K8s ingressEndpoint.hostname not copied to ingress status

Traefik Traefik v1
1

I'm trying to get Traefik working with ExternalDNS in AWS. This issue added support for copying info into the status of created ingresses in v1.7 (using 1.7.19), but I can't seem to get it to work. I am running AWS EKS with Traefik configured with a load balancer created outside of k8s (Traefik has a nodePort service). I have the following Traefik configuration:

    [kubernetes]
      [kubernetes.ingressEndpoint]
      hostname = "my-alb-east-2.elb.amazonaws.com"

When I create an ingress, the hostname is not getting copied to the ingress status. Instead, the ingress status looks like this:

status:
  loadBalancer: {}

I have seen examples of using kubernetes.IngressEndpoint.publishedService (which isn't a useful option since I'm using the nodePort service type), but not kubernetes.ingressEndpoint.hostname. I'm wondering if I'm doing something wrong, or if the hostname option just doesn't work (a bug).

2

Hello @bencompton,

What does your Traefik pod spec/deployment/daemonset look like?

How are you configuring Traefik?

Do you get any error or debug messages about setting the ingress status?

Have you ensured that you have the correct RBAC to update ingress objects?

3

@daniel.tomcej - thanks for your response. For clarity, I'll just provide my entire Traefik configuration:

apiVersion: v1
kind: ConfigMap
metadata:
  name: traefik-configmap
  namespace: kube-system
data:
  traefik-config.toml: |
    defaultEntryPoints = ["http","https"]

    [entryPoints]

      [entryPoints.http]
      address = ":80"

      [entryPoints.traefik]
      address = ":8080"

    [kubernetes]
      [kubernetes.ingressEndpoint]
      hostname = "my-alb.us-east-2.elb.amazonaws.com"

    [ping]
    entryPoint = "http"

    [api]
    entryPoint = "traefik"
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
    resources:
      - ingresses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
    - extensions
    resources:
    - ingresses/status
    verbs:
    - update
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
  name: traefik-ingress-controller
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-ingress-controller
subjects:
- kind: ServiceAccount
  name: traefik-ingress-controller
  namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
---
kind: DaemonSet
apiVersion: extensions/v1beta1
metadata:
  name: traefik-ingress-controller
  namespace: kube-system
  labels:
    k8s-app: traefik-ingress-lb
spec:
  template:
    metadata:
      labels:
        k8s-app: traefik-ingress-lb
        name: traefik-ingress-lb
    spec:
      serviceAccountName: traefik-ingress-controller
      terminationGracePeriodSeconds: 60
      containers:
      - image: traefik:v1.7.19
        name: traefik-ingress-lb
        ports:
        - name: http
          containerPort: 80
        - name: admin
          containerPort: 8080
        securityContext:
          capabilities:
            drop:
            - ALL
            add:
            - NET_BIND_SERVICE
        args:
        - --api
        - --kubernetes
        - --logLevel=INFO
        - --configfile=/config/traefik-config.toml
        volumeMounts:
          - mountPath: "/config"
            name: "traefik-configmap"
        readinessProbe:
          httpGet:
            path: /ping
            port: 80
          failureThreshold: 1
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 2
        livenessProbe:
          httpGet:
            path: /ping
            port: 80
          failureThreshold: 3
          initialDelaySeconds: 10
          periodSeconds: 10
          successThreshold: 1
          timeoutSeconds: 2 
      volumes:
        - name: traefik-configmap
          configMap:
            name: traefik-configmap
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-ingress-service
  namespace: kube-system
spec:
  type: NodePort
  ports:
    - port: 80
      nodePort: 30080
  selector:
    k8s-app: traefik-ingress-lb
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-admin-service
  namespace: kube-system
spec:
  ports:
    - port: 8080
  selector:
    k8s-app: traefik-ingress-lb

According to the RBAC configuration above, Traefik should be able to update ingress objects. I have tried enabling the debug log level, creating and destroying ingresses, and looking through the logs from all Traefik pods. I don't see anything about ingress status, or anything else that looks relevant to this issue.

4

Hello @bencompton,

When you provide:

- --kubernetes as a command line argument, it takes priority, and causes the kubernetes section of the config file to be ignored. It also sets all values to their defaults as per the documentation:

https://docs.traefik.io/v1.7/basics/#static-traefik-configuration

Try removing that from your configuration, and it should behave as you intend it to.

5

Thank you so much, @daniel.tomcej--works perfectly now!