I'm trying to do a test deployment of Traefik on a K3s install (traefik was disabled on initial cluster init so i can build from scratch).
I'm having two main issues right now -
- If i deploy to a custom namespace (in this case, called 'traefik'), i get the following error -
INSTALLATION FAILED: rendered manifests contain a resource that already exists.
Unable to continue with install: ClusterRole "traefik" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; annotation validation error: key "meta.helm.sh/release-namespace" must equal "traefik": current value is "default"
But if i deploy without "--namespace", it works fine.
Equally, if i change the namespace context to the correct namespace, and then deploy without --namespace again, it still generates the same error.
- If i update the persistant storage section of the values.yaml to as below, in an effort for the persistant storage to use an NFS storage class, it just flat out ignores the config.
# Persistent Storage
Is anyone able to advise on either of these?
Thanks in advance!
Before installing Traefik in a new namespace, can you please ensure if the cluster role "traefik" already exists? If so, you can try to delete it and try once again.
can you please share the entire values configuration file as well as the Helm command you try to deploy Traefik?
RE: Cluster role
No, none exists - between each attempt I'm removing everything Traefik from the cluster, including that role.
RE: Values of config file -
# DNS Challenge
# Generic (replace with your DNS provider):
# - --certificatesresolvers.generic.acme.dnschallenge.provider=generic
# - --firstname.lastname@example.org
# - --certificatesresolvers.generic.acme.storage=/ssl-certs/acme-generic.json
# Configure log settings here...
# Configure your entrypoints here...
# (optional) Permanent Redirect to HTTPS
# (optional) Set a Default CertResolver
# Set your environment variables here...
# DNS Challenge Credentials
# Cloudflare Example:
- name: CF_API_EMAIL
- name: CF_API_KEY
# Disable Dashboard
# Persistent Storage
# The "volume-permissions" init container is required if you run into permission issues.
# Related issue: https://github.com/containous/traefik/issues/6972
- name: volume-permissions
command: ["sh", "-c", "chmod -Rv 600 /ssl-certs/*"]
- name: ssl-certs
# Set Traefik as your default Ingress Controller, according to Kubernetes 1.19+ changes.
# Set Security Contexts
RE: Helm command:
helm install traefik traefik/traefik --namespace=traefik --values=traefik-chart-values.yaml
RE: Persistant storage
I know my nfs-pvc works, as it does with other containers, however the values file doesn't appear to have options that Traefik recognizes to tell it which PVC to use. I'm wondering if its easier to drop using Helm and just do it all with Kubectl instead...
Anyone got any advice or ideas on this one?