Traefik on Kubernetes - HELP

Jymitar · August 23, 2024, 5:09pm

I have been fighting traefik ingress for the 2 days now and I cannot understand what I am doing wrong.

I am running a k3s kubernetes cluster and I have deployed traefik using helm with the following values:

  values:
    logs:
      general:
        level: DEBUG
    service:
      type: NodePort
    persistence:
      enabled: true
      storageClass: apps-nfs
    certResolvers:
      letsencrypt:
        dnsChallenge:
          provider: cloudflare
        storage: /data/acme.json
    env:
      - name: CF_DNS_API_TOKEN
        valueFrom:
          secretKeyRef:
            name: cloudflare
            key: token
    deployment:
      initContainers:
        - name: volume-permissions
          image: busybox:latest
          command: ["sh", "-c", "touch /data/acme.json; chmod -v 600 /data/acme.json"]
          volumeMounts:
          - mountPath: /data
            name: data
    podSecurityContext:
      fsGroup: 65532
      fsGroupChangePolicy: "OnRootMismatch"
    ingressRoute:
      dashboard:
        enabled: true
    extraObjects:
      - apiVersion: v1
        kind: Service
        metadata:
          name: traefik-api
        spec:
          type: NodePort
          selector:
            app.kubernetes.io/name: traefik
            app.kubernetes.io/instance: traefik-traefik
          ports:
            - port: 8080
              name: traefik
              targetPort: 9000
              protocol: TCP
              nodePort: 30090
    ingressClass:
      name: traefik
    providers:
      kubernetesCRD:
        ingressClass: traefik
        allowCrossNamespace: true
      kubernetesIngress:
        ingressClass: traefik

When I create Ingress resource like this one it works. It does issue certificate everything and I am able to access the app on the domain

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: echo-server
  namespace: default
  annotations:
    traefik.ingress.kubernetes.io/router.tls.certresolver: letsencrypt
    traefik.ingress.kubernetes.io/router.entrypoints: websecure

spec:
  rules:
    - host: echo.example.com
      http:
        paths:
          - path: /
            pathType: Exact
            backend:
              service:
                name:  echo-server
                port:
                  number: 80

However, when I try to create an ingressroute or middleware resource it creates them but they do not work. For instance:
When I create the following

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: echo-server
  namespace: default
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`echo.example.com`) 
    kind: Rule
    services:
    - name: echo-server
      port: 80

It is successfully created but I cannot reach the app. I get an error about some TLS handshake or whatever and that is

If I create the following it is the same case:

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: echo-server
  namespace: default

spec:
  entryPoints:
    - websecure

  routes:
  - match: Host(`echo.jimytar.com`)
    kind: Rule
    services:
    - name: echo-server
      port: 80
  tls: 
    certResolver: letsencrypt

When I create a middle ware and reference it I get an error

error="middleware "default-test-header@kubernetescrd" does not exist" entryPointName=websecure routerName=default-echo-server-echo-example-com@kubernetes

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
  name: test-header
  namespace: default
spec:
  headers:
    frameDeny: true
    browserXssFilter: true

So from my observation none of the CRD resources seems to be working but the Kubernetes Ingress does work....

What is wrong ? Is there a bug in the helm chart or I am missing some configuration?

Jymitar · August 23, 2024, 6:30pm

Alright I have resolved the issue seems like I was following the official documentation on github and that was breaking the kubernetescrd

github.com

traefik/traefik-helm-chart/blob/master/EXAMPLES.md#use-an-ingressclass

# Install as a DaemonSet

Default install is using a `Deployment` but it's possible to use `DaemonSet`

```yaml
deployment:
  kind: DaemonSet
```

# Configure traefik Pod parameters

## Extending /etc/hosts records

In some specific cases, you'll need to add extra records to the `/etc/hosts` file for the Traefik containers.
You can configure it using [hostAliases](https://kubernetes.io/docs/tasks/network/customize-hosts-file-for-pods/):

```yaml
deployment:
  hostAliases:
  - ip: "127.0.0.1" # this is an example

This file has been truncated. show original

if you set the below it breaks the crds
providers:
kubernetesCRD:
ingressClass: traefik
allowCrossNamespace: true
kubernetesIngress:
ingressClass: traefik

Topic		Replies	Views
Traefik 3.0 no CRDs are deployed with helm? Traefik v3 (latest) kubernetes-ingress	1	1092	May 14, 2024
Traefik Ingress with persistent volume claim Traefik v2 kubernetes-ingress	0	1043	November 9, 2022
Traefik default tls on kubernetes Traefik v2 file , kubernetes-ingress	2	1355	December 28, 2021
Kubernetes CRD route trouble Traefik v2 kubernetes-crd	6	6023	July 10, 2020
Helm v3 deploy traefik v2 in k8s v1.16,and myservice return 504 Traefik v2 kubernetes-crd	1	693	August 17, 2020

Traefik on Kubernetes - HELP

Related Topics