[k8s] Middleware don't see by traefik

Traefik Traefik v3 (latest)
,
1

Hello,

I use Traefik v3 at home in my k3s cluster and since few week my traefik don't see Middleware.
I'm on traefik helm chart on v28.0.0.

Middleware exemple :

---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: ${name}
  namespace: ${namespace}
spec:
  forwardAuth:
    address: http://${name}.${namespace}.${cluster_domain}:9091/api/verify?rd=https://${subdomain}.${external_domain}/
    trustForwardHeader: true
    authResponseHeaders:
      - Remote-User
      - Remote-Name
      - Remote-Email
      - Remote-Groups

My Traefik values :

image:
      tag: 3.0.0 # {"$imagepolicy": "traefik:traefik:tag"}
      pullPolicy: Always
    ingressClass:
      enabled: true
      isDefaultClass: true
    hub:
      enabled: true
    rollingUpdate:
      maxUnavailable: 0
    rbac:
      enabled: true    
      namespaced: false      
    providers:
      kubernetesCRD:
        allowCrossNamespace: true
        allowExternalNameServices: true
        allowEmptyServices: true
      kubernetesIngress:
        allowExternalNameServices: true
        allowEmptyServices: true
    additionalArguments:
      - "--metrics.influxDB2=true"
      - "--metrics.influxDB2.address=http://influxdb.influxcb.${cluster_domain}:8086"
      - "--metrics.influxDB2.token=${influxdb_token}"
      - "--metrics.influxDB2.org=${influxdb_organization}"
      - "--metrics.influxDB2.bucket=${influxdb_bucket}"
      - "--serverstransport.insecureskipverify=true"
      - "--api.insecure=true"
      - "--providers.kubernetesingress.ingressendpoint.ip=${ingress_local_ip}"
      - "--experimental.kubernetesgateway"
      - "--providers.kubernetesgateway"
    ports:
      traefik:
        expose:
          default: true
      web:
        redirectTo:
          port: websecure
      websecure:
        tls:
          enabled: true
          certResolver: "traefik-cert"
          #          options: "traefik"
          domains:
            - main: ${external_domain}
              sans:
                - "*.${external_domain}"
                - "*.${internal_domain}"
      unifi:
        port: 8080
        expose:
          default: true
        exposedPort: 8080
        protocol: TCP
      authelia:
        port: 9091
        expose:
          default: true
        exposedPort: 9091
        protocol: TCP
      influxdb:
        port: 8086
        expose:
          default: true
        exposedPort: 8086
        protocol: TCP
      ldap:
        port: 389
        expose:
          default: true
        exposedPort: 389
        protocol: TCP
      mqtt:
        port: 1883
        expose:
          default: true
        exposedPort: 1883
        protocol: TCP
      minecraft:
        port: 19132
        expose:
          default: true
        exposedPort: 19132
        protocol: TCP
    service:
      annotations:
        traefik.frontend.passHostHeader: "true"
      labels:
        traefik.frontend.passHostHeader: "true"
      spec:
        externalTrafficPolicy: Local
        loadBalancerIP: ${loadBalancerIP}
      externalIPs:
        - ${loadBalancerIP}
    persistence:
      enabled: true
    nodeSelector:
      kubernetes.io/arch: amd64

In log i have a lot of faild message to list ressource, exemple :

failed to list *v1.Namespace: namespaces is forbidden: User "system:serviceaccount:traefik:traefik" cannot list resource "namespaces"

All ClusterRole & co is created automaticaly by helm chart normally and i don't see where is the problem :confused:
Have you idea ?