\n
How to reproduce:
\nnew-ns
and new-who
kubectl config set-context --current --namespace=new-ns
All yaml files can be found in https://github.com/vencrena-LT/traefik
\nthen would like to deploy 2 apps: in both namespaces (for testing purposes)
\nDashboard:\n\nRoutes:\n
\nLocalPod:\n
some logs from traefik pod:
\nE0206 08:25:21.798628 1 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.2/tools/cache/reflector.go:156: Failed to watch *v1alpha1.TLSStore: failed to list \n*v1alpha1.TLSStore: tlsstores.traefik.containo.us is forbidden: User "system:serviceaccount:new-ns:traefik-ingress-controller" cannot list resource "tlsstores" in API group "traefik.containo.us" at the cluster scope\n\nE0206 08:25:34.653633 1 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.2/tools/cache/reflector.go:156: Failed to watch *v1alpha1.ServersTransport: failed to list\n*v1alpha1.ServersTransport: serverstransports.traefik.containo.us is forbidden: User "system:serviceaccount:new-ns:traefik-ingress-controller" cannot list resource "serverstransports" in API group "traefik.containo.us" at the cluster scope\n\nE0206 08:26:02.857094 1 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.2/tools/cache/reflector.go:156: Failed to watch *v1alpha1.IngressRouteUDP: failed to list\n*v1alpha1.IngressRouteUDP: ingressrouteudps.traefik.containo.us is forbidden: User "system:serviceaccount:new-ns:traefik-ingress-controller" cannot list resource "ingressrouteudps" in API group "traefik.containo.us" at the cluster scope\n
\nany hints what I am doing wrong? why can not access mydomain.local
and mydomain.com
and see whoami services. why no routes are seen in Traefik dashboard
Your ClusterRole definition is a bit too thin:
\nhttps://github.com/vencrena-LT/traefik/blob/main/2_roles.yml
\nYou could try to follow the example here:
\nhttps://github.com/sleighzy/k3s-traefik-v2-kubernetes-crd
\nFor the question why no routes are seen:\nTraefik will pickup from k8s routes when you specify
\n - --providers.kubernetescrd\n - --providers.kubernetesingress\n
\nAlso please be aware of the namespace where traefik resides, you will apply IngressRoutes on that namespace
\n","author":{"@type":"Person","name":"DarthHTTP"},"upvoteCount":2}}}Reputation: 65
I have been trying to run traefik v2.x in minikube to check it and how it routes request to needed service. I am failing to get access to my services at all. would be good to understand what I am doing wrong.
mydomain.local
and mydomain.com
) to IP address of minikube VMHow to reproduce:
new-ns
and new-who
kubectl config set-context --current --namespace=new-ns
All yaml files can be found in https://github.com/vencrena-LT/traefik
then would like to deploy 2 apps: in both namespaces (for testing purposes)
some logs from traefik pod:
E0206 08:25:21.798628 1 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.2/tools/cache/reflector.go:156: Failed to watch *v1alpha1.TLSStore: failed to list
*v1alpha1.TLSStore: tlsstores.traefik.containo.us is forbidden: User "system:serviceaccount:new-ns:traefik-ingress-controller" cannot list resource "tlsstores" in API group "traefik.containo.us" at the cluster scope
E0206 08:25:34.653633 1 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.2/tools/cache/reflector.go:156: Failed to watch *v1alpha1.ServersTransport: failed to list
*v1alpha1.ServersTransport: serverstransports.traefik.containo.us is forbidden: User "system:serviceaccount:new-ns:traefik-ingress-controller" cannot list resource "serverstransports" in API group "traefik.containo.us" at the cluster scope
E0206 08:26:02.857094 1 reflector.go:127] pkg/mod/k8s.io/client-go@v0.19.2/tools/cache/reflector.go:156: Failed to watch *v1alpha1.IngressRouteUDP: failed to list
*v1alpha1.IngressRouteUDP: ingressrouteudps.traefik.containo.us is forbidden: User "system:serviceaccount:new-ns:traefik-ingress-controller" cannot list resource "ingressrouteudps" in API group "traefik.containo.us" at the cluster scope
any hints what I am doing wrong? why can not access mydomain.local
and mydomain.com
and see whoami services. why no routes are seen in Traefik dashboard
Upvotes: 1
Views: 1901
Reputation: 406
Your ClusterRole definition is a bit too thin:
https://github.com/vencrena-LT/traefik/blob/main/2_roles.yml
You could try to follow the example here:
https://github.com/sleighzy/k3s-traefik-v2-kubernetes-crd
For the question why no routes are seen: Traefik will pickup from k8s routes when you specify
- --providers.kubernetescrd
- --providers.kubernetesingress
Also please be aware of the namespace where traefik resides, you will apply IngressRoutes on that namespace
Upvotes: 2