Middlewares from "kubernetescrd" provider cannot be found on Traefik v2.4

Traefik Traefik v2 (latest)
, ,
1

Hi!

I'm struggling with a problem in middleware configuration since last month, which makes me unable to upgrade Traefik from v2.3 to v.24.

To demonstrate the problem I'm facing, I'm going to use the "whoami" application from the docs.

Currently, I'm using Traefik v2.3.7, installed through the helm chart, v9.19.0, and GKE 1.19. I've defined the following Middlewares, in the "whoami" namespace:

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: whoami
spec:
  rateLimit:
    average: 100
    burst: 50

---

apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
  name: test-auth
spec:
  basicAuth:
    secret: admin-secret

The Ingress is declared as below:

kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: myingress
  annotations:
    kubernetes.io/ingress.class: traefik-staging
    traefik.ingress.kubernetes.io/router.entrypoints: web, websecure
    traefik.ingress.kubernetes.io/router.tls: "true"
    traefik.ingress.kubernetes.io/router.middlewares: whoami-whoami@kubernetescrd, whoami-test-auth@kubernetescrd
spec:
  rules:
    - host: test.whoami.superdomain.com.br
      http:
        paths:
          - path: /bar
            pathType: Exact
            backend:
              service: 
                name: whoami
                port: 
                  number: 80
          - path: /foo
            pathType: Exact
            backend:
              service:
                name: whoami
                port: 
                  number: 80

The static configuration I provide is through CLI, some of them inserted by the chart. From the deployment, we can see the arguments:

...
      containers:
      - args:
        - --global.checknewversion
        - --global.sendanonymoususage
        - --entryPoints.traefik.address=:9000/tcp
        - --entryPoints.web.address=:8000/tcp
        - --entryPoints.websecure.address=:8443/tcp
        - --api.dashboard=true
        - --ping=true
        - --providers.kubernetescrd
        - --providers.kubernetesingress
        - --log.level=DEBUG
        - --providers.kubernetesingress.ingressclass=traefik-staging
        - --providers.kubernetescrd.ingressclass=traefik-staging
        - --entryPoints.websecure.proxyProtocol.trustedIPs=<SOME_IPS>
        - --entrypoints.web.http.redirections.entrypoint.scheme=https
        - --entrypoints.web.http.redirections.entrypoint.to=:443
...

Both middlewares work fine when using Traefik v.2.3.7, as the following messages from the logs show:

2021-06-22 16:49:54.676 BRT
time="2021-06-22T19:49:54Z" level=debug msg="Creating middleware" routerName=myingress-whoami-test-whoami-superdomain-com-br-foo@kubernetes middlewareName=whoami-test-auth@kubernetescrd middlewareType=BasicAuth entryPointName=web 
2021-06-22 16:49:54.676 BRT
time="2021-06-22T19:49:54Z" level=debug msg="Creating middleware" entryPointName=web routerName=myingress-whoami-test-whoami-superdomain-com-br-foo@kubernetes middlewareType=RateLimiterType middlewareName=whoami-whoami@kubernetescrd

But when switching to v.2.4.0 (or any newer v.2.4 version), they are not recognized anymore:

2021-06-22 17:02:56.477 BRT
time="2021-06-22T20:02:56Z" level=error msg="middleware \"whoami-test-auth@kubernetescrd\" does not exist" entryPointName=websecure routerName=myingress-whoami-test-whoami-superdomain-com-br-foo@kubernetes
2021-06-22 17:02:56.477 BRT
time="2021-06-22T20:02:56Z" level=error msg="middleware \"whoami-test-auth@kubernetescrd\" does not exist" entryPointName=websecure routerName=myingress-whoami-test-whoami-superdomain-com-br-bar@kubernetes

Thanks for the help and give me notice if further information is needed!

2

Hello @MarcioJales,

Kubernetes object names are normalized <namespace>-<name> for reference.

when they are de-normalized, it can be difficult to decode if the names include dashes.

For example:

test-example-test ... Is this in the test namespace? or the test-example namespace?

Could you try by renaming your middlewares to not include dashes and see if that helps?

3

Hi, @daniel.tomcej

Thank you for the quick reply

To make better distinction between namespace and object names, I've changed the middleware names to ratelimit and basicauth.

Problem persists. For instance:

2021-06-22 19:17:49.569 BRT
time="2021-06-22T22:17:49Z" level=error msg="middleware \"whoami-basicauth@kubernetescrd\" does not exist" entryPointName=web routerName=myingress-whoami-test-whoami-superdomain-com-br-bar@kubernetes

Another fact: it seems that the error message shows up only for the last declared middleware. I've declared in first teh rate limiter and then the basic auth. If I change they positions on the annotation, the error shows up only for the rate limiter, for example.

4

Hi all,

I think, Iā€™m seeing the same issue: middlewares with dashes in the name (e. g. staging-asset-redirect-header@kubernetescrd) worked fine with traefik 2.3.7.

After the upgrade to 2.4.13 today traefik complains and refuses to create any ingresses which reference these middlewares:

level=error msg="middleware \"staging-asset-redirect-header@kubernetescrd\" does not exist" ...

No changes other than deploying with the latest helm chart (10.1.2) and traefik version (2.4.13) have been made

Is there something I can do or am I stuck with traefik 2.3.7?

1 Like
5

I'm not sure if it may help or not. For me the sequence does matter. I apply all the middleware first and then apply the ingress/ingressroute later.