K8s middleware crd doesn't applying on my traefik instance

Traefik Traefik v2
, ,
1

Hi there!

I have a k3s instance:

Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.5+k3s2", GitCommit:"746cf4031370f443bf1230272bc79f2f72de2869", GitTreeState:"clean", BuildDate:"2020-12-18T01:41:55Z", GoVersion:"go1.15.5", Compiler:"gc", Platform:"linux/amd64"}

With cert-manager letsencrypt (with dns-01 solver) clusterissuer that issuing TLS certificates.

Also I have a traefik instance installed with helm chart with both kubernetesingress and kubernetescrd providers enabled:

    - --entryPoints.traefik.address=:9000/tcp
    - --entryPoints.web.address=:8000/tcp
    - --entryPoints.websecure.address=:8443/tcp
    - --api.dashboard=true
    - --ping=true
    - --providers.kubernetesingress
    - --providers.kubernetesingress.ingressendpoint.publishedservice=traefik/traefik-pvt
    - --log.level=DEBUG
    - --providers.kubernetesingress.ingressclass=traefik-pvt
    - --accesslog
    - --api=true
    - --api.insecure=true
    - --providers.kubernetescrd=true
    - --providers.kubernetescrd.namespaces=['traefik']

kubernetescrd provider listening on traefik namespace.

I want to achieve the following state:

  • All HTTP request permamently redirects to HTTPS
  • Cert-manager still issuing TLS certificates with dns-01 solver

Here is the steps I take:

  • Apply an ingress resource:
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  annotations:
    cert-manager.io/cluster-issuer: pvt-le-issuer
    kubernetes.io/ingress.class: traefik-pvt
    traefik.ingress.kubernetes.io/router.entrypoints: websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip
  name: api-pvt
  namespace: api
spec:
  rules:
  - host: example.com
    http:
      paths:
      - backend:
          serviceName: api
          servicePort: 9000
        path: /
  tls:
  - hosts:
    - example.com
    secretName: api-tls

And now I can request api with https and all goes fine. But if I request api with http I got 404 error. So I want to permanently redirect all http requests to https. Found out that redirectScheme middleware can help with it. So:

  • Apply a middleware resource:
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: https
spec:
  redirectScheme:
    scheme: https
    permanent: true

So what? I haven't any messages in pod's logs about new crd I'm applied earlier and I haven't any information about new middleware in dashboard, there is only internal dashboard's middlewares:

time="2021-02-13T15:56:42Z" level=debug msg="Creating middleware" middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2021-02-13T15:56:42Z" level=debug msg="Creating middleware" middlewareType=RedirectRegex entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_redirect@internal

I have all requiried crds:

$ k get crd | grep -i containo
NAME                                   CREATED AT
ingressroutes.traefik.containo.us      2021-02-05T19:05:37Z
ingressroutetcps.traefik.containo.us   2021-02-05T19:05:38Z
ingressrouteudps.traefik.containo.us   2021-02-05T19:05:38Z
middlewares.traefik.containo.us        2021-02-05T19:05:38Z
tlsoptions.traefik.containo.us         2021-02-05T19:05:38Z
tlsstores.traefik.containo.us          2021-02-05T19:05:38Z
traefikservices.traefik.containo.us    2021-02-05T19:05:38Z

Another k8s crds seems to applying fine (e.g. cert-manager's crds)