Looks like traefik 2.10 (and whoami) is not compatible with my k8s cluster - I'm using podman

Hello.

EDIT: I forgot to mention something very important :slight_smile: I'm using podman in my k8s

I'm going through the Traefik tutorial.

When I applied the deployment/service/role... specifications with

kubectl apply -f 00-role.yml \
              -f 00-account.yml \
              -f 01-role-binding.yml \
              -f 02-traefik.yml \
              -f 02-traefik-services.yml

I got:

kubectl logs deploy/traefik-deployment
Error from server (BadRequest): container "traefik" in pod "traefik-deployment-6d669547c5-r2mbg" is waiting to start: ImageInspectError

Here is the version of my k8s cluster:

clientVersion:
  buildDate: "2023-03-19T19:47:22Z"
  compiler: gc
  gitCommit: 9e644106593f3f4aa98f8a84b23db5fa378900bd
  gitTreeState: archive
  gitVersion: v1.26.3
  goVersion: go1.19.7
  major: "1"
  minor: "26"
  platform: linux/amd64
kustomizeVersion: v4.5.7
serverVersion:
  buildDate: "2023-03-15T13:33:12Z"
  compiler: gc
  gitCommit: 9e644106593f3f4aa98f8a84b23db5fa378900bd
  gitTreeState: clean
  gitVersion: v1.26.3
  goVersion: go1.19.7
  major: "1"
  minor: "26"
  platform: linux/amd64

I know that Traefik supports k8s 1.14+.

I'm stuck basically. Does anyone know how to solve this problem?

Thanks in advance.

I think you need to share the files you are trying to apply.

I just copied pasted them from the tutorial but in any case here they are:

00-role.yml

[pipeline@archlinux install-traefik]$ cat 00-role.yml 
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-role

rules:
  - apiGroups:
      - ""
    resources:
      - services
      - endpoints
      - secrets
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses
      - ingressclasses
    verbs:
      - get
      - list
      - watch
  - apiGroups:
      - extensions
      - networking.k8s.io
    resources:
      - ingresses/status
    verbs:
      - update

00-account.yml

[pipeline@archlinux install-traefik]$ cat 00-account.yml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: traefik-account

01-role-binding.yml

[pipeline@archlinux install-traefik]$ cat 01-role-binding.yml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
  name: traefik-role-binding

roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: traefik-role
subjects:
  - kind: ServiceAccount
    name: traefik-account
    namespace: default # Using "default" because we did not specify a namespace when creating the ClusterAccount.

02-traefik.yml

[pipeline@archlinux install-traefik]$ cat 02-traefik.yml
kind: Deployment
apiVersion: apps/v1
metadata:
  name: traefik-deployment
  labels:
    app: traefik

spec:
  replicas: 1
  selector:
    matchLabels:
      app: traefik
  template:
    metadata:
      labels:
        app: traefik
    spec:
      serviceAccountName: traefik-account
      containers:
        - name: traefik
          image: traefik:v2.10
          args:
            - --api.insecure
            - --providers.kubernetesingress
          ports:
            - name: web
              containerPort: 80
            - name: dashboard
              containerPort: 8080

and finally
02-traefik-services.yml

[pipeline@archlinux install-traefik]$ cat 02-traefik-services.yml
apiVersion: v1
kind: Service
metadata:
  name: traefik-dashboard-service

spec:
  type: LoadBalancer
  ports:
    - port: 8080
      targetPort: dashboard
  selector:
    app: traefik
---
apiVersion: v1
kind: Service
metadata:
  name: traefik-web-service

spec:
  type: LoadBalancer
  ports:
    - targetPort: web
      port: 80
  selector:
    app: traefik

Hi @evgeniy, thanks for your interest in Traefik!

Could you explain more about your setup and the relationship between Podman and Kubernetes?

  • Do you have some older Pods running which are interfering with your deployment?
  • Do you use K8s with security policies which could prevent Traefik?