james-d-elliott
commented
4 months ago It renders based on the capabilities advertised by helm and defaults to traefik.io. Sounds like you upgraded Traefik without reinstalling with helm.
Closed 2fst4u closed 4 months ago
james-d-elliott
commented
4 months ago It renders based on the capabilities advertised by helm and defaults to traefik.io. Sounds like you upgraded Traefik without reinstalling with helm.
2fst4u
commented
4 months ago I don't follow. I upgraded by incrementing the helm chart version number and following the upgrade guide to resolve any errors, including updating the CRDs. To resolve the error of the authelia chart not changing the manifest API definitions to traefik.io I had to use helm template and manually go though the manifest it creates to edit them, and apply the raw manifests.
Are you telling me there's some way for Helm to know that it's supposed to be updated? I don't understand how that would be possible.
james-d-elliott
commented
4 months ago Yes helm capabilities is a catalog of available capabilities of the connected cluster. A basic helm template authelia/authelia --values values.yaml without the --validate flag doesn't have these available and will render with traefik.io/v1alpha1 due to the fallback behavior as per below:
---
# Source: authelia/templates/traefikCRD/ingressRoute.yaml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: release-name-authelia
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: 4.38.8
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.0-beta2
spec:
entryPoints:
- http
routes:
- kind: Rule
match: Host(`auth.example.com`) && PathPrefix(`/`)
priority: 10
middlewares:
- name: chain-release-name-authelia
namespace: default
services:
- kind: Service
name: release-name-authelia
port: 80
namespace: default
passHostHeader: true
strategy: RoundRobin
scheme: http
weight: 10
responseForwarding:
flushInterval: 100ms
tls:
certResolver: abc
domains:
- main: example.com
sans:
- abc.example.com
- main: example2.com
- sans:
- abc.example3.com
options:
name: release-name-authelia
namespace: default
---
# Source: authelia/templates/traefikCRD/middlewares.yaml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: forwardauth-release-name-authelia
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: 4.38.8
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.0-beta2
spec:
forwardAuth:
address: 'http://release-name-authelia.default.svc.cluster.local/api/authz/forward-auth'
trustForwardHeader: true
authResponseHeaders:
- 'Remote-User'
- 'Remote-Name'
- 'Remote-Email'
- 'Remote-Groups'
---
# Source: authelia/templates/traefikCRD/middlewares.yaml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: chain-release-name-authelia-auth
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: 4.38.8
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.0-beta2
spec:
chain:
middlewares:
- name: forwardauth-release-name-authelia
namespace: default
---
# Source: authelia/templates/traefikCRD/middlewares.yaml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: chain-release-name-authelia-auth-expert
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: 4.38.8
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.0-beta2
spec:
chain:
middlewares:
- name: forwardauth-release-name-authelia-expert
namespace: default
---
# Source: authelia/templates/traefikCRD/middlewares.yaml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: headers-release-name-authelia
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: 4.38.8
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.0-beta2
spec:
headers:
browserXssFilter: true
customFrameOptionsValue: "SAMEORIGIN"
customResponseHeaders:
Cache-Control: "no-store"
Pragma: "no-cache"
---
# Source: authelia/templates/traefikCRD/middlewares.yaml
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: chain-release-name-authelia
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: 4.38.8
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.0-beta2
spec:
chain:
middlewares:
- name: headers-release-name-authelia
namespace: default
---
# Source: authelia/templates/traefikCRD/tlsOption.yaml
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: release-name-authelia
namespace: default
labels:
app.kubernetes.io/name: authelia
app.kubernetes.io/instance: release-name
app.kubernetes.io/version: 4.38.8
app.kubernetes.io/managed-by: Helm
helm.sh/chart: authelia-0.9.0-beta2
spec:
minVersion: VersionTLS12
maxVersion: VersionTLS13
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384Fair enough I learnt something today then lol. Cheers.
-------- Original Message -------- On 17/06/24 08:17, James Elliott wrote:
Yes helm capabilities is a catalog of available capabilities of the connected cluster. A basic helm template authelia/authelia --values values.yaml without the --validate flag doesn't have these available and will render with traefik.io/v1alpha1 due to the fallback behavior as per below:
#
Source: authelia/templates/traefikCRD/ingressRoute.yaml
apiVersion
:
traefik.io/v1alpha1
kind
:
IngressRoute
metadata
:
name
:
release-name-authelia
labels
:
app.kubernetes.io/name
:
authelia
app.kubernetes.io/instance
:
release-name
app.kubernetes.io/version
:
4.38.8
app.kubernetes.io/managed-by
:
Helm
helm.sh/chart
:
authelia-0.9.0-beta2
spec
:
entryPoints
:
http
routes
:
kind
:
Rule
match
:
Host(
auth.example.com) && PathPrefix(/)priority
:
10
middlewares
:
name
:
chain-release-name-authelia
namespace
:
default
services
:
kind
:
Service
name
:
release-name-authelia
port
:
80
namespace
:
default
passHostHeader
:
true
strategy
:
RoundRobin
scheme
:
http
weight
:
10
responseForwarding
:
flushInterval
:
100ms
tls
:
certResolver
:
abc
domains
:
main
:
example.com
sans
:
abc.example.com
-
main
:
example2.com
-
sans
:
abc.example3.com
options
:
name
:
release-name-authelia
namespace
:
default
#
Source: authelia/templates/traefikCRD/middlewares.yaml
apiVersion
:
traefik.io/v1alpha1
kind
:
Middleware
metadata
:
name
:
forwardauth-release-name-authelia
labels
:
app.kubernetes.io/name
:
authelia
app.kubernetes.io/instance
:
release-name
app.kubernetes.io/version
:
4.38.8
app.kubernetes.io/managed-by
:
Helm
helm.sh/chart
:
authelia-0.9.0-beta2
spec
:
forwardAuth
:
address
:
'
http://release-name-authelia.default.svc.cluster.local/api/authz/forward-auth
'
trustForwardHeader
:
true
authResponseHeaders
:
'
Remote-User
'
-
'
Remote-Name
'
-
'
Remote-Email
'
-
'
Remote-Groups
'
#
Source: authelia/templates/traefikCRD/middlewares.yaml
apiVersion
:
traefik.io/v1alpha1
kind
:
Middleware
metadata
:
name
:
chain-release-name-authelia-auth
labels
:
app.kubernetes.io/name
:
authelia
app.kubernetes.io/instance
:
release-name
app.kubernetes.io/version
:
4.38.8
app.kubernetes.io/managed-by
:
Helm
helm.sh/chart
:
authelia-0.9.0-beta2
spec
:
chain
:
middlewares
:
name
:
forwardauth-release-name-authelia
namespace
:
default
#
Source: authelia/templates/traefikCRD/middlewares.yaml
apiVersion
:
traefik.io/v1alpha1
kind
:
Middleware
metadata
:
name
:
chain-release-name-authelia-auth-expert
labels
:
app.kubernetes.io/name
:
authelia
app.kubernetes.io/instance
:
release-name
app.kubernetes.io/version
:
4.38.8
app.kubernetes.io/managed-by
:
Helm
helm.sh/chart
:
authelia-0.9.0-beta2
spec
:
chain
:
middlewares
:
name
:
forwardauth-release-name-authelia-expert
namespace
:
default
#
Source: authelia/templates/traefikCRD/middlewares.yaml
apiVersion
:
traefik.io/v1alpha1
kind
:
Middleware
metadata
:
name
:
headers-release-name-authelia
labels
:
app.kubernetes.io/name
:
authelia
app.kubernetes.io/instance
:
release-name
app.kubernetes.io/version
:
4.38.8
app.kubernetes.io/managed-by
:
Helm
helm.sh/chart
:
authelia-0.9.0-beta2
spec
:
headers
:
browserXssFilter
:
true
customFrameOptionsValue
:
"
SAMEORIGIN
"
customResponseHeaders
:
Cache-Control
:
"
no-store
"
Pragma
:
"
no-cache
"
#
Source: authelia/templates/traefikCRD/middlewares.yaml
apiVersion
:
traefik.io/v1alpha1
kind
:
Middleware
metadata
:
name
:
chain-release-name-authelia
labels
:
app.kubernetes.io/name
:
authelia
app.kubernetes.io/instance
:
release-name
app.kubernetes.io/version
:
4.38.8
app.kubernetes.io/managed-by
:
Helm
helm.sh/chart
:
authelia-0.9.0-beta2
spec
:
chain
:
middlewares
:
name
:
headers-release-name-authelia
namespace
:
default
#
Source: authelia/templates/traefikCRD/tlsOption.yaml
apiVersion
:
traefik.io/v1alpha1
kind
:
TLSOption
metadata
:
name
:
release-name-authelia
namespace
:
default
labels
:
app.kubernetes.io/name
:
authelia
app.kubernetes.io/instance
:
release-name
app.kubernetes.io/version
:
4.38.8
app.kubernetes.io/managed-by
:
Helm
helm.sh/chart
:
authelia-0.9.0-beta2
spec
:
minVersion
:
VersionTLS12
maxVersion
:
VersionTLS13
cipherSuites
:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
-
TLS_RSA_WITH_AES_256_GCM_SHA384
— Reply to this email directly, view it on GitHub, or unsubscribe. You are receiving this because you authored the thread.Message ID: @.***>
The traefik CRD
traefik.containo.usis now deprecated in traefik V3 and causes everything to stop working if you try to upgrade. Authelia still has this old CRD referenced and since it's tucked away inside this helm chart, it's quite tricky to resolve.The new CRD
traefik.iois preferred.