MicroK8s with traefik using IngressRoute

Hi

I have a MicroK8s instance where I activated the Traefik add-on. I have a pod that exposes a webpage (port 80).
If I use kubectl with following config I can create my desired routing

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: papaow-frontend-ingress
spec:
  rules:
  - http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: papaow-frontend
            port:
              name: web

However I want to move to IngressRoute so that I can use middlewares. I've installed all the required kubernetesCRD.

apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: simpleingressroute
  namespace: traefik
spec:
  entryPoints:
    - web
  routes:
  - match: Path(`/papaow2`)
    kind: Rule
    services:
      - name: papaow-service
        kind: TraefikService

kubectl happily applies this config but it doesn't get picked up by Traefik. Even If a set loglevel to DEBUG I see no mention of it in the logs.

Traefik Startup config

   spec:
     containers:
     - args:
       - --providers.kubernetesingress=true
       - --providers.kubernetesingress.ingressendpoint.ip=127.0.0.1
       - --providers.kubernetescrd.endpoint=https://127.0.0.1:16443
       - --providers.kubernetescrd.token=<my-secret-token>
       - --providers.kubernetescrd.certauthfilepath=/var/cert/ca.crt
       - --providers.kubernetescrd.allowCrossNamespace=true
       - --providers.file.directory=/var/cert/conf/
       - --providers.kubernetescrd=true
       - --log=true
       - --log.level=DEBUG
       - --log.filePath=/var/cert/traefik.log
       - --api.dashboard=true
       - --api.insecure=true
       - --accesslog=true
       - --accesslog.filepath=/var/cert/access.log
       - --accesslog.format=json
       - --entrypoints.web.address=:80
       - --entrypoints.websecure.address=:8443
       image: traefik:2.9

Logs

time="2023-03-13T09:46:47Z" level=info msg="Traefik version 2.9.8 built on 2023-02-15T15:23:25Z"
time="2023-03-13T09:46:47Z" level=debug msg="Static configuration loaded {\"global\":{\"checkNewVersion\":true},\"serversTransport\":{\"maxIdleConnsPerHost\":200},\"entryPoints\":{\"traefik\":{\"address\":\":8080\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"web\":{\"address\":\":80\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}},\"websecure\":{\"address\":\":8443\",\"transport\":{\"lifeCycle\":{\"graceTimeOut\":\"10s\"},\"respondingTimeouts\":{\"idleTimeout\":\"3m0s\"}},\"forwardedHeaders\":{},\"http\":{},\"http2\":{\"maxConcurrentStreams\":250},\"udp\":{\"timeout\":\"3s\"}}},\"providers\":{\"providersThrottleDuration\":\"2s\",\"kubernetesCRD\":{\"endpoint\":\"https://127.0.0.1:16443\",\"token\":\"eyJhbGciOiJSUzI1NiIsImtpZCI6IjNjMi1xNzlHRVUwQXVlM05WdUtQUEVVdHZmUkU5LTF5dE5aVjRCdmplOGcifQ.eyJpc3MiOiJrdWJlcm5ldGVzL3NlcnZpY2VhY2NvdW50Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9uYW1lc3BhY2UiOiJkZWZhdWx0Iiwia3ViZXJuZXRlcy5pby9zZXJ2aWNlYWNjb3VudC9zZWNyZXQubmFtZSI6InRyYWVmaWstYWNjb3VudC10b2tlbi1zamtxcSIsImt1YmVybmV0ZXMuaW8vc2VydmljZWFjY291bnQvc2VydmljZS1hY2NvdW50Lm5hbWUiOiJ0cmFlZmlrLWFjY291bnQiLCJrdWJlcm5ldGVzLmlvL3NlcnZpY2VhY2NvdW50L3NlcnZpY2UtYWNjb3VudC51aWQiOiJjZjJlYTBkOS1iNWQ4LTQxODYtODIwNS1iZmQ4MzgxMTFlZDMiLCJzdWIiOiJzeXN0ZW06c2VydmljZWFjY291bnQ6ZGVmYXVsdDp0cmFlZmlrLWFjY291bnQifQ.Oy8SNUO3AeqD4l9ppYjNF_R8V9CyEaQzSwcPsMLmIIr4-p7pWzHNpYQhcdCJx47EOk0BjRGoKNKy3VthtLnTOGjN6vOAS1iS-iSMVE8aXOime9NFetD_pNMq8oQlBEIO9_KBE9sUrCs6YhVgpAIiHi7DPPDuWAd3l_vzwmL9-YFFP4_OwFgOJj1Km2_8fZ7CuYVs8S5yLHjY6AoB80C1rERiHYzjHjp24_0xga_vOoPX2mRLmzB7pjA3l2Nlu8_3L-Zhw1BeYH8ij7BNxJKzu3W-J_VKOvoOHTZneCDoglh5HAVKtrE0LJ5bVpwRAC-aVtltEcUBBoopblTYiyImfw\",\"certAuthFilePath\":\"/var/cert/ca.crt\",\"allowCrossNamespace\":true}},\"api\":{\"insecure\":true,\"dashboard\":true},\"log\":{\"level\":\"DEBUG\",\"filePath\":\"/var/cert/traefik.log\",\"format\":\"common\"},\"accessLog\":{\"filePath\":\"/var/cert/access.log\",\"format\":\"json\",\"filters\":{},\"fields\":{\"defaultMode\":\"keep\",\"headers\":{\"defaultMode\":\"drop\"}}}}"
time="2023-03-13T09:46:47Z" level=info msg="\nStats collection is disabled.\nHelp us improve Traefik by turning this feature on :)\nMore details on: https://doc.traefik.io/traefik/contributing/data-collection/\n"
time="2023-03-13T09:46:47Z" level=info msg="Starting provider aggregator aggregator.ProviderAggregator"
time="2023-03-13T09:46:47Z" level=debug msg="Starting TCP Server" entryPointName=web
time="2023-03-13T09:46:47Z" level=debug msg="Starting TCP Server" entryPointName=websecure
time="2023-03-13T09:46:47Z" level=debug msg="Starting TCP Server" entryPointName=traefik
time="2023-03-13T09:46:47Z" level=info msg="Starting provider *traefik.Provider"
time="2023-03-13T09:46:47Z" level=debug msg="*traefik.Provider provider configuration: {}"
time="2023-03-13T09:46:47Z" level=info msg="Starting provider *crd.Provider"
time="2023-03-13T09:46:47Z" level=debug msg="*crd.Provider provider configuration: {\"endpoint\":\"https://127.0.0.1:16443\",\"token\":\"xxxx\",\"certAuthFilePath\":\"/var/cert/ca.crt\",\"allowCrossNamespace\":true}"
time="2023-03-13T09:46:47Z" level=info msg="label selector is: \"\"" providerName=kubernetescrd
time="2023-03-13T09:46:47Z" level=info msg="Creating in-cluster Provider client with endpoint https://127.0.0.1:16443" providerName=kubernetescrd
time="2023-03-13T09:46:47Z" level=info msg="Starting provider *acme.ChallengeTLSALPN"
time="2023-03-13T09:46:47Z" level=debug msg="*acme.ChallengeTLSALPN provider configuration: {}"
time="2023-03-13T09:46:47Z" level=debug msg="Configuration received: {\"http\":{\"routers\":{\"api\":{\"entryPoints\":[\"traefik\"],\"service\":\"api@internal\",\"rule\":\"PathPrefix(`/api`)\",\"priority\":2147483646},\"dashboard\":{\"entryPoints\":[\"traefik\"],\"middlewares\":[\"dashboard_redirect@internal\",\"dashboard_stripprefix@internal\"],\"service\":\"dashboard@internal\",\"rule\":\"PathPrefix(`/`)\",\"priority\":2147483645}},\"services\":{\"api\":{},\"dashboard\":{},\"noop\":{}},\"middlewares\":{\"dashboard_redirect\":{\"redirectRegex\":{\"regex\":\"^(http:\\\\/\\\\/(\\\\[[\\\\w:.]+\\\\]|[\\\\w\\\\._-]+)(:\\\\d+)?)\\\\/$\",\"replacement\":\"${1}/dashboard/\",\"permanent\":true}},\"dashboard_stripprefix\":{\"stripPrefix\":{\"prefixes\":[\"/dashboard/\",\"/dashboard\"]}}},\"serversTransports\":{\"default\":{\"maxIdleConnsPerHost\":200}}},\"tcp\":{},\"udp\":{},\"tls\":{}}" providerName=internal
time="2023-03-13T09:46:47Z" level=warning msg="Cross-namespace reference between IngressRoutes and resources is enabled, please ensure that this is expected (see AllowCrossNamespace option)" providerName=kubernetescrd
time="2023-03-13T09:46:49Z" level=debug msg="No default certificate, fallback to the internal generated certificate" tlsStoreName=default
time="2023-03-13T09:46:49Z" level=debug msg="Added outgoing tracing middleware api@internal" entryPointName=traefik routerName=api@internal middlewareType=TracingForwarder middlewareName=tracing
time="2023-03-13T09:46:49Z" level=debug msg="Added outgoing tracing middleware dashboard@internal" middlewareType=TracingForwarder entryPointName=traefik routerName=dashboard@internal middlewareName=tracing
time="2023-03-13T09:46:49Z" level=debug msg="Creating middleware" middlewareName=dashboard_stripprefix@internal middlewareType=StripPrefix entryPointName=traefik routerName=dashboard@internal
time="2023-03-13T09:46:49Z" level=debug msg="Adding tracing to middleware" entryPointName=traefik routerName=dashboard@internal middlewareName=dashboard_stripprefix@internal
time="2023-03-13T09:46:49Z" level=debug msg="Creating middleware" routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal entryPointName=traefik
time="2023-03-13T09:46:49Z" level=debug msg="Setting up redirection from ^(http:\\/\\/(\\[[\\w:.]+\\]|[\\w\\._-]+)(:\\d+)?)\\/$ to ${1}/dashboard/" entryPointName=traefik routerName=dashboard@internal middlewareType=RedirectRegex middlewareName=dashboard_redirect@internal
time="2023-03-13T09:46:49Z" level=debug msg="Adding tracing to middleware" middlewareName=dashboard_redirect@internal entryPointName=traefik routerName=dashboard@internal
time="2023-03-13T09:46:49Z" level=debug msg="Creating middleware" entryPointName=traefik middlewareName=traefik-internal-recovery middlewareType=Recovery

I assume it will be a basic config issue between Traefik and the k8s. How can I debug this?

Okay

I knew it would be something "stupid" :-). So the problem was that my kind: ClusterRole / apiVersion: rbac.authorization.k8s.io/v1 was missing

- apiGroups:
      - traefik.containo.us
    resources:
      - middlewares
      - middlewaretcps
      - ingressroutes
      - traefikservices
      - ingressroutetcps
      - ingressrouteudps
      - tlsoptions
      - tlsstores
      - serverstransports
    verbs:
      - get
      - list
      - watch

which is the whole point of course.

Okay it's fixed now

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.