Traefik does not respect ingressClass configuration

CullenShane commented 2 years ago

App Name

traefik

SCALE Version

22.02.0

App Version

2.6.6_11.3.0

Application Events

2022-04-30 19:50:13
announcing from node "ix-truenas"
2022-04-30 19:50:13
announcing from node "ix-truenas"
2022-05-07 13:18:59
Started container traefik
2022-05-07 13:18:59
Created container traefik
2022-05-07 13:18:55
Successfully pulled image "tccr.io/truecharts/traefik:v2.6.6@sha256:8772fcd592d130f68e61778553554c99a791bcf1ab609fdc276e978706048acd" in 6.313049424s
2022-05-07 13:18:49
Pulling image "tccr.io/truecharts/traefik:v2.6.6@sha256:8772fcd592d130f68e61778553554c99a791bcf1ab609fdc276e978706048acd"
2022-05-07 13:18:48
Started container hostpatch
2022-05-07 13:18:48
Created container hostpatch
2022-05-07 13:18:45
Container image "ghcr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583" already present on machine
2022-05-07 13:18:44
Started container autopermissions
2022-05-07 13:18:43
Created container autopermissions
2022-05-07 13:18:39
Container image "ghcr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583" already present on machine
2022-05-07 13:18:39
Add eth0 [172.16.22.189/16] from ix-net
Successfully assigned ix-traefik/traefik-67f9db8d89-gggm5 to ix-truenas
2022-05-07 13:18:36
Created pod: traefik-67f9db8d89-gggm5
2022-05-07 13:18:36
Scaled up replica set traefik-67f9db8d89 to 1
2022-05-07 13:18:33
Stopping container traefik
2022-05-07 13:18:33
Deleted pod: traefik-75657bbfb9-845d9
2022-05-01 22:31:51
Scaled down replica set traefik-75657bbfb9 to 0

Application Logs

2022-05-07 18:18:59.597436+00:00time="2022-05-07T13:18:59-05:00" level=info msg="Configuration loaded from flags."
2022-05-07 18:18:59.703926+00:00time="2022-05-07T13:18:59-05:00" level=error msg="Default TLS Options defined in multiple namespaces: [ix-traefik-internal ix-traefik]" providerName=kubernetescrd
2022-05-07 18:18:59.963778+00:00time="2022-05-07T13:18:59-05:00" level=error msg="middleware \"default-chain-basic@kubernetescrd\" does not exist" entryPointName=websecure routerName=librespeed-ingress-class-bug-ix-librespeed-ingress-class-bug-speedbug-glono-us@kubernetes
2022-05-07 18:19:16.077560+00:00time="2022-05-07T13:19:16-05:00" level=error msg="Default TLS Options defined in multiple namespaces: [ix-traefik ix-traefik-internal]" providerName=kubernetescrd
2022-05-07 18:19:16.078208+00:00time="2022-05-07T13:19:16-05:00" level=error msg="Default TLS Options defined in multiple namespaces: [ix-traefik ix-traefik-internal]" providerName=kubernetescrd
2022-05-07 18:19:16.079043+00:00time="2022-05-07T13:19:16-05:00" level=error msg="Default TLS Options defined in multiple namespaces: [ix-traefik ix-traefik-internal]" providerName=kubernetescrd

Application Configuration

Describe the bug

Traefik does not respect ingressClass when set, all instances of traefik all try to host all the ingresses.

Additionally, all ingress configuration is seen by all Traefik instances, not just from their own namespaces but from all namespaces.

To Reproduce

Install Traefik
In IngressClass check Enabled Also uncheck isDefaultClass
Deploy Traefik, validate it's running by attending port 9000
Deploy an app and configure ingress for your chosen app hostname, do not set ingressClass Name for the app
use curl to send a request to the IP of the ingress provider, setting the host header curl -H "Host: example.com" http://192.168.2.50/

Expected Behavior

The app should not be accessible via the Host header. But instead, the app is accessible.

In fact, the configured Host is now served by all traefi (what is the plural of traefik?) that have been installed.

Screenshots

n/a

Additional Context

As seen below, Traefik is not configured for ingress class with --providers.kubernetesingress.ingressclass=traefik

Additionally, traefik is not respecting namespace delineations between other copies of traefik as provided by:

--providers.kubernetescrd.namespaces=ix-traefik
--providers.kubernetesingress,.namespaces=ix-traefik

When I added these arguments to the deployments, all the traefiks (traefi?) started behaving .

root@disky[~]# k3s kubectl get deployment -n ix-traefik -o json | jq ".items | .[0].spec.template.spec.containers[0].args"
[
  "--global.checknewversion",
  "--entryPoints.main.address=:9000/tcp",
  "--entryPoints.metrics.address=:9180/tcp",
  "--entryPoints.web.address=:80/tcp",
  "--entryPoints.websecure.address=:443/tcp",
  "--api.dashboard=true",
  "--ping=true",
  "--metrics.prometheus=true",
  "--metrics.prometheus.entrypoint=metrics",
  "--providers.kubernetescrd",
  "--providers.kubernetesingress",
  "--providers.kubernetesingress.ingressendpoint.publishedservice=ix-traefik/traefik-tcp",
  "--entrypoints.web.http.redirections.entryPoint.to=:443",
  "--entrypoints.web.http.redirections.entryPoint.scheme=https",
  "--entrypoints.websecure.http.tls=true",
  "--log.format=common",
  "--metrics.prometheus",
  "--ping",
  "--serverstransport.insecureskipverify=true",
  "--providers.kubernetesingress.allowexternalnameservices=true"
]
root@disky[~]#

I've read and agree with the following

[X] I've checked all open and closed issues and my issue is not there.

PrivatePuffin commented 2 years ago

Thanks for both this and the PR! :) PR is merged and will be released next week with the weekly patches 👍

CullenShane commented 2 years ago

Thanks for both this and the PR! :)

PR is merged and will be released next week with the weekly patches 👍

Thanks! There are two PR, one for each bug. https://github.com/truecharts/library-charts/pull/56 and https://github.com/truecharts/apps/pull/2635

PrivatePuffin commented 2 years ago

@all-contributors please add @CullenShane for bug

allcontributors[bot] commented 2 years ago

@Ornias1993

@CullenShane already contributed before to bug

truecharts-admin commented 1 year ago

This issue is locked to prevent necro-posting on closed issues. Please create a new issue or contact staff on discord of the problem persists

truecharts / charts