'Traefik v2 in Kubernetes. fail to deploy. do not see other services

I have been trying to run traefik v2.x in minikube to check it and how it routes request to needed service. I am failing to get access to my services at all. would be good to understand what I am doing wrong.

  • minikube is running in VirtualBox VM
  • VM box has lab IP address to which I want to send URL request
  • on my localhost I set hosts (mydomain.local and mydomain.com) to IP address of minikube VM

enter image description here

How to reproduce:

  1. create 2 namespaces new-ns and new-who
  2. set namespace to be default for Ingress: kubectl config set-context --current --namespace=new-ns

All yaml files can be found in https://github.com/vencrena-LT/traefik

  1. deploy CustomResourceDefinition
  2. deploy ClusterRole , ClusterRoleBinding and ServiceAccount (to new-ns namespace)
  3. deploy DaemonSet and Service (to new-ns namespace)

then would like to deploy 2 apps: in both namespaces (for testing purposes)

  1. Deployment, Service and IngressRoute to new-ns namespace
  2. Deployment, Service and IngressRoute to new-new namespace

Dashboard: enter image description here Routes: enter image description here LocalPod: enter image description here

some logs from traefik pod:

E0206 08:25:21.798628       1 reflector.go:127] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:156: Failed to watch *v1alpha1.TLSStore: failed to list 
*v1alpha1.TLSStore: tlsstores.traefik.containo.us is forbidden: User "system:serviceaccount:new-ns:traefik-ingress-controller" cannot list resource "tlsstores" in API group "traefik.containo.us" at the cluster scope

E0206 08:25:34.653633       1 reflector.go:127] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:156: Failed to watch *v1alpha1.ServersTransport: failed to list
*v1alpha1.ServersTransport: serverstransports.traefik.containo.us is forbidden: User "system:serviceaccount:new-ns:traefik-ingress-controller" cannot list resource "serverstransports" in API group "traefik.containo.us" at the cluster scope

E0206 08:26:02.857094       1 reflector.go:127] pkg/mod/k8s.io/[email protected]/tools/cache/reflector.go:156: Failed to watch *v1alpha1.IngressRouteUDP: failed to list
*v1alpha1.IngressRouteUDP: ingressrouteudps.traefik.containo.us is forbidden: User "system:serviceaccount:new-ns:traefik-ingress-controller" cannot list resource "ingressrouteudps" in API group "traefik.containo.us" at the cluster scope

any hints what I am doing wrong? why can not access mydomain.local and mydomain.com and see whoami services. why no routes are seen in Traefik dashboard

kuberneteskubernetes-ingresstraefikminikubetraefik-ingress


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions