"middleware "authelia@docker" does not exist", or "does not exist YET"?

Traefik Traefik v3 (latest)
, ,
1

When starting Traefik I get a set of errors such as the last line of the log:

2024-07-25T11:41:58+02:00 INF Stats collection is enabled.
2024-07-25T11:41:58+02:00 INF Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.
2024-07-25T11:41:58+02:00 INF Help us improve Traefik by leaving this feature on :)
2024-07-25T11:41:58+02:00 INF More details on: https://doc.traefik.io/traefik/contributing/data-collection/
2024-07-25T11:41:58+02:00 INF Starting provider aggregator aggregator.ProviderAggregator
2024-07-25T11:41:58+02:00 INF Starting provider *file.Provider
2024-07-25T11:41:58+02:00 INF Starting provider *traefik.Provider
2024-07-25T11:41:58+02:00 INF Starting provider *acme.ChallengeTLSALPN
2024-07-25T11:41:58+02:00 INF Starting provider *acme.Provider
2024-07-25T11:41:58+02:00 INF Starting provider *docker.Provider
2024-07-25T11:41:58+02:00 INF Testing certificate renew... acmeCA=https://acme-v02.api.letsencrypt.org/directory providerName=letsencrypt.acme
2024-07-25T11:41:58+02:00 ERR error="middleware \"authelia@docker\" does not exist" entryPointName=websecure routerName=hass@file

These are entries that are configured through a dynamic config file but Authelia is configured via docker and its labels.

I therefore suppose that when the file is loaded, it does not know yet about Authelia and issues this error.

The services ultimately work (and they are protected by Authelia), so there must be a recovery mechanism.

My questions:

  • is my understanding correct?
  • during the time between the error and the recovery, do the services work? (skipping Authelia). If they are failed this is not a problem but if the missing middleware is simply skipped this is a big problem (the Authelia authentication would be skipped)
    • if we are in the "this is a big problem" situation, how could I fix that? My idea is to move Authelia to the dynamic file configuration despite it not existing yet, which would fail the whole service because loadBalancer would point to a non-existing service until Authelia is up
2

The dynamic config file

might be loading faster than the Docker labels.

You can probably just add the middleware definition to the file.

3

This is what I figured out - my concern is more on the last point of my question

4

That’s modern micro-service architecture. Usually you have multiple replicas, you do a rolling update, so one service instance should always be available.

5

Sure, but this is the startup phase of Traefik, when everything is put together and there I sa moment between the file configuration and the dynamic docker one where the middleware is not available.

I would prefer to meet Authelia configured via labels but if I hit the case where the middleware is skipped (though I seriously doubt so) I will move it to the services file.

6

I would expect Traefik to return an error if an assigned middleware is not available yet.

In "modern micro-service architecture" (great buzz words), services should be able to automatically retry when the target is not available.