

The middlewares in the namespace traefik-2 look like this:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: redirect-to-https-temp
  namespace: traefik-2
  resourceVersion: "1151"
  uid: 22a57a07-9ca0-497a-85a5-44716a64a0e4
spec:
  redirectScheme:
    scheme: https

When upgrading to traefik 2.5.1 or 2.5.2, this is not working anymore and I get many of the following errors:

time="2021-09-13T16:23:16Z" level=error msg="Failed to create middleware keys: middleware traefik-2/redirect-to-https-temp is not in the IngressRoute namespace registry" ingress=app-public-http namespace=registry providerName=kubernetescrd

The service endpoints using those middlewares are not available.

I have searched around for a solution and I am wondering about if this is related to Avoid unauthorized middleware cross namespace reference by jbdoumenjou · Pull Request #8322 · traefik/traefik · GitHub

Can somebody tell me how to fix this?

The traefik Dashboard does not tell anything about these errors. However, the number of the Routers is greatly reduced:

traefik 2.4.9

traefik 2.5.1

Thanks and kind regards!

1 Like

ok, I found the solution here:

I had to set

--providers.kubernetescrd.allowCrossNamespace=true

to get this work again.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.