I'm using Traefik v2.5.4 and external DNS and TCP routes in AKS 1.22.2. I have the example from the link below about mysql working great, I was able to login from another machine into the pod running mysql.
Thanks for the detailed post, I just fixed the entry point from mysql to mysql-port and it worked.
I've installed traefik and have ingress and crd providers loaded and restricted crd to traefik-internal class.
I've loaded the CRD from here: Kubernetes IngressRoute - Traefik
here is my RBAC for system:serviceaccount:kube-system:traefik-ingress-controller
kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: name: traefik-ingress-controller rules: - apiGroups: - "" resources: - services - endpoints - secrets verbs: - get - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingresses - ingressclasses verbs: - get - list - watch - apiGroups: - extensions - networking.k8s.io resources: - ingresses/status verbs: - update - apiGroups: - traefik.containo.us resources: - middlewares - ingressroutes - traefikservices - ingressroutetcps - ingressrouteudps - tlsoptions - tlsstores - serverstransports verbs: - get - list - watch
Here is the error I'm getting without adding cluster-admin to my service account:
E1124 08:55:58.035988 1 reflector.go:138] email@example.com/tools/cache/reflector.go:167: Failed to watch *v1alpha1.MiddlewareTCP: failed to list *v1alpha1.MiddlewareTCP: middlewaretcps.traefik.containo.us is forbidden: User "system:serviceaccount:kube-system:traefik-ingress-controller" cannot list resource "middlewaretcps" in API group "traefik.containo.us" at the cluster scope
This starts to work once I add cluster-admin role to my service account, but I would like to add a less powerful permission.
Thanks for your help.