Reputation: 65
Traefik v2 in Kubernetes. fail to deploy. do not see other services
I have been trying to run traefik v2.x in minikube to check it and how it routes request to needed service. I am failing to get access to my services at all. would be good to understand what I am doing wrong.
- minikube is running in VirtualBox VM
- VM box has lab IP address to which I want to send URL request
- on my localhost I set hosts (
mydomain.localandmydomain.com) to IP address of minikube VM
How to reproduce:
- create 2 namespaces
new-nsandnew-who - set namespace to be default for Ingress:
kubectl config set-context --current --namespace=new-ns
All yaml files can be found in https://github.com/vencrena-LT/traefik
- deploy CustomResourceDefinition
- deploy ClusterRole , ClusterRoleBinding and ServiceAccount (to new-ns namespace)
- deploy DaemonSet and Service (to new-ns namespace)
then would like to deploy 2 apps: in both namespaces (for testing purposes)
- Deployment, Service and IngressRoute to new-ns namespace
- Deployment, Service and IngressRoute to new-new namespace
Dashboard:
Routes:
LocalPod:
some logs from traefik pod:
E0206 08:25:21.798628 1 reflector.go:127] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:156: Failed to watch *v1alpha1.TLSStore: failed to list
*v1alpha1.TLSStore: tlsstores.traefik.containo.us is forbidden: User "system:serviceaccount:new-ns:traefik-ingress-controller" cannot list resource "tlsstores" in API group "traefik.containo.us" at the cluster scope
E0206 08:25:34.653633 1 reflector.go:127] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:156: Failed to watch *v1alpha1.ServersTransport: failed to list
*v1alpha1.ServersTransport: serverstransports.traefik.containo.us is forbidden: User "system:serviceaccount:new-ns:traefik-ingress-controller" cannot list resource "serverstransports" in API group "traefik.containo.us" at the cluster scope
E0206 08:26:02.857094 1 reflector.go:127] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:156: Failed to watch *v1alpha1.IngressRouteUDP: failed to list
*v1alpha1.IngressRouteUDP: ingressrouteudps.traefik.containo.us is forbidden: User "system:serviceaccount:new-ns:traefik-ingress-controller" cannot list resource "ingressrouteudps" in API group "traefik.containo.us" at the cluster scope
any hints what I am doing wrong? why can not access mydomain.local and mydomain.com and see whoami services. why no routes are seen in Traefik dashboard
Upvotes: 1
Views: 1900
Answers (1)
Reputation: 406
Your ClusterRole definition is a bit too thin:
https://github.com/vencrena-LT/traefik/blob/main/2_roles.yml
You could try to follow the example here:
https://github.com/sleighzy/k3s-traefik-v2-kubernetes-crd
For the question why no routes are seen: Traefik will pickup from k8s routes when you specify
- --providers.kubernetescrd
- --providers.kubernetesingress
Also please be aware of the namespace where traefik resides, you will apply IngressRoutes on that namespace
Upvotes: 2
Related Questions
- Trying to deploy traefik with kubernetes
- Traefik shows 404 to everywhere except dashboard - Metallb
- Traefik v2.2 Ingress Route example not working
- Cannot create service: subset not found"
- Traefik ingress controller throws error 503 Service Unavailable
- Kubernetes Traefik, keep getting service unavailable
- Error with Traefik on Google Kubernetes Engine
- Kubernetes Ingress does not work with traefisk
- traefik setup on gke not working
- Traefik ingress 404s