Traefik 2.5.6 does not support the Ingress.v1 ingressClassName key?

I am still not 100% sure I am tracking this right. Basically:

  • Using traefik 2.5.6 with the traefik helm chart (docker image traefik:2.5.6)
  • Defined an ingress with apiVersion: networking.k8s.io/v1
  • If setting ingressClassName: traefik, I get logs like msg="Skipping Kubernetes event kind *v1.Ingress" providerName=kubernetes (moreover, the ingress / route does not get picked up by traefik. 404s, nothing in dashboard, etc.)
  • If removing this line, and instead setting an annotation: kubernetes.io/ingress.class: traefik, things work as expected
  • Setting both (on a new deployment) is disallowed by Kubernetes:
The Ingress "cole-test" is invalid: annotations.kubernetes.io/ingress.class: Invalid value: "traefik": can not be set when the class field is also set

Is this a known issue? I lost a solid hour or two trying to understand what was going on here :sweat_smile: Hoping it helps someone else!

Are there any config settings / command line arguments I am missing? I have not set the ingress class name specifically (which means the default "traefik" should be in use, AFAICT)

Full back-story: the newest version of cert-manager issues ingress records that set the ingressClassName key. This means that traefik does not honor them and the certificates, as a result, cannot be challenged / verified / issued.

Ok, I found where this is implemented

It looks like it should support it. It just seems to behave differently than the annotation (below, it uses the "default ingress class"). I'm not sure where these ingressClasses are coming from, but perhaps I need to define one of them.

Documentation here is a bit confusing (it suggests that "traefik" is the universal default), but ultimately led me to the resolution once I learned what an ingressClass resource was:

Ingress Classes are retrieved here:

What I believe is the case:

  • if an ingress is using the annotation, you get the configured "ingress class name" that traefik believes about itself ("traefik" by default) as an option
  • if you use ingressClassName (or any service in your infrastructure does), then you need to have such an ingressClass defined, such as from the docs:
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
  name: traefik-lb
spec:
  controller: traefik.io/ingress-controller
  • the helm chart does not do this automatically for you yet, although there is a value to do so:

Setting ingressClass.enabled = true resolved my issue :smile: Woohoo!!

Worth noting - a bit clearer logging (i.e. "No IngressClasses found in Kubernetes Cluster. Skipping event...") would have been very helpful to troubleshooting this issue!

TL;DR; set ingressClass.enabled=true in the helm chart deployment :smile:

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.