IngressRouteTCP CRD ignored even when labelselector is specified

ssarbadh · October 5, 2021, 4:32pm

Hey All,

I have been trying to get ssl-passthrough or tls-passthrough work with Traefik Ingress Controller on v2.

Apparently CRD (IngressRouteTCP) to implement this. This cannot be done using Ingress (kubernetes ingress - Please correct me and point to a direction if I am wrong.

Next, I have multiple Ingress controllers deployed, I need to map the CRD to be picked by one ingress controller only. I am looking at using labelselector at kubernetes crd (controller and resource).

values.yaml

providers:
  kubernetesCRD:
    enabled: true
    labelselector: "ingressclass=traefik-kafka"
    allowCrossNamespace: true
    namespaces: []
additionalArguments:
  - "--log.level=DEBUG"
  - "--providers.kubernetesingress.ingressclass=traefik-kafka"

Resultant Deployment args

      --providers.kubernetescrd.labelselector=ingressclass=traefik-kafka

IngressRouteTCP CRD

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  annotations:
    kubernetes.io/ingress.class: traefik-kafka
  name: shared-kafka-kafka-0
  namespace: mynamespace
  labels:
      ingressclass: traefik-kafka
spec:
  entryPoints:
    - websecure
  routes:
  - match: HostSNI(`hostname-FQDN`)
    services:
    - name: my-service
      port: 9094
      #weight: 3
      #TerminationDelay: 400
  tls:
    passthrough: true

Resource is created as expected.

Note: Controller namespace and IngressRouteTCP are in different namespaces.

Controller is not picking up the resource when defined in different namespace.
It is skipping the resource when defined in same namespace.

Log

time="2021-10-05T13:25:43Z" level=debug msg="Skipping Kubernetes event kind *v1alpha1.IngressRouteTCP" providerName=kubernetescrd

Please help troubleshoot and make it work.

tommoulard · October 12, 2021, 12:57pm

It seems to work when using the namespace default for your IngressRoute using helm. It works with all namespace using the yml way
Here's my IngressRoute

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: simplecrd
  namespace: default
  labels:
      ingressclass: traefik-kafka
spec:
  entryPoints:
    - web
  routes:
  - match: HostSNI(`*`)
    services:
    - name: whoamitcp
      port: 8080

And my values.yaml:

providers:
  kubernetesCRD:
    enabled: true
    labelselector: "ingressclass=traefik-kafka"
    allowCrossNamespace: true
    namespaces: []
additionalArguments:
  - "--log.level=DEBUG"
  - "--providers.kubernetesingress.ingressclass=traefik-kafka"

ssarbadh · October 18, 2021, 9:10am

Hello Tom,

Thanks a lot for your time on this.

Could you please confirm, for ssl-passthrough to work,
Do I need to setup both IngressRoute and IngressRouteTCP or only IngressRouteTCP alone is enough

Thanks

tommoulard · October 29, 2021, 8:37am

No, you don't have to setup both IngressRoute and IngressRouteTCP to have passthrough to work. IngressRouteTCP alone is enough

Topic		Replies	Views
Two traefik deployments for different purposes Traefik v2 kubernetes-ingress	2	403	September 18, 2020
Kubernetes CRD route trouble Traefik v2 kubernetes-crd	6	6152	July 10, 2020
Traefik Gateway Fabric Causing Redirect Loops with HTTPS Traefik v3 (latest) kubernetes-crd	0	24	October 18, 2024
kubernetesCRD namespace filtering Traefik v2 kubernetes-crd	1	525	July 29, 2020
Error from browser to many redirect but from dashboard everything is success Traefik v2 kubernetes-crd , kubernetes-ingress	1	487	January 27, 2023

IngressRouteTCP CRD ignored even when labelselector is specified

values.yaml

Resultant Deployment args

Related topics